Layer7 Access Management

Expand all | Collapse all

Using  AD LDS 2016 as policy store for SiteMinder 12.8 policy server

  • 1.  Using  AD LDS 2016 as policy store for SiteMinder 12.8 policy server

    Posted 08-14-2018 11:45 AM

    We are installing SiteMinder 12.8 on Windows Server 2016. When setting up AD LDS 2016 as the policy store database, we receive the following error:

     

    The super user could not be saved in the policy store.
    Failed to create the super user account.

     

    Manually running the smreg -su command results in the same error.

     

    When we run the smldapsetup status -v command, the directory server is being returned as 'Default LDAP' instead of 'Active Directory Application Mode' or 'Active Directory Lightweight Directory Services'

     

    We are unable to proceed with our installation until this issue is resolved.

     

    Has anyone experienced this issue before and overcome it? Please advise.

     

    Thanks,

    Jaime



  • 2.  Re:  Using  AD LDS 2016 as policy store for SiteMinder 12.8 policy server

    Posted 08-14-2018 11:59 AM

    Jamie JaimeBritton62352722

     

    Are we manually configuring OR using the Configuration Wizard.

     

    There was an issue reported in the manual configuration, but it was later reported that using configuration wizard it worked.



  • 3.  Re:  Using  AD LDS 2016 as policy store for SiteMinder 12.8 policy server

    Posted 08-14-2018 12:19 PM

    Hi Hubert,

     

    Thanks for the response. We tried both manual configuring and the configuration wizard. Both had the same result.

     

    Regards,

    Jaime



  • 4.  Re:  Using  AD LDS 2016 as policy store for SiteMinder 12.8 policy server

    Posted 08-14-2018 01:01 PM

    Jaime JaimeBritton62352722

     

    Did we configure the ADLDS partitions correctly ? Let me try explaining in high level.

     

    There are 2 key areas of focus.

    1. There is a Configuration Partition and there is an Application partition.
    2. The Configuration Partition holds the scheme structure for the Directory.
    3. The Application Partition holds the actual applications Data.
    4. The basic premise is, for the Data to be present OR to be written into the Directory; the directory schema should be present. So be careful to which partition you are connecting, as this is very crucial for AD LDS to be configured correctly.
    5. Our first step would be to connect to the Configuration Partition and create a User within the Configuration Partition. This needs to be done, because the Schema of AD LDS is situated within this Partition. Hence CA SSO schema needs to be added into this Partition. So once the User is created, you’d need to give the User permissions, such that CA SSO can use this User to populate the CA SSO schema into the Configuration Partition.
    6. The Next Step would be to connect to the Application Partition and create a User within the Application Partition. This needs to be done, so that we don’t use the User from Configuration Partition for Data READ / WRITES into the Data Partition. So once the User is created, you’d need to give the User permissions, such that CA SSO can use this User to populate the Policy Store data into the Application Partition.

     

    Reference : Configure Microsoft Active Directory LDS as a Policy Store - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentati…  



  • 5.  Re:  Using  AD LDS 2016 as policy store for SiteMinder 12.8 policy server

    Posted 08-14-2018 03:19 PM

    Hi Hubert,

     

    Thanks again for the response. We have been following those instructions to no avail. The issue appears to be with SiteMinder 12.8 and AD LDS 2016 as we have not experienced the same issue using previous versions of SiteMinder and AD LDS 2012 or 2008. We faced a similar issue with 12.7 a few months ago but CA provided a fix for that. It seems that the same may need to be done for 12.8 but I just wanted to reach out to see if any others faced this issue.

     

    Thanks,

    Jaime



  • 6.  Re:  Using  AD LDS 2016 as policy store for SiteMinder 12.8 policy server

    Posted 08-14-2018 03:29 PM

    Jaime JaimeBritton62352722

     

    The only issue that was reported internally (which I'm aware) was during a manual configuration of ADLDS in R12.8, but on attempting via configuration wizard it worked. Hence I know it worked atleast once in a particular way.

     

    However configurations can differ causing an anomaly. I'd say raise a support case. That way the team can look closer. If you do suspect the issue is exactly similar to the one in R12.7 (XXXX2119 Case Number), then I'd say lets report it and have it investigated. 



  • 7.  Re:  Using  AD LDS 2016 as policy store for SiteMinder 12.8 policy server

    Posted 08-14-2018 03:38 PM

    Hi Hubert,

     

    I already opened a case on this but decided to post to CA communities as well so see if this issue was faced elsewhere. I am continuing to work with CA support in parallel.

     

    Thanks,

    Jaime



  • 8.  Re:  Using  AD LDS 2016 as policy store for SiteMinder 12.8 policy server

    Posted 08-21-2018 06:21 PM

    HI Jamie. Do you have the support case number so  support  can follow  the case and add when necessary  in communities or were you able to close the case yet?

     

    Thanks

    Terence



  • 9.  Re:  Using  AD LDS 2016 as policy store for SiteMinder 12.8 policy server

    Posted 12-27-2018 10:47 AM

    Hi Jamie,

    Did CA provide a solution to this issue. I'm also seeing the same thing, just checking if there is a solution.

     

    Thanks

    Bala.