Layer7 Access Management

Expand all | Collapse all

Can not connect to Policy Server with CA SSO Test Tool

  • 1.  Can not connect to Policy Server with CA SSO Test Tool

    Posted 05-15-2019 10:05 AM

    I am trying to run test on my SSO configuration using CA SM Test Tool. I am on Win2016 and SM Policy Server V12.8

    When I am launching it from the Start Menu the IP and all ports already populated.

    I added Agent Name as it appears in the Admin UI using Version4 and click Connect I am getting "Failed to Connect to Policy Server" error.

     

    Any ideas why its not working?

     

    Appreciate your reply.



  • 2.  Re: Can not connect to Policy Server with CA SSO Test Tool

    Posted 05-15-2019 10:29 AM


    Hello Irina :

    per your description, Version 4 , Simulates 4.x Agents. The 4.x Agent type uses a shared secret for the connection method. Then 
    - does shared secret is correctly entered ?
    - the IP Address you set, it is Siteminder Policy Server IP Address or other server IP ?

    - if using Version 5 agent, do you have not issues ?

     

    Here a reference  :
    https://docops.ca.com/ca-single-sign-on/12-8/en/using/test-tool/start-and-configure-the-test-tool/

     

    thanks

    Gustavo Azolas



  • 3.  Re: Can not connect to Policy Server with CA SSO Test Tool

    Posted 05-15-2019 10:50 AM

    Thank you for your reply and the link that I am already using.

     

    - the IP Address you set, it is Siteminder Policy Server IP Address or other server IP ? - This is the IP address of the Policy Server that is the local host (the same VM where the tool is running). By default its assigning the IPV6 IP address but I tried IPV4 IP address also and this makes no difference.

    - does shared secret is correctly entered ? - If you mean the shared secret from the SmHost.conf where agent it running then yes. BTW the documentation does not tell you to enter neither secret nor Server. But I did anyway.

    - if using Version 5 agent, do you have not issues ? - Yes still not working. My agent is running on RH and Policy server with Test Tool is on Win. I copied the SmHost.conf from the agent server locally and browsed to it. Policy Server section becomes disabled. I am getting different error saying that "Can not obtain host configuration information using specified SmHost.conf file"

     

    Any ideas?

    Regards.



  • 4.  Re: Can not connect to Policy Server with CA SSO Test Tool

    Posted 05-16-2019 06:00 AM

    I found this note in the link above:

    If you are running the Test tool on the Policy Server which has IPv6 address, make sure to change the LinkLocalAddress to the loopback address.

     

    I wonder if anyone knows where this setting is?

     

    I also have an old fully Windows env. If I map drive to web agent server and then Version5 and browse to SmHost.conf file I can connect to Policy Server.

     

    Any ideas why local copy from RH web agent is failing the connection to Policy Server?