Layer7 Access Management

Latest Knowledge Base Articles for CA Single Sign-On [17/7/2017]

By Ujwol posted 07-17-2017 03:03 AM


Hello CA Single Sign-On Community Users,


Please find below the list of the latest Knowledge Base Articles  for Single Sign-On (Formerly CA SiteMinder)published or updated since 5th April 2017 for your reference:


What's the purpose of a Certificate Data Store (CDS) ? 
This technote gives guidance to understand the purpose of Certificate Data Store and other Stores.
Last Update: 2017-07-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1878895

After rebooting SPS, SPS doesn't listen on SSL Port. I need to start SSL manually to get SPS processing SSL request 
This technote discusses about a specific configuration on SPS and provides the solution
Last Update: 2017-07-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1944233

I don't find the ca_defaultconsentform.html file ! 
This technote discusses about a specific file location on SPS on Linux and it gives a sample of this file.
Last Update: 2017-07-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1398462

Is the Apache MPM Event supported with the Web Agent ? 
This technote discusses the supportability of a specific functionality on Apache when running with the Web Agent
Last Update: 2017-07-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1281124

Web Agent Option Pack reports error : "Tried out all the decrypt keys, decryption failed" 
This technote discusses about a specific problem with Web Agent Option Pack and Keys.
Last Update: 2017-07-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1385152

FCCForcelsProtected doesn't work ! 
This technote discusses about a syntax problem about one of the Web Agent ACO parameter
Last Update: 2017-07-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1114947

Is my Web Agent affected by the Apache CVE-2017-3167 vulnerability? 
This document clarifies concerns about the vulnerability and explains how you could be affected
Last Update: 2017-07-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1455085

When installing SPS in console mode on Linux the installation hangs with no error 
This document explains why this happens, and in which release it is solved
Last Update: 2017-07-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1333005

How can I force users to change password every 24 hours? 
This document shows how you can configure Password Services to make users change password after 24 hours
Last Update: 2017-07-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1596894

Invalid configuration: 'httpsports' has been specified more than once 
This tech note speaks about a specific error message when using httpsports ACO. Should be single value.
Last Update: 2017-07-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1941884

Web Agent crashes when the FQDN requested is more than 256 chars 
This technotes discusses about a limitation in hostname lenght, the problem it causes and its solution
Last Update: 2017-07-13    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1608399

RelayState Parameter Name is Case Sensitive 
This technote discusses about the syntax of the RelayState parameter.
Last Update: 2017-07-10    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1513302

OneView Monitor write tons of logs lines permanently in Tomcat stdout logs 
This technote discusses about a specific problem with OneView Monitor and Tomcat logging.
Last Update: 2017-07-06    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1317386

Differences in IssuerDN when importing a certificate through smkeytool 
This document explains how to solve this issue
Last Update: 2017-07-06    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1862475

SPS servers vulnerable to an XXE injection attack 
This document explains how you can configure SPS if affected by this vulnerability, and from which release this has been fixed
Last Update: 2017-07-06    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1887706

How to activate a WSFedRPtoIDP partnership using XPSExplorer ? 
In some situation, we can not activate a WSFedRPtoIDP partnership using the AdminUI, we try to activate it by using XPSExplorer and it works fine.
Last Update: 2017-07-06    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1202421

Do you have a table of MIB OIDs and their related description? 
This tech note provides a table of MIB OIDs and their related description
Last Update: 2017-07-06    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC565843

Difference between EPM vs Domain policy configuration for multi line attributes 
This tech note explain the difference between EPM vs Domain policy configuration for multi line attributes
Last Update: 2017-07-06    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC565903

No Database Driver are present after installing SiteMinder Policy Server on Windows 2008 R2 (64 Bits) 
This tech note explains why no Database Driver are present after installing SiteMinder Policy Server on Windows 2008 R2 (64 Bits)
Last Update: 2017-07-06    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC565840

Does Policy server supports TLSv1.1/TLSv1.2 protocol for LDAP connectivity with Policy Store/User Store 
Policy server support for TLS v1.1/1.2
Last Update: 2017-07-06    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC2147705

Issue with WS-Security Username and Password Digest authentication 
this tech note discusses a limitation when using WS-Security Username and Password Digest authentication. It can not be used with AD.
Last Update: 2017-07-05    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1172838

