Layer7 Access Management

Expand all | Collapse all

Custom Auth Scheme error - CA Advanced Auth config with CA SSO

Jump to Best Answer
  • 1.  Custom Auth Scheme error - CA Advanced Auth config with CA SSO

    Posted 06-08-2017 04:55 AM

    Hi All

     

    I am trying to implement CA Advanced Auth integrated with CA SSO in Dev env.

     

    Risk Minder , Strong Auth, Adapter are all installed on a single server while Policy server on another. 

     

    CA SSO Policy server - 12.6

    Risk Minder/ Auth Minder ver 8.2.1

    CA webagent- 12.52 SP1

    All Windows2012 R2.

     

    I am following below link for setup:-

    https://docops.ca.com/ca-advanced-authentication/8-2-1/en/installation/ca-adapter-installation/configuring-ca-single-sign-on-policy-server 

     

    I am getting below error in PS Trace logs while trying to access HTML page protected using Custom Auth scheme.

    "Reject s47/r2 : internal error - failed to obtain scheme credentials for scheme 'AAAuthScheme' "

    I configured Custom auth scheme as below as per CA Guide.

    Library = ArcotSiteMinderAdapter

    Parameter = Name of the Adapter profile which I created.

    Left Secret/Confirm Secret blank.

     

    I came across this TechTip link yesterday Tech Tip - CA Single Sign-On:How to integrate CA SSO with CA Advanced Authentication@Tech Tip - CA Single Sign-On:How to integrate CA SSO with CA Advanced Authentication 

     

    The TechTip states below-

    "Copy adaptershim.ini from AFM_HOME/conf/afm folder to the following location on the system where CA Single Sign-On Policy Server is hosted: <ARCOT_HOME>/conf

     

    Note :

    In CA SSO 12.52 SP1 and 12.52 SP2 , <ARCOT_HOME> environment variable points to <PS_Install>/aas folder by default."

     

    The problem is that Policy Server ver 12.6 does not have "aas" folder installed by design. Also no ARCOT_HOME variable. How to complete this setup with@ PS 12.6

     

    Please help me resolving the above error.



  • 2.  Re: Custom Auth Scheme error - CA Advanced Auth config with CA SSO

    Posted 06-08-2017 07:04 AM

    Have you tried copying it to PS bin directory?


    If that doesn't work, create ARCOT_HOME environment variable and point to any folder. Then create conf directory within it and place the file inside it.





  • 3.  Re: Custom Auth Scheme error - CA Advanced Auth config with CA SSO

    Posted 06-08-2017 10:10 AM

    Hi Ujwol

    Thanks for prompt response.

    I tried this- Copied adaptershim.ini file to <Siteminder>/config and set variable ARCOT_HOME to D:\CA\siteminder

    Getting same error again-

    Lookup][][][][][][][][][][][][][][][][][][][][][Look up a cached object.][][][][][0d-56226899-c320-4c58-b44c-dee1a8176aa3][][][][][][][][][]
    [06/08/2017][14:02:49.474][14:02:49][1932][2552][SmAuthServer.cpp:339][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Server-02940] Failed to query authentication scheme 'AAAuthScheme'][][][][][][][][][][][][][][]
    [06/08/2017][14:02:49.474][14:02:49][1932][2552][Sm_Az_Message.cpp:409][CSm_Az_Message::SendReply][][][][][][][][][][][][][][][][][][][][][Enter function CSm_Az_Message::SendReply][][][][][][][][][][][][][][]
    [06/08/2017][14:02:49.474][14:02:49][1932][2552][Sm_Az_Message.cpp:828][CSm_Az_Message::FormatAttribute][s4/r4][agent][][][][AArealm][AADomain][][][][][][][][][][][][][Reject s4/r4 : internal error - failed to obtain scheme credentials for scheme 'AAAuthScheme'][Send response attribute 158, data size is 93][][][][][][][][][][][][][][]
    [06/08/2017][14:02:49.474][14:02:49][1932][2552][Sm_Az_Message.cpp:828][CSm_Az_Message::FormatAttribute][s4/r4][agent][][][][AArealm][AADomain][][][][][][][][][][][][][][Send response attribute 146, data size is 0][][][][][][][][][][][][][][]
    [06/08/2017][14:02:49.474][14:02:49][1932][2552][Sm_Az_Message.cpp:828][CSm_Az_Message::FormatAttribute][s4/r4][agent][][][][AArealm][AADomain][][][][][][][][][][][][][][Send response attribute 147, data size is 0][][][][][][][][][][][][][][]
    [06/08/2017][14:02:49.474][14:02:49][1932][2552][Sm_Az_Message.cpp:598][CSm_Az_Message::SendReply][s4/r4][agent][][][][AArealm][AADomain][][][][][][][][][][][][][][** Status: Error. Reject s4/r4 : internal error - failed to obtain scheme credentials for scheme 'AAAuthScheme'][][][][][][][][][][][][][][]
    [06/08/2017][14:02:49.474][14:02:49][1932][2552][Sm_Az_Message.cpp:602][CSm_Az_Message::SendReply][][][][][][][][][][][][][][][][][][][][][Leave function CSm_Az_Message::SendReply][][][][][][][][][][][][][][]
    [06/08/2017][14:02:49.474][14:02:49][1932][2552][IsProtected.cpp:234][CSm_Az_Message::IsProtected][s4/r4][][][][][][][][][][][][][Reject s4/r4 : internal error - failed to obtain scheme credentials for scheme 'AAAuthScheme'][][][][][][][Leave function CSm_Az_Message::IsProtected, Failed to obtain scheme credentials.][][][0d-56226899-c320-4c58-b44c-dee1a8176aa3][][][][][][][][][][][]
    [06/08/2017][14:02:49.474][14:02:49][1932][2552][Sm_Az_Message.cpp:380][CSm_Az_Message::ProcessMessage]



  • 4.  Re: Custom Auth Scheme error - CA Advanced Auth config with CA SSO
    Best Answer

    Posted 06-08-2017 11:39 AM

    Hi Kshipra,

     

    Kindly install Authentication Shim component to get Arcot folder on the policy server box.

     

    --> Navigate to the directory where the CA-Adapter-8.2.1-Windows-Installer.exe file is located and double-click the file to run the installation wizard.

    Select customize option
    Select the Authentication Shim component.
    By default, all components are selected for installation. Deselect the components that are not required.
    The installer creates a folder that is named Arcot Systems in the installation location, and includes the Adapter files in this folder.

     

    --> To deploy the properties files for CA Single Sign-On integration:

    Copy adaptershim.ini from AFM_HOME/conf/afm folder to the following location on the system where CA Single Sign-On Policy Server is hosted: AFM_HOME/conf

    Restart the CA Single Sign-On Policy Ser

     

    Thanks,

    Sharan



  • 5.  Re: Custom Auth Scheme error - CA Advanced Auth config with CA SSO

    Posted 10-24-2017 06:05 AM

    Is this resolved Kshipra ? We are also facing the same issue. Can you share some lights? 



  • 6.  Re: Custom Auth Scheme error - CA Advanced Auth config with CA SSO

    Posted 10-24-2017 06:37 AM
      |   view attached

    Yes this is resolved now.

     

    Regards,

     

     

    Kshipra Sharma | IAM Engineer

     

    (m) +91 9892724293

     

    Identity:  Secure, Intelligent, Managed

     

     

    On Tue, Oct 24, 2017 at 3:35 PM, techsarwan <



  • 7.  Re: Custom Auth Scheme error - CA Advanced Auth config with CA SSO

    Posted 10-24-2017 06:39 AM

    Thanks for your response. Can you share some idea, how it is resolved?