Symantec Access Management

  • Private Community

  • 1.  Failed to load Custom Authentication Scheme

    Posted Sep 29, 2016 10:26 AM

    Version:SiteMinder #single-sign-on12.52 SP 02

    OS: Windows 2012.

     

    I am getting the following error message when I tried to get to the protected URL.

    On the browser I am getting the following Error message

    500: #Server Error [20-0004]

    500: Server Error [20-0004]

     

    In the Web Agent Logs, I see 

    [78504/78768][Thu Sep 29 2016 10:15:48][CSmLowLevelAgent.cpp:546][ERROR][sm-AgentFramework-00520] LLA: SiteMinder Agent Api function failed - 'Sm_AgentApi_IsProtectedEx' returned '-1'.
    [78504/78768][Thu Sep 29 2016 10:15:48][CSmProtectionManager.cpp:192][ERROR][sm-AgentFramework-00420] HLA: Component reported fatal error: 'Low Level Agent'.
    [78504/78768][Thu Sep 29 2016 10:15:48][CSmHighLevelAgent.cpp:423][ERROR][sm-AgentFramework-00420] HLA: Component reported fatal error: '#Protection Manager'.

     

    In the SMPS Logs, I see

    [2204/3472][Thu Sep 29 2016 10:07:43][SmAuthServer.cpp:339][ERROR][sm-Server-02940] Failed to query authentication scheme 'CRE_Auth_Scheme'

     

    My Custom Auth Scheme is

    Protection leve is 5

    Library is ArcotSiteMinderAdapter



  • 2.  Re: Failed to load Custom Authentication Scheme

    Posted Sep 29, 2016 02:20 PM

    Hi Somwya,

     

    Best way to troubleshoot this is by running policy server manually from command prompt and catching the sysouts/exception trace etc from JVM in the console.

     

    To do this, you can do following:

    1. Stop policy server

    2. Open command prompt and navigate to Policy server Bin directory.

    3. Run smpolicysrv

    4. Access the resource protected by custom auth scheme

     

    Now you should be seeing all the logs pertaining to JVM loading as well as any sysouts/exception trace from the custom auth scheme in the console.

     

    Cheers,

    Ujwol



  • 3.  Re: Failed to load Custom Authentication Scheme

    Posted Sep 29, 2016 02:23 PM

    Alternatively, you can also enable some custome logging to troubleshoot :

    http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec2985474.aspx 



  • 4.  Re: Failed to load Custom Authentication Scheme

    Posted Sep 30, 2016 08:24 AM

    Hi Ujwol,

    Thanks for responding...

    No luck running it manually either. I will check the tech document to see if that helps.



  • 5.  RE: Re: Failed to load Custom Authentication Scheme

    Posted Jul 20, 2022 11:27 AM
    Hi,

    Can we do the same thing to see the logs from linux box. We are using the custom Auth Schema and it is failing at some point. Not sure at which point it is failing.  Logs are not writing in SMPS as expected. Can someone help me to enable custom logging to see the complete transaction in logs.
    Original Message


  • 6.  Re: Failed to load Custom Authentication Scheme

    Posted Sep 30, 2016 08:33 AM

    So what do you see in the console?

    Have you implemented query() method as per the sample ?



  • 7.  Re: Failed to load Custom Authentication Scheme

    Posted Sep 30, 2016 08:50 AM

    Also can you share screenshot of ur auth scheme configuration in Admin UI?



  • 8.  Re: Failed to load Custom Authentication Scheme
    Best Answer

    Broadcom Employee
    Posted Sep 30, 2016 02:32 PM

    20-0004

    Reason:

    The Agent is unable to determine whether a resource is protected because the communication to the Policy Server failed.

    General error that does not mean communication failure – it’s a failure during isProtect processing

    Review the authentication scheme configured: ArcotSiteMinderAdapter

    Review the following post

    https://communities.ca.com/thread/241732462