Symantec Access Management

  • Private Community
 View Only

  • 1.  Unable to resolve agent name

    Posted Mar 06, 2026 04:17 AM
    Edited by Yang Gao Mar 06, 2026 04:23 AM

    Hi

    Now I am using SiteMinder as the oidc provider.

    When logging in with oidc, I now get an error: Unable to resolve agent name oidcp:StrategyProvider, but the StrategyProvider is actually an Authorization Provider. 

    How can I troubleshoot this issue? Thanks!


    FWSTrace.log

    [03/06/2026][09:00:41][6224][6420][1732c65b-dce89bc6-a49173e3-a3ccf4db-ea1999cb-814][AuthorizationService.java][processRequest][Validating current session.]
    [03/06/2026][09:00:41][6224][6420][1732c65b-dce89bc6-a49173e3-a3ccf4db-ea1999cb-814][FWSBase.java][isValidSession][Checking for valid SESSION cookies.]
    [03/06/2026][09:00:41][6224][6420][1732c65b-dce89bc6-a49173e3-a3ccf4db-ea1999cb-814][FWSBase.java][getSessionData][session cookie name: SMSESSION]
    [03/06/2026][09:00:41][6224][6420][1732c65b-dce89bc6-a49173e3-a3ccf4db-ea1999cb-814][FWSBase.java][isValidSession][Found SESSION cookie: SMSESSION]
    [03/06/2026][09:00:41][6224][6420][1732c65b-dce89bc6-a49173e3-a3ccf4db-ea1999cb-814][FWSBase.java][isSessionIdle][Verifying validity of session cookie [SMSESSION] retrieved]
    [03/06/2026][09:00:41][6224][6420][1732c65b-dce89bc6-a49173e3-a3ccf4db-ea1999cb-814][FWSBase.java][isSessionIdle][returning false]
    [03/06/2026][09:00:41][6224][6420][1732c65b-dce89bc6-a49173e3-a3ccf4db-ea1999cb-814][FWSBase.java][isValidSession][Trying to validate using SMSESSION cookie.]
    [03/06/2026][09:00:41][6224][6420][1732c65b-dce89bc6-a49173e3-a3ccf4db-ea1999cb-814][FWSBase.java][isValidSession][Session ID is: zIBO+BnZjPhdpuZ62dPUI7EmWSw=]
    [03/06/2026][09:00:41][6224][6420][1732c65b-dce89bc6-a49173e3-a3ccf4db-ea1999cb-814][FWSBase.java][isValidSession][Session Spec is: 4k9IzizlM9ThwzeA24W4ehsL0ScHrvpsPpPIhafkrMtIQxvfRwjPVgGUf4G5WGk5L8JaVb+vlUJcAaLv4wmzShRF7fR8yi7oepih2uwPdyB7sgNvsZYxcNyFRRr1YCqagLM3gyhsS6FX/E6H/RFTBISyptzzZ7c/v5dQ4S5IhqATavzg8/RFOhijDQZa0Yjohvg7h7oXYkZWMu/lmscWKSyXB9+5S+aN5PaeKqgYi8vjqgXptMqxlN1+o+KsepwBmSRZOvWHf6MCzMCU+fkg37YJDx9T4j08jXKYAbeHOgGDpwF2zLMLAO5Yz3SyfU0gc8yEOUvMvAQJXWiuA9E/+KHbQFTDuEDDOUgdGuTQabuA8m3OEuQ2x4y3vn+9C13xez9qsK0+NCzMJlpWtP0SYAoRkSGzz36UFbJenHtbpUJIeQtTAQIAQlkQ/wkW6/dY8QvRVhinjAEG+aT/kFbbO8XK51RA9dROQMNVp4OtgQ8i1wvsjKMDystFrYWr/0Un]
    [03/06/2026][09:00:41][6224][6420][1732c65b-dce89bc6-a49173e3-a3ccf4db-ea1999cb-814][FWSBase.java][isValidSession][Calling login to validate SMSESSION cookie data.]
    [03/06/2026][09:00:41][6224][6420][1732c65b-dce89bc6-a49173e3-a3ccf4db-ea1999cb-814][FWSBase.java][isValidSession][Result of login call is: -1.]
    [03/06/2026][09:00:41][6224][6420][1732c65b-dce89bc6-a49173e3-a3ccf4db-ea1999cb-814][FWSBase.java][isValidSession][Issuing a LOGGEDOFF cookie.]
    [03/06/2026][09:00:41][6224][6420][1732c65b-dce89bc6-a49173e3-a3ccf4db-ea1999cb-814][FWSBase.java][logoffSessionCookie][Logging out session cookie [CHECKPOINT = SLO_SESSIONCOOKIE_LOGOUT]]
    [03/06/2026][09:00:41][6224][6420][1732c65b-dce89bc6-a49173e3-a3ccf4db-ea1999cb-814][FWSBase.java][logoffSessionCookie][Issuing SMSESSION Cookie with value set to LOGGEDOFF.]
    [03/06/2026][09:00:41][6224][6420][1732c65b-dce89bc6-a49173e3-a3ccf4db-ea1999cb-814][FWSBase.java][logoffSessionCookie][Issuing SESSIONSIGNOUT Cookie with value set to LOGGEDOFF.]

    smps.log

    [4148/5368][Fri Mar 06 2026 04:00:41][AgentAuth.cpp:140][ERROR][sm-Server-00200] Unable to resolve agent name oidcp:StrategyProvider , request s113/r26



    -------------------------------------------



  • 2.  RE: Unable to resolve agent name

    Broadcom Employee
    Posted 28 days ago

    If the name of an Authorization Provider is modified after its creation in SiteMinder, OIDC transactions may fail with above error message.

    Solution:
    This is a known issue. This issue occurs because SiteMinder fails to automatically update the name of the corresponding backend agent object when an Authorization Provider name is modified.
    To avoid the issue, do not modify the name of an authorization provider.
    To resolve the issue, perform the following steps to manually modify the name of the backend agent object that corresponds to the modified Authorization Provider:
    1. Open XPSExplorer from siteminder_installation_path/bin.
    2. Enter the number corresponding to the Agent option.
    3. Enter S to search agent objects. A list of the available agent objects is displayed.
    4. Identify the agent that is configured with the Authorization Provider, and enter the number corresponding to that agent to retrieve its details.
    The name of an agent that is related to an Authorization Provider is in the oidcp:authorization_provider_name format.
    5. Enter W to get the writable copy of the agent object and then edit the agent name to reflect the latest name of the Authorization Provider.
    Example: If the name of an Authorization Provider has changed from Dept_Edu to Dept_HR, modify the corresponding agent name from oidcp:Dept_Edu to oidcp:Dept_HR.
    6. (Optional) Enter V to validate the new value.
    7. Enter U to update the change.
    8. Quit XPSExplorer.

      Please reference the documentation:

      https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/release-notes/known-issues/known-issues-for-federation.html

      -------------------------------------------

      Original Message