Layer7 Access Management

SiteMinder 12.52 base Policy Server terminates abruptly because of ACE authentication error

By Challa Ramakanth posted 04-02-2015 02:30 PM

  


Environment:

 

SiteMinder Policy Server Version: 12.52; Update: 00.00; Build: 142; CR: 00;

OS: Any supported platform

 

Synopsis:

 

Policy Servers randomly crashes and restarts, with a segmentation fault. The crash may be a result of using the ACE Authentication Scheme.

 

Analysis:

 

Analyzing the core dumps, the thread that crashed looks like:

 

#0  0x00b3c92d in pthread_cond_signal@@GLIBC_2.3.2 () from /lib/libpthread.so.0

#1  0x040b9729 in aceCB () from /opt/CA/siteminder/lib/libsmauthacehtml.so

#2  0x02041dd9 in DoCallBack () from /opt/CA/siteminder/lib/libaceclnt.so

#3  0x02044f43 in DelFromUserList () from /opt/CA/siteminder/lib/libaceclnt.so

#4  0x0203fde7 in ?? () from /opt/CA/siteminder/lib/libaceclnt.so

#5  0x020574e2 in pSD_WalkWorkQueue () from /opt/CA/siteminder/lib/libaceclnt.so

#6  0x0203f685 in MgtSendThread () from /opt/CA/siteminder/lib/libaceclnt.so

#7  0x00b38a49 in start_thread () from /lib/libpthread.so.0

#8  0x082dcaae in clone () from /lib/libc.so.6

 

Troubleshooting steps:

 

1. Try to gather the complete policy server profiler logs to see what the threads are doing last before the Policy Server crashes.

2. Look for any ACE authentication related messages.

3. Capture a pstack or a gdb output depending on the OS you are running on from the core file and see the thread to see what its doing. if it matches the above stack and you are on 12.52 base then you match this condition.

 

Solution:

 

This is a known issue and is fixed in 12.52 SP1 CR1 Policy Server release as bug fix # 64139. You should upgrade to that version if you notice the same stack of the exact thread which caused the crash.

1 comment
0 views

Comments

12-04-2015 09:57 AM

We have also noticed that there may be issues with the 8.1.2 version of the RSA ACE client which is on the policy server when on Linux based policy servers causing some issues with ACE Authentication and also with policy server stability. Please contact technical support in case you see any issues with either RSA ACE authentication or the policy server stability when using the above version.