Alan Baugher

SPS /PROXYUI cannot login, 500 error  (with smpolicy-secure.xml)

Discussion created by Alan Baugher Employee on Nov 1, 2017

Team,

 

During an exercise to deploy the latest CA SSO SPS/Access Gateway, we noted a HTTP 500 error message.

 

While troubleshooting, we identified the root cause, and collected our notes below to share.

 

 

This may be similar to other community notes:

CA SSO R12.52 SP1: SPS /PROXYUI cannot login, 500 error 

 

 

After our investigation with the SSO PS logs, and the SPS AFF trace logs, we were able to determine that use of the secure configuration sample of smpolicy-secure.xml impacted the communication from the SPS to the SSO Policy Server.

      • Example:  $SMHOME/bin/XPSImport $SMHOME/db/smpolicy-secure.xml -npass -vT

 

 

Current Resolution:

    • Update the SM Policy Store for the ACO for SPS
      • Note:  the smpolicy-secure.xml will enable extra security features that will impact SPS to SSO communication.
      • Step1:   Add the agent name to the “DefaultAgentName” token of the ACO
      • Step 2:  Comment out the Token “#AgentName”  
      • Step 3:   For SPS use – Disable CSS Checking Token
      • Step 4:   For SPS use – Disable these four (4) tokens  [Note: #BadFormChars is usually already disabled]
      • Step 5:  For SPS use – Disable this token: “#ValidTargetDomain”

     

     

    ####  Additional notes ####

     

      • How to enable trace logging for SPS AFF service

     

     

  • End Result: ProxyUI Authentication Screen

 

After authentication to SPS/AG ProxyUI:

Note:  Address the above permission issue with this tech note:

https://support.ca.com/us/knowledge-base-articles.TEC1304259.html

 

 

 

 

 

Cheers,

 

A.

Outcomes