Federation GUID cookie has expiration of only 3 minutes 
This Tech note describes a limitation with the federation use case. Issue is fixed in 12.52SP1CR08.
Last Update: 2017-07-05    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1504468

Policy Server :: RSA / ACE : Did not continue to AceInit completion asynchAceRet = 23 
This technote discusses about a specific error when configuring RSA ACE authentication at the Policy Server ends, and it provides guide line to trouble shoot and fix the error.
Last Update: 2017-07-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC565904

Can we use Siteminder Test Tool to test Policy Servers load-balancing and failover ? 
This technote discusses about a specific usage of SmTest tool delivered with the Policy Server.
Last Update: 2017-07-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC565905

Policy Server :: The Last Key decoded to Null from the Keystore 
This technote discusses a specific error related with keys and gives path to solve it
Last Update: 2017-07-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC565906


Policy Server authenticate user in Active Directory even if the User must change its password. No redirection happens. 
This technote discusses about an internal problem with the Policy Server when users are in Active Directory.
Last Update: 2017-07-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1901049

SPS affwebservices/router/session resources vulnerable to an XXE injection attack 
This technote discusses a vulnerability to the federation services on SPS and the fix available for it.
Last Update: 2017-07-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1317181

Policy Server crashes on RpcDispatcher::evalCall 
This technote discusses about an internal problem in the Policy Server when modifying data to federation partnership. It gives its solution.
Last Update: 2017-07-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1690534

Embeeded Apache version for Agent for SharePoint 12.52SP1CR07. 
This technote gives the embeeded component version for Agent for SharePoint
Last Update: 2017-07-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1911525

When trying to create an affiliate domain in FSS UI we cannot as it fails with a popup: "Permission to modify this object was denied." 
This document details in which version this issue is solved, and some details on FSS UI usage
Last Update: 2017-07-03    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1407135

Should we use start-all script to start the Policy Server if we are not using Session Assurance ? 
This tech note speaks about the different ways to start the Policy Server on UNIX
Last Update: 2017-07-03    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1848748

I'm running a Web Agent, and when a given user is requested to change its password, it gets in the browser the result of the login.unauth instead of getting the Password Change page. 
This technote discusses about a specific problem Web Agent has to handle properly the redirect to the Change Password page when User Store is Active Directory
Last Update: 2017-06-30    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1288394

MaxSessionCacheSize ACO parameter is not working as expected 
This document explains a problem you can find in specific release, why it happens and how to solve it
Last Update: 2017-06-29    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1002317

Policy server fails to start with LDAP_ADMINLIMIT_EXCEEDED when using CA directory as Policy Store 
Unable to search and fetch more data entries from the Data Store when starting the policy server with CA directory as Policy store
Last Update: 2017-06-28    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1023169

SPS URLHandling: SPS intercepts the space or its unicode value %20 as bad character in the URL 
This tech not explain the SPS behavior as compare as standard apache WA behavior
Last Update: 2017-06-28    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1815824

Federation transaction not working : SmJavaAPI: Error finding class ActiveExpressionContext 
This tech note explain one of the reason why Federation transactions could fail.
Last Update: 2017-06-28    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1247373

Unable to start application protected by a custom agent in Weblogic. 
This tech note explains one of the reason why we can not start an application protected by a custom agent in Weblogic. Problem of FIPS mode..
Last Update: 2017-06-28    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1299728

Uninstalling WAOP, I get error : Windows Error 2 occured while loading Java VM 
This technote discusses about a specific error when uninstalling the Web Agent Option Pack on Windows OS
Last Update: 2017-06-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1860229

Policy Server is not generating the metrics to APM Introscope provider related to specific User Store 
This document explains in which situation this can happen and how we can solve it
Last Update: 2017-06-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1941829

How to remove the "javax.xml.bind.JAXBException: Unable to locate for package" warning from the logs when deploying FWS in WebLogic 
This document details steps to avoid these messages to appear in the logs to help sysadmins to keep clean log files.
Last Update: 2017-06-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1054749

