Layer7 Access Management

Expand all | Collapse all

WAMUI and Policy Store Issue

Jump to Best Answer
  • 1.  WAMUI and Policy Store Issue

    Posted 09-21-2017 05:58 AM

    Hi all,

     

    We are facing the below issue in our R12.5 SiteMinder Env.

     

    Issue :

    Unable to view "User Directory- Add/Remove tab under General tab in Domain", "Realms tab" , "User tab under Policies in Domain" and "Rules tab" in WAMUI.

    (They are accessible/viewed fine via XPSExplorer).

     

    To troubleshoot we did-
    Step 1: We ran the XPSDDInstall individually for SiteMinder base definition files included under SmMaster.xdd.
    Step 2: We ran XPSDDInstall for IdmSmObjects.xdd as well.
    Step 3: We then imported the smpolicy.xml and smpolicy-secure.xml.

     

    While executing XPSDDInstall in Step 1: "XPSDDInstall SmObjects.xdd",
    SmObjects.xdd install failed and gave the below error.

    CA-XPS:DICT0047(ERROR) : Uniqueness of CA.SM::ResponseGroup.Name cannot be made mroe strict (line 3040).
    CA-XPS:DICT0047(ERROR) : Uniqueness of CA.SM::RuleGroup.Name cannot be made mroe strict (line 3268).

    We ignored the error and without any restarts of PS or AdminUI, tried accessing the AdminUI.
    Found that the, 'User Directory- Add/Remove tab under General in Domain' works fine now.

     

    But still the 'User tab under Policies in Domain', 'Realms' and 'Rules tab' in WAMUI were not visible and were throwing the errors as below.

    We suspected that, this XPSDDInstall partially resolved our issue, but not fully because SmObjects.xdd failed with the above error.
    After exploring the SmObjects.xdd, found that the Uniqueness parameter "Uniqueness=WithinParent" was causing this issue for the Rule Group and Response Group.
    We commented those parameters for Rule Group and Response Group in SmObjects.xdd and tried re-importing the SmObjects.xdd.
    This time it was a successful XPSDDInstall, but then again this didn't helped and the issue was still there (With the 'User tab under Policies in Domain', 'Realms' and 'Rules tab').
    Also noticed that this Uniqueness parameter "Uniqueness=WithinParent" for Rule Group and Response Group are already hashed out with the comment ## uniqueness handled by Index, in SiteMinder 12.6.
    Ours is SiteMinder 12.5.

     

    Could you please help and suggest where we should look and try to fix this issue now ?

     

    (Our Policy Store has some issues due to the corrupt objects and running XPS utilities throws a lot of error, but then these Policy Objects were always accessible via AdminUI, and it suddenly stopped working a week before only).

     

    Realm Tab Error:

     

    ERROR [ims.ui] (http-0.0.0.0-8080-10) com.netegrity.llsdk6.imsapi.exception.SmApiWrappedException com.ca.siteminder.xps.XPSException: Failed to fetch at least one of the objects

     

    Rule Tab Error:

     

    ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/iam/siteminder].[jsp]] (http-0.0.0.0-8080-10) Servlet.service() for servlet jsp threw exception com.ca.siteminder.xps.XPSException: Failed to fetch at least one of the objects

     

    User Tab Error:

     

    ERROR [ims.llsdk6.BaseRelationship] (http-0.0.0.0-8080-10) com.netegrity.llsdk6.imsapi.exception.SmApiWrappedException com.ca.siteminder.xps.XPSException: Failed to fetch at least one of the objects

     

    Regards,

    Anurag



  • 2.  Re: WAMUI and Policy Store Issue

    Posted 09-25-2017 07:18 AM

    Hi Anurag,

     

    Kindly try to install policy server and Adminui on another client server and point it to same CA Directory Policy Store.

    That's not the CA suggested solution for such issue but it worked in my case. Therefore, i hope it your environment too.

     

    Cheers,

    Shrawan



  • 3.  Re: WAMUI and Policy Store Issue
    Best Answer

    Posted 09-26-2017 02:17 AM

    Re-importing the data definitions individually, followed by a fresh install of Policy Server and WAMUI, did resolve this issue.

    But still the root cause is unknown.

    So was this an issue just with the Policy Server rather than Store or WAMUI ? As a fresh installation of PS resolved the issue.

    (Doing just a fresh install of WAMUI on an another instance doesn't resolves the issue).

     

    Regards,

    Anurag



  • 4.  Re: WAMUI and Policy Store Issue

    Posted 09-26-2017 04:50 AM

    Hi Anurag,

     

    I don't know what could have been the cause of the issue, and you may have opened a Support case for that, as this should need more troubleshooting to find the root cause, but sometimes files can get corrupted and re-installing Policy Server and WAMUI can solve that kind of issues.

     

    I am replying also because I read you have performed the following step:

     

    Step 3: We then imported the smpolicy.xml and smpolicy-secure.xml.

     

    Note that you only should have to import one of these files, as both contains the same data, but the smpolicy-secure contains more restricted settings for some objects. It depends on your security needs to choose one or another when setting the Policy Store:

     

    Configure a Policy Store - Import the Default Policy Store Objects

    Configure LDAP Directory Server Policy, Session, and Key Stores - CA Single Sign-On - 12.52 SP1 - CA Technologies Docume… 

     

    Best regards,

    Albert



  • 5.  Re: WAMUI and Policy Store Issue

    Posted 09-26-2017 08:36 AM

    Ok, Thanks Albert !

     

    Regards,

    Anurag