Symantec Access Management

Hi All

I am trying to implement CA Advanced Auth integrated with CA SSO in Dev env.

Risk Minder , Strong Auth, Adapter are all installed on a single server while Policy server on another. 

CA SSO Policy server - 12.6

Risk Minder/ Auth Minder ver 8.2.1

CA webagent- 12.52 SP1

All Windows2012 R2.

I am following below link for setup:-

https://docops.ca.com/ca-advanced-authentication/8-2-1/en/installation/ca-adapter-installation/configuring-ca-single-sign-on-policy-server 

I am getting below error in PS Trace logs while trying to access HTML page protected using Custom Auth scheme.

"Reject s47/r2 : internal error - failed to obtain scheme credentials for scheme 'AAAuthScheme' "

I configured Custom auth scheme as below as per CA Guide.

Library = ArcotSiteMinderAdapter

Parameter = Name of the Adapter profile which I created.

Left Secret/Confirm Secret blank.

I came across this TechTip link yesterday Tech Tip - CA Single Sign-On:How to integrate CA SSO with CA Advanced Authentication@Tech Tip - CA Single Sign-On:How to integrate CA SSO with CA Advanced Authentication 

The TechTip states below-

"Copy adaptershim.ini from AFM_HOME/conf/afm folder to the following location on the system where CA Single Sign-On Policy Server is hosted: <ARCOT_HOME>/conf

Note :

In CA SSO 12.52 SP1 and 12.52 SP2 , <ARCOT_HOME> environment variable points to <PS_Install>/aas folder by default."

The problem is that Policy Server ver 12.6 does not have "aas" folder installed by design. Also no ARCOT_HOME variable. How to complete this setup with@ PS 12.6

Please help me resolving the above error.

Have you tried copying it to PS bin directory?

If that doesn't work, create ARCOT_HOME environment variable and point to any folder. Then create conf directory within it and place the file inside it.

Hi Ujwol

Thanks for prompt response.

I tried this- Copied adaptershim.ini file to <Siteminder>/config and set variable ARCOT_HOME to D:\CA\siteminder

Getting same error again-

Lookup][][][][][][][][][][][][][][][][][][][][][Look up a cached object.][][][][][0d-56226899-c320-4c58-b44c-dee1a8176aa3][][][][][][][][][]
[06/08/2017][14:02:49.474][14:02:49][1932][2552][SmAuthServer.cpp:339][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Server-02940] Failed to query authentication scheme 'AAAuthScheme'][][][][][][][][][][][][][][]
[06/08/2017][14:02:49.474][14:02:49][1932][2552][Sm_Az_Message.cpp:409][CSm_Az_Message::SendReply][][][][][][][][][][][][][][][][][][][][][Enter function CSm_Az_Message::SendReply][][][][][][][][][][][][][][]
[06/08/2017][14:02:49.474][14:02:49][1932][2552][Sm_Az_Message.cpp:828][CSm_Az_Message::FormatAttribute][s4/r4][agent][][][][AArealm][AADomain][][][][][][][][][][][][][Reject s4/r4 : internal error - failed to obtain scheme credentials for scheme 'AAAuthScheme'][Send response attribute 158, data size is 93][][][][][][][][][][][][][][]
[06/08/2017][14:02:49.474][14:02:49][1932][2552][Sm_Az_Message.cpp:828][CSm_Az_Message::FormatAttribute][s4/r4][agent][][][][AArealm][AADomain][][][][][][][][][][][][][][Send response attribute 146, data size is 0][][][][][][][][][][][][][][]
[06/08/2017][14:02:49.474][14:02:49][1932][2552][Sm_Az_Message.cpp:828][CSm_Az_Message::FormatAttribute][s4/r4][agent][][][][AArealm][AADomain][][][][][][][][][][][][][][Send response attribute 147, data size is 0][][][][][][][][][][][][][][]
[06/08/2017][14:02:49.474][14:02:49][1932][2552][Sm_Az_Message.cpp:598][CSm_Az_Message::SendReply][s4/r4][agent][][][][AArealm][AADomain][][][][][][][][][][][][][][** Status: Error. Reject s4/r4 : internal error - failed to obtain scheme credentials for scheme 'AAAuthScheme'][][][][][][][][][][][][][][]
[06/08/2017][14:02:49.474][14:02:49][1932][2552][Sm_Az_Message.cpp:602][CSm_Az_Message::SendReply][][][][][][][][][][][][][][][][][][][][][Leave function CSm_Az_Message::SendReply][][][][][][][][][][][][][][]
[06/08/2017][14:02:49.474][14:02:49][1932][2552][IsProtected.cpp:234][CSm_Az_Message::IsProtected][s4/r4][][][][][][][][][][][][][Reject s4/r4 : internal error - failed to obtain scheme credentials for scheme 'AAAuthScheme'][][][][][][][Leave function CSm_Az_Message::IsProtected, Failed to obtain scheme credentials.][][][0d-56226899-c320-4c58-b44c-dee1a8176aa3][][][][][][][][][][][]
[06/08/2017][14:02:49.474][14:02:49][1932][2552][Sm_Az_Message.cpp:380][CSm_Az_Message::ProcessMessage]

Hi Kshipra,

Kindly install Authentication Shim component to get Arcot folder on the policy server box.

--> Navigate to the directory where the CA-Adapter-8.2.1-Windows-Installer.exe file is located and double-click the file to run the installation wizard.

Select customize option
Select the Authentication Shim component.
By default, all components are selected for installation. Deselect the components that are not required.
The installer creates a folder that is named Arcot Systems in the installation location, and includes the Adapter files in this folder.

--> To deploy the properties files for CA Single Sign-On integration:

Copy adaptershim.ini from AFM_HOME/conf/afm folder to the following location on the system where CA Single Sign-On Policy Server is hosted: AFM_HOME/conf

Restart the CA Single Sign-On Policy Ser

Thanks,

Sharan

Is this resolved Kshipra ? We are also facing the same issue. Can you share some lights? 

Yes this is resolved now.

Regards,

Kshipra Sharma | IAM Engineer

(m) +91 9892724293

Identity:  Secure, Intelligent, Managed

On Tue, Oct 24, 2017 at 3:35 PM, techsarwan <

Thanks for your response. Can you share some idea, how it is resolved?