SPS service fails to start 
SPS fails with logged errors. [mpm_worker:warn] [pid 3458:tid 4151666432] AH00291: long lost child came home! (pid 4307) [mpm_worker:notice] [pid 3458:tid 4151666432] AH00295: caught SIGTERM
Last Update: 2017-06-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1093399

systemctl and Web Agent startup settings for Red Hat Apache Web Server 2.4.x 
This article explains how to setup Web Agent for Red Hat Apache Web Server 2.4.x/RHEL 7. It needs a special care of /etc/sysconfig/httpd and
Last Update: 2017-06-23    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1340867

Red Hat 7 Apache 2.4 startup fails when SSO Web Agent is installed - fails to load Kerberos module
This expands on TEC1340867 and explains the Kerberos module issue and solution.
Last Update: 2017-06-23    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1859038

The sequence of Kerberos Authentication. 
How does it work CA SSO kerberos authentication.
Last Update: 2017-06-23    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1543943

Locked User still can login into the application 
This technote discusses about a problem at the Policy Server level which allows locked account to login further, and it gives its solution.
Last Update: 2017-06-22    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1476557

Solaris X86_64 WebAgent fails with error "Duplicate LLAWP processes not allowed, exiting." 
This technote discusses about a specific error on Web Agent on SunOS, and gives its solution.
Last Update: 2017-06-22    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1311992

SmAgentConfig.removeAgentConfigProperties() method does not remove ACO properties that are commented out 
This technote discusses about a problem with SDK API to manage Policy Store objects and gives its solution
Last Update: 2017-06-22    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1403809

BadCSSChars ACO parameter is not working when parameter value contains a single quote character (') 
This document details why this is happening and how to modify the BadCSSChars values to solve this issue
Last Update: 2017-06-22    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1958813

AdminUI performance is slower for Federation Partnerships and Certificate management 
This document shows how to solve this slowness problem
Last Update: 2017-06-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1550497

Error creating Certificate Database 
This technote details how to solve a specific error while creating a certificate DB on the Policy Server
Last Update: 2017-06-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1350521


Policy Server is restarting when there are changes in the Policy Store 
This document relates to a known issue which can affect Policy Servers index rebuild and how to solve it.
Last Update: 2017-06-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1115631

Getting the error "(CIMSDsLdapProvider::SetSelfSubscribingGroupBehavior) No property sections found" after integrating CA SSO/Siteminder with CA Identity Manager 
This document shows why this happens, which symptoms you can see, and how to solve the issue.
Last Update: 2017-06-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1024697

The difference of "ADD" and "Merge" in Policy Store Data. 
How is the difference of "ADD" and "Merge" ?
Last Update: 2017-06-20    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1811125

Error "Flexeraax0$aaa: Windows DLL failed to load" when trying to install Web Agent 
This document explains why this error is occurring and which steps must be taken to solve this and be able to install the Web Agent.
Last Update: 2017-06-20    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1765216

FastCGI application with Webagent / Apache goes in to the zombie/defunct state on exit. 
This tech note speaks about FastCGI application integration with Webagent on Apache that goes in to the zombie/defunct state on exit
Last Update: 2017-06-17    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1203724

How does the Web Agent determine the web server version when writing this Web Agent log line : "SiteMinder APACHE 2.2 WebAgent, Version 12.52 QMR01, Update HF-06, Level 2009" ? 
This technote discusses internal functionality of the Web Agent
Last Update: 2017-06-16    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1056496

Agent for SharePoint sometimes printing Unknown SiteMinder WebAgent in the error log header 
Roughly half of the time, the Sharepoint Agent is showing and "Unkown agent" header
Last Update: 2017-06-16    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1388091

Getting the error FAILED_INVALID_RESPONSE_RETURNED when enabling SLO on a working Federation Partnership 
This document covers what is the first thing to check in order to solve this error when configuring SLO
Last Update: 2017-06-16    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1293434

Password expired in Active Directory allows Authentication and Authorization 
SiteMinder is authenticating and authorizing the user even if the password is expired in the Active Directory when Password Policy enabled at the AD end
Last Update: 2017-06-16    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1618076

