IWA + Federation Configuration Issues

Document ID:  TEC1405517
Last Modified Date:  08/08/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Single Sign-On

Components

  • SITEMINDER FEDERATION END POINT:SMFED
Issue:

We are facing issues while Federating via IWA from the IDP to an external SP

The issue occurs only with persistent sessions.

 

 

smps.log:

[2496/4800][Mon Sep 26 2016 11:12:56][IsAuthorized.cpp:70][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : UserNameIDValue.SP.21-7aac6f7f-ecab-4862-91ba-04632dbde4ed

[2496/4800][Mon Sep 26 2016 11:12:56][SmSessionServer.cpp:785][ERROR][sm-Server-06007] failed. Error code : 2

[2496/4800][Mon Sep 26 2016 11:12:56][IsAuthorized.cpp:70][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : UserNameIDFormat.SP.21-7aac6f7f-ecab-4862-91ba-04632dbde4ed

[2496/4800][Mon Sep 26 2016 11:12:56][SmSessionServer.cpp:785][ERROR][sm-Server-06007] failed. Error code : 2

[2496/4800][Mon Sep 26 2016 11:12:56][IsAuthorized.cpp:70][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : SessionIndex.SP.21-7aac6f7f-ecab-4862-91ba-04632dbde4ed

[2496/4800][Mon Sep 26 2016 11:12:56][SmSessionServer.cpp:785][ERROR][sm-Server-06007] failed. Error code : 2

[2496/4800][Mon Sep 26 2016 11:12:56][IsAuthorized.cpp:70][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : StateSLO.SP.21-7aac6f7f-ecab-4862-91ba-04632dbde4ed

 

[2496/4800][Mon Sep 26 2016 11:12:56][AssertionGenerator.java][ERROR][sm-FedServer-00130] postProcess() returns fatal error. Can not save the SLO information into session store.

Environment:
Policy server version is 12.52SP02CR01 SPS 12.52SP1
Cause:

You face this error because you've enable the "Windows User Security Context", and you're Web Server probably don't meet the requirements.

Resolution:

Turning off the option "Use Authenticated user's security context" in the AD User Directory definition resolves the issue

Additional Information:

Configuration Overview

Windows User Security Context Requirements 

 

 

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >