Hello CA Single Sign-On Community Users,
Please find below the list of the latest Knowledge Base Articles for Single Sign-On (Formerly CA SiteMinder)published or updated since 25th October 2016 for your reference:
Javaoutofmemory error causing production outage
Secure proxy servers went unresponsive after logging java.lang.OutOfMemoryError:
Last Update: 2017-02-08 Size: 83 kb Type: Knowledge Base Articles ID: TEC1566556
Audit records for changes in WAMUI
audit records of who did what in the administrative console
Last Update: 2017-02-08 Size: 83 kb Type: Knowledge Base Articles ID: TEC1946731
Policy store fail back does not work properly.
When policy stores are deployed as redundancy, fail back does not work properly.
Last Update: 2017-02-08 Size: 83 kb Type: Knowledge Base Articles ID: TEC1991177
Actions are not registered in AgentType.
When I tried to register WebAgent actions in AdminUI, they are not displayed.
Last Update: 2017-02-07 Size: 83 kb Type: Knowledge Base Articles ID: TEC1764799
Product design of Agent Keys Roll Over
Question about Agent Keys roll over design.
Last Update: 2017-02-07 Size: 83 kb Type: Knowledge Base Articles ID: TEC1557106
What is the purpose of update query for Policy Store ?
Policy Server is executing update query for Policy Store at some interval.
Last Update: 2017-02-07 Size: 83 kb Type: Knowledge Base Articles ID: TEC1470324
How to authenticate user using multiple attribute beside password using HTML Form Auth Scheme
Collect Additional Attributes
Last Update: 2017-02-06 Size: 83 kb Type: Knowledge Base Articles ID: TEC1214858
What does the "0509-103 The module has an invalid magic number" error message mean?
The "0509-103 The module has an invalid magic number" error message means the is a bit level mismatch
Last Update: 2017-02-03 Size: 83 kb Type: Knowledge Base Articles ID: TEC1709415
Unable to activate Federation Partnership for Production
Federation was setup in lower environment and the XPSExport -xe and -xp was run to export. Production imports this and fails to display the partnership. New partnerships fail to activate and report there is existing one.
Last Update: 2017-02-02 Size: 83 kb Type: Knowledge Base Articles ID: TEC1754847
Key Management not exist in WAMUI
Didn't find Key management in admin UI under WAMUI - Administration - Policy server not exist
Last Update: 2017-02-01 Size: 83 kb Type: Knowledge Base Articles ID: TEC1998593
How to get 'Authentication' List in SSA\SOI Reports login screen (InfoView)
How to make the 'Authentication' List appear in SOI Reports infoview login screen
Last Update: 2017-02-01 Size: 83 kb Type: Knowledge Base Articles ID: TEC560697
Enable SSL for the Agent for SharePoint 2013 - FIPS COMPAT/MIGRATE MODES Example
Steps to enable SSL for the Agent for SharePoint 2013 - Apache and TomCat front-ends.
Last Update: 2017-01-31 Size: 83 kb Type: Knowledge Base Articles ID: TEC561406
APS Errors when attempting to process CGI programs CPW APSAdmin
Getting the following error as of now, I’m speculating that CGI execution can’t see SMCookie which is getting generated… “[SM-APS-15003] APS Administration Service must run under a Web Agent.”
Last Update: 2017-01-27 Size: 83 kb Type: Knowledge Base Articles ID: TEC1324148
Manually create the required Policy Store objects to protect the R12.52x Access Gateway ProxyUI with CA Single Sign On.
This article details the Policy Store Objects that are required to protect the R12.52x Access Gateway with CA Single Sign On should the automatic creation of these objects fail during with the Confiugration Wizard.
Last Update: 2017-01-27 Size: 83 kb Type: Knowledge Base Articles ID: TEC1648008
Cannot search objects in AdminUI based on their Description
This document explains a problem found in some releases to filter AdminUI results in a view by Description.
Last Update: 2017-01-26 Size: 83 kb Type: Knowledge Base Articles ID: TEC1166808
'No SAML2 SP Provider found' Error in Federation
Meaning of 'No SAML2 SP Provider found' Error in Federation, SAML2 transaction.