Unable to preserve POST data on Webagent with cookie provider 
This tech note explains how to fix a problem with POST Data Preservation with cookie provider
Last Update: 2017-06-16    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1414336

javax.faces.el.EvaluationException: Exception getting value of property UserDirectories is obtained when adding a new directory to an existing domain 
When having more than 90 user directories, trying to add a new user directory to a new directory to a domain results in Adminui throwing an error
Last Update: 2017-06-15    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1980857

How can I fix the Apache Commons Collection 3.1 Java object de-serialisation vulnerability if I have CA SSO 12.52 SP1? 
CA SSO 12.52 uses Apache Commons Collection version 3.1 in the Policy Server, Admin UI and Secure Proxy Server. This addresses how to correct the deserialization vulnerability
Last Update: 2017-06-15    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1857407

AdminUI returns error when creating Identity Mapping : Fatal: Failed to execute CreateIdentityMappingEvent. ERROR MESSAGE: SmApiWrappedException:Insufficient rights 
This document explains why this error occurs when trying to create an Identity Mapping in AdminUI, and how to solve it.
Last Update: 2017-06-15    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1343341

Can SiteMinder session cookies be configured to be issued with the Secure flag? 
This document explains how you can configure your ACO to enable the Secure flag in the session cookies.
Last Update: 2017-06-15    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1191471

When using a DNS alias for the AdminUI we are always redirected to hostname 
This document explains why this is happening and how to solve this issue to be able to access AdminUI with embedded JBoss using a DNS alias
Last Update: 2017-06-15    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1212558

Should I need specific rights to install Web Agent on Windows? 
This technote discusses about a specific requirement when installing Web Agent on Windows
Last Update: 2017-06-15    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1108696

X.509 Cert authentication fails returning the error NO_CERTMAP_OBJECT 
This document explains the meaning of the NO_CERTMAP_OBJECT error message and how to solve it.
Last Update: 2017-06-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1344561

Is X11 library required? 
X11 library is required on a machine of Policy Server since policy server administrative console is executed on the machine of Policy Server.
Last Update: 2017-06-09    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1154295

Two ways to log off a user 
This explains two ways to log off a user.
Last Update: 2017-06-09    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1842221

LLAWP: Received local configuration update 
This tech note describes when we would see the following message in the Webagent traces : LLAWP: Received local configuration update
Last Update: 2017-06-08    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1440582

Configure the r12.6 FSSAdminUI on Windows 
How to configure the FSSAdminUI on an r12.6 Policy Server on a Windows Server.
Last Update: 2017-06-07    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1449824

Object # has parent #, which does not exist. 
CA SSO Policy Store on LDAP returns orphaned object errors when XPSValidation is run. XPSValidation automatically runs when most XPS Tools are run. 
Last Update: 2017-06-07    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1109274

ServletExec modules are still contained in Policy Server r12.6 unexpectedly. 
This explains incorrect modules contained in PS 12.6.
Last Update: 2017-06-06    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1231149

configuring policy server tracing
Last Update: 2017-06-05    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1482447

"Allow Protection Override" checkbook on the custom authentication-scheme. 
Documentation topic, "custom-authentication-schemes" describes Allow Protection Override" checkbook on the authentication-scheme. 
Last Update: 2017-06-05    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1674413


Use of SM_SSO_ZONE_NAME with ASA Agent on WebLogic 
This technote gives specific steps to configure SM_SSO_ZONE_NAME with ASA Agent for WebLogic
Last Update: 2017-06-02    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1597376

ASA Agent for WebSphere and ACO Parameters SSOZoneName and SSOTrustedZone 
This technote discusses about the supportability of some specific ACO parameter on the ASA Agent for WebSphere
Last Update: 2017-06-02    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1074307

Access to SiteMinder download page returns error "This solution belongs to a product for which you do not have an active license" 
This technote discusses about specific error when accessing SiteMinder download page.
Last Update: 2017-06-02    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1281969

Web Agent Option Pack return 403 when Service Provider has accentuated character 
This technote discusses about configuration needed on third party when accentuated characters are in use in federation data
Last Update: 2017-06-02    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1925929

How to use the WADL file provided when protecting WebServices with REST interface to generate automatic Java Client Classes ? 
This document describes how to use the WADL file provided when protecting WebServices with REST interface to generate automatic Java Client Classes. We provide an XSD schema that would need to be use in the Java (JERSEY) generator.
Last Update: 2017-05-31    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1800602

On Linux, running the command "smpolicysrv -stats" returns "The specified server is not currently running." 
This explains another symtom of TEC456063: running smpolicysrv -stats or -publish returns "The specified server is not currently running." (Legacy_Onyx KB Id: 176999).
Last Update: 2017-05-31    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1730901

Registring Agent for JBoss, I get the error "Unsupported algorithm, MD5, selected for FIPS140 mode: FIPS140" 
This technote discusses about a problem on Agent for JBoss when registring the agent with the Policy Server
Last Update: 2017-05-30    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1756665

I don't see IdleTimeout Reason when the Web Agent is configured for webappclientresponse 
This technote discusses about some specific configuration needed when configuring webappclientresponse ACO parameter
Last Update: 2017-05-30    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1133821

Apache instance doesn't start and reports error "create child process failed. Exiting" 
This technote discusses about a specific issue when running Web Agent on Apache on Windows OS.
Last Update: 2017-05-30    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1212876

AdminUI : Getting "An error occurred while displaying this page" error when trying to set a User Context variable on a Domain 
This document shows a workaround for this error, and how you can solve this issue.
Last Update: 2017-05-30    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1706946

Failed to get the DD Reference for an Attribute 
We are unable to access some or all of the functionality of Federation in the AdminUI. 
Last Update: 2017-05-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1034861

Messages output by performing XPSExport 
As long as you get Complete message (without FATAL and ERROR) and get an xml file, it is likely the export was successful. 
Last Update: 2017-05-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1279406

About the difference of file descriptors messages in smps.log. 
When seeing smps.log, two message contents are appeared about file descriptors.
Last Update: 2017-05-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1674795

The meaning of file descriptors messages in smps.log. 
What is the difference of 'Maximum number of file descriptors' and 'Available file descriptors' in smps.log ?
Last Update: 2017-05-25    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1792227

Assertion encryption displays an error on the IDP side if the certificates contain non-ASCII characters in IssuerDN. 
This Tech note discussed a fix provided in 12.51CR10 regarding Encyption assertion
Last Update: 2017-05-25    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1698116

Policy Server generate a core on restart with PS 12.52SP1CR05 
Policy Server generate a core dump upon stopping with PS 12.52SP1CR05. Issue has been fixed in next release (12.52SP1CR06)
Last Update: 2017-05-25    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1882768

Apache crash at startup with Webagent 12.51CR07 and 12.52SP1CR04 
Randomly apache crash at startup with Webagent 12.51CR07 and 12.52SP1CR04. Issue has been fixed in next release
Last Update: 2017-05-25    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1696312

Where is the smobjexport command gone ? 
This technote discusses about modification on the available commands shipped with the Policy Server
Last Update: 2017-05-25    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1721698

Question on running multiple WebAgents on one Apache server 
Apache supports for multiple ACO setting.
Last Update: 2017-05-24    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1882594

Troubleshooting a missing library for the CA Single Sign-On (SiteMinder) Policy server and Webagent installation on LINUX with the ldd command. 
How to find the missing prerequisite, installation library. 
Last Update: 2017-05-24    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1341823

How to view the CA Single Sign-On (SiteMinder) Policy server and WebAgent environmental variables with the UNIX/LINUX env and printenv commands. 
Examples of the environmental variables displayed by the UNIX/LINUX env command when troubleshooting the Single Sign-On (SiteMinder) policy server and WebAgent.
Last Update: 2017-05-24    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1795091

Backslash character ‘\’ (0x5C) in a form can be detected by BadFormChars 
If a backslash character [\] is set to BadFormChars, does Web Agent block both of [\] and [%5c] in the form data?
Last Update: 2017-05-23    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1447818

Administrative UI :How to increase the request time out 
How to increase the request time out for the Admin UI request to Policy server
Last Update: 2017-05-19    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1609018

"Duplicate entry detected" and "Failed to create key" ERRORS (i.e. ObjectCalss=xpsKey) 
It is caused by duplicate ObjectClass xpsKey.
Last Update: 2017-05-18    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1011896

Web Agent Configuration wizard does not detect OHS instance 
Web Agent Configuration wizard does not detect OHS instance if the OHS instance is not installed in the default OHS instances directory
Last Update: 2017-05-18    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1045958


Agent install GUI fails to start 
When trying to install the web agent CR08 or CR10 (64bit) on Windows 2008 R2 64bit with IIS 7.5, the GUI never starts and the install log file indicates a java stack overflow error.
Last Update: 2017-05-17    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1251197

Login Response times are high on SP Policy servers in Production 
After upgrading the Policy server from R12.52 SP1 to R12.52 SP1 CR6 WILY is reporting response time increasing over time. R12.52 SP1 responses time average around 200 ms before, after the upgrade response time continue to increase above 400ms.
Last Update: 2017-05-16    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1049671

Troubleshooting Policy server and WebAgent with Unix command netstat. 
This is a helpful Unix command you can use with CA SSO
Last Update: 2017-05-15    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1237403

File Downloads Slow when processed through Secure Proxy Server 
An application that is protected by SPS is experiencing the following: A web server allows users to download a file from AWS (around 50 MB). When users try to download a file from a SPS protected URL, it will take around 2 minutes for it to complete. When
Last Update: 2017-05-12    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1473639

Policy Server Crashes with Stack at CSmContextContainer::GetContext 
This technote discusses about a know issue fixed in 12.51CR04 and 12.52SP1CR01 when Policy Server crashes by executing active expression and response in federation journey
Last Update: 2017-05-10    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1287397

SPS Agent Returns Error : AcceptSecurityContext returned : 0x80090311 
This technote discusses about a specific error when configuring SPS Agent to do NTLM authentication
Last Update: 2017-05-10    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1474226

Web Agent Installer Reports Error "Unable to find opmn.xml file" 
This technote discusses about a specific error occuring by configuring the Web Agent with Oracle HTTP Server
Last Update: 2017-05-10    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1610937

What's the meaning of log line "Server State transition from INACTIVE to INTER" ? 
This technote discusses the meaning of process state from Web Agent logs.
Last Update: 2017-05-10    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1814175

Last Update: 2017-05-05    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC491891

DMS API: Bad password count being updated. 
Bad password count being updated using DMS API
Last Update: 2017-05-05    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC499226

Web Agent not failing back to recovered Policy Servers 
This document explains why a Web Agent could not failback to first Policy Servers defined in HCO, if they were unreachable during Web Agent initialization.
Last Update: 2017-05-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1598086

ACO BadURLChars doesn't block /%2F from URL, request gets 404 from Apache instead of 500 
This technote discusses about a specific behavior with BadURLChars Web Agent ACO 
Last Update: 2017-05-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1110205

How to generate Application Server Agent logs/traces (TAI)? 
This Tech note describes how to generate Application Server Agent logs/traces (TAI)?
Last Update: 2017-05-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC563489

Support for TLS 1.1 and TLS 1.2 on CA Access Gateway (formerly CA Secure Proxy Server) 
support for TLS1.1 and TLS 1.2 on SPS; do we support TLS 1.1 and TLS 1.2 on SPS ?
Last Update: 2017-05-03    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1873991

Support for TLS 1.1 and TLS 1.2 on CA Agent for SharePoint 
SSL protocol support for SPA
Last Update: 2017-05-03    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1697623

SiteMinder :: Kerberos : HttpServicePrincipal and SmpsServicePrincipal 
This technotes discusses about some Web Agent parameter format for Kerberos authentication
Last Update: 2017-05-03    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC575562

Another option to resolve the proxyui error "Error: Exception User might not have required permissions to get group information". (Additional information to TEC1304259) 
This article explains another resolution for the error stated in TEC1304259.
Last Update: 2017-05-01    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1634494

500 error after kill command of the LLAWP process 
This tech note explains why do we receive a 500 error when killing the LLAWP process on Linux
Last Update: 2017-04-28    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1552244

Getting 500 error when trying to post SOAP docs when Transfer-encoding is chunked after upgrading to Apache 2.4 and WSS 12.52SP1 
This tech note speaks about an issue fixed in R12.52 SP1 CR05
Last Update: 2017-04-28    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1496968

Password Services Does Not Work on Apache. 
This document describes extra configuration details required to have PWS working with Apache
Last Update: 2017-04-28    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1835876

XCart with Replace mode does not replace trusted host object when performing XPSImport. Error Duplicate value 
Replace mode matches on XID rather than the name of the trusted host object. This is expected behavior.
Last Update: 2017-04-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1373875

How to resolve a "403.4 - Forbidden" error at the browser on an IIS8.5 Web Server with the R12.52 SP1 CA Single Sign On Web Agent installed. 
This article explains how to resolve a "403.4 - Forbidden" error on an IIS 8.x Web Server that results in the CA Single Sign On Agent to fail to generate any logs. 
Last Update: 2017-04-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1398264

Do I need the exact required Linux libraries for 12.52 SP1 apache agent installation as indicated in the guide? 
This document clarifies the Linux required libraries for an Apache webagent upgrade on RedHat 5
Last Update: 2017-04-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1729414

What is the format of the smaccess.log? 
This tech not explains what is the default format of the smaccess.log?
Last Update: 2017-04-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC511548

How to Enable SPS logs 
How to Enable Secure Proxy Logging to help troubleshoot
Last Update: 2017-04-25    Size: 82 kb    Type: Knowledge Base Articles    ID: TEC1528615


Policy Server does not fail back properly. 
When policy stores are deployed as redundancy, fail back does not work properly.
Last Update: 2017-04-25    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1991177

Can not access to AdminUI using SSL/TLS. 
When accessing to AdminUI using https, but redirected to non TLS (http) URL.
Last Update: 2017-04-25    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1036131

WebAgent reject encoded request contained "%c0". 
Although customer set "no" to "DisallowUtf8NonCanonical", WebAgent reject URL encoded query contained "%b".
Last Update: 2017-04-25    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1378153

Actions are not registered in AgentType. 
When I tried to register WebAgent actions in AdminUI, they are not displayed.
Last Update: 2017-04-25    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1764799

Multiple log files are created at the time (00:00) of rotating audit logs 
When smaccess.log is rotated, 7 new rotated files are created.
Last Update: 2017-04-25    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1428697

secureURLs can not encode hash(#) string. 
Despite setting "yes" to SecureURLs in ACO, hash ("#") is not encoded.
Last Update: 2017-04-25    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1763229

Oracle LDAP bad password count not reset on successful authentication 
If there is a mapping between AD for Authentication and Oracle LDAP for Authorization and Authentication, resetting the bad password counter does not reset it in Oracle
Last Update: 2017-04-24    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1052558

"This site is not secure" is displayed 
SSL communication is performed between a Web server and a web browser, The certificate which SiteMinder has does not involve. 
Last Update: 2017-04-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1204465

sps-ctl restart script is not loading changes done in server.conf and proxyrules.xml files 
This document explains why the sps-ctl script cannot load any change done in server.conf or proxyrules.xml, and what it is the actual usage of this script, and how to restart taking these changes into account.
Last Update: 2017-04-20    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1270652

The sequence of communication between WebAgent and Policy Server. 
How does WebAgent communicate with Policy Server ?
Last Update: 2017-04-20    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1001487

Adminui Crashing Intermittently on Solaris 
This document describes an issue that was observed where Siteminder AdminUI was crashing intermittently
Last Update: 2017-04-19    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1738772

Is there any impact on CA Single Sign-On when Japanese era name changed? 
There is no impact when the era name is changed since Japanese calendar is not used in the product.
Last Update: 2017-04-19    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1517326

Understanding Policy Server and Web Agent Caches 
Component of Policy Server and Web Agent Caches
Last Update: 2017-04-18    Size: 82 kb    Type: Knowledge Base Articles    ID: TEC1172843

Why can we re-use SMSESSION cookie after Logout ? 
This tech note speaks about SMSESSION cookie and the fact that it is still valid after logoff.
Last Update: 2017-04-18    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1286571

When accessing to WebAgent by multi threads, Policy Server output HandShake errors. 
When increasing 'StartServers' value and accessing to WebAgent by multi threads, WebAgent send RST packets to Policy Server and Policy Server output HandShake errors. 
Last Update: 2017-04-18    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1078762

SMSESSION Cookie for Unprotected Realm 
This article explains SMSESSION cookie issuing function.
Last Update: 2017-04-18    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1819257

FMATTR doesn't work for User Attribute Mapped Experssions 
FMATTR prefix for use in printing out multi-value attributes as separate assertion attributes, rather than one carrot (^) delineated single line does not work for User Store Attribute Mapping expressions. 
Last Update: 2017-04-13    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1537107

Remove Tomcat Version Info from SPS Error Page 
How to remove Tomcat
Last Update: 2017-04-13    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1741883

Unable To Load Certificate - SPS https issue with Back End Server 
This document describes an issue where SPS had issues connecting with backend server using TLSv1.3
Last Update: 2017-04-13    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1301348

Time-out interval elapsed, but the event's state is nonsignaled 
This document explains why this message appears in Apache logs, and how to disable it.
Last Update: 2017-04-13    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1103263

How to remove SMSESSION logging in Apache access.log and IIS logs ? 
This tech note discuss on how to remove logging of SMSESSION in the apache access.log and IIS log ?
Last Update: 2017-04-12    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1219649

Is there limitation on the number of realms and rules created? 
There is no limitation clearly defined in design. However, there should be a limitation of hardware, OS, memory, etc. 
Last Update: 2017-04-12    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1788323

What is the Purpose of from Body Section in SPS WS Auth/AZ ? 
This technote discusses about specific parameter for WS Auth/Az Service.
Last Update: 2017-04-11    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1294671

Start and Stop the Policy Server Process on a UNIX System 
policy server unix 
Last Update: 2017-04-11    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1395977

Policy Server 12.52SP1 write Log Message "Evaluation period has expired" 
This technote discusses about importance of a specific error message that might show up in the Policy Server logs.
Last Update: 2017-04-11    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1245301


Start and Stop Policy Server Services on Windows Systems 
Policy Server Windows Services
Last Update: 2017-04-07    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1172782

Where Can we Find CAPKI Documentation? 
We can not find any public documentation on CAPKI formerly known as ETPKI
Last Update: 2017-04-07    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1350033

Java SDK Agent Initialization Delays 
java custom agent is taking about 3 seconds for initialization
Last Update: 2017-04-07    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1197721

Force Password Change Sometimes does Not Work 
when user is redirected to the change password page, he gets redirected to the login page while trying to change the password
Last Update: 2017-04-07    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1730092

Starting Policy Server a Popup tells me that a Specific dll is either not designed to run on Windows or it contains an Error
This technote discusses about a technique to verify a file when a specific error message shows up on Windows Systems
Last Update: 2017-04-07    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1660397

What's the expected Syntax of the Registry Key KeepAgentConnections when configuring the Registry on Unix / Linux Policy Server ? 
This technote gives precision about writing a specific key in the Policy Server registry file on Unix Linux
Last Update: 2017-04-07    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1569237

AdminUI Read Only Administrator cannot see the Identity Manager Roles in a Policy 
This technote discusses about a limitation in the usage of AdminUI and Identity Manager objects.
Last Update: 2017-04-07    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1839654

When IDP generates the SAML assertion with a set of attributes we would like to send the same attributes in different HTTP Request Headers. 
This Knowledge Document explains how to pass SAML assertion attributes as HTTP Headers. 
Last Update: 2017-04-07    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1606775

FCC redirection when URL containing special characters like 'ä' is accessed. 
This KB article explains why accessing URL containing special chars fails during the login using form FCC. This is due to a bad encoding setting
Last Update: 2017-04-07    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1716583

In using Apache 'Prefork' MPM mode, Policy Server output HandShake Errors. 
When accessing by multi threads per second, Policy Server output HandShake Errors.
Last Update: 2017-04-07    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1385383

Behavior of Form authentication when login_sample.fcc exists 
On the behavior of Form authentication when login_sample.fcc exists. login_sample.fcc is used instead of login_ja-JP.fcc. It happens when "localization=yes".
Last Update: 2017-04-07    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1126024

How to specify multiple pairs of method and URI to the ACO parameter OverlookSessionforMethodURI 
This explains the usage of OverlookSessionforMethodURI.
Last Update: 2017-04-06    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1701486



Please note that you can always access the full list going to the following link:

CA Single Sign-On 


Best Regards,

Ujwol Shrestha

Principal Support Engineer

CA Technologies