Last Update: 2017-01-24 Size: 82 kb Type: Knowledge Base Articles ID: TEC1689376
Apache reports "Permission Denied" to load the libmod_sm22.so or libmod_sm24.so module on SELinux.
Verify if SELinux security settings are preventing the Single Sign On Apache Web Agent from initializing.
Last Update: 2017-01-24 Size: 83 kb Type: Knowledge Base Articles ID: TEC492202
Unable to resolve fully qualified host name. Exiting with HTTP 500 server error '00-0016'
How to resolve the "unable to resolve fully qualified host name" error by updating the ACO
Last Update: 2017-01-24 Size: 83 kb Type: Knowledge Base Articles ID: TEC1959852
High availability for Kerberos authentication
Kerberos auth scheme as documented points to a single policy server for service name a single point of failure
Last Update: 2017-01-20 Size: 83 kb Type: Knowledge Base Articles ID: TEC1213853
SPS installation error: Unable to install the Java Virtual Machine included with this installer.
When running the Installer for SPS via Command Line, after selecting the JDK install path, the installer shows an error about not being able to use the Java in the installer.
Last Update: 2017-01-20 Size: 83 kb Type: Knowledge Base Articles ID: TEC1483903
Weblogic ASA smreghost error: Failed to enable any clusters. Registration has failed.
ASA Agent failing to register new client to Policy Server.
Last Update: 2017-01-20 Size: 83 kb Type: Knowledge Base Articles ID: TEC1778783
Inquiry on Filtering
How can I setup Single sign-on (SSO) Policy server to NOT intercept traffic from winword.exe?
Last Update: 2017-01-20 Size: 83 kb Type: Knowledge Base Articles ID: TEC1341548
Configuration of policy server clustering
In use of policy server clustering, tell me about configuration of it.
Last Update: 2017-01-20 Size: 83 kb Type: Knowledge Base Articles ID: TEC1322203
What is SHSMP32.dll?
When Policy Server is started, SHSMP32.dll error is outputted on Windows Event Handler and Policy Server is unable to start.
Last Update: 2017-01-20 Size: 83 kb Type: Knowledge Base Articles ID: TEC1906367
Tips to integrate SSO (Siteminder) with IdentityMinder
How to Integrate CA SSO with CA Identity Manager example based on Documentation available. JDBC Data Source, Jboss , IIS, Siteminder Webagent, ISAPI Filters , Proxy
Last Update: 2017-01-19 Size: 83 kb Type: Knowledge Base Articles ID: TEC1594205
SiteMinder bind to User Directory fails partially with Error 49 - Invalid credentials
LDAP bind fails
Last Update: 2017-01-19 Size: 83 kb Type: Knowledge Base Articles ID: TEC450811
Oracle Glassfish 3.0 : Error while starting domain
When installing Glassfish 3.0 as application server to configure the Oracle Directory Server console on Linux. Getting error on starting the domain created. Error due to bad JDK used.
Last Update: 2017-01-18 Size: 83 kb Type: Knowledge Base Articles ID: TEC1498397
12.52SP1CR05 - Policy Server core when using custom authentication scheme
There is a known issue with 12.52SP1CR05 when using custom auth scheme. Fixed in 12.52SP1CR06
Last Update: 2017-01-18 Size: 83 kb Type: Knowledge Base Articles ID: TEC1468698
Unable to locate parent for "CA.SM::SAMLv2IdP" object error
This document explains why this error can appear during an upgrade, and how to solve it.
Last Update: 2017-01-18 Size: 83 kb Type: Knowledge Base Articles ID: TEC1937741
Configuring the Web Agent, this one reports error : Unable to get key: 4301
This technote discusses about a specific error occuring when registring the Web Agent
Last Update: 2017-01-18 Size: 83 kb Type: Knowledge Base Articles ID: TEC1486506
Rule Actions are not set properly when creating a Rule with Perl CLI
This document explains why the Actions field could not work properly when creating a rule through Perl CLI, and how to solve it.
Last Update: 2017-01-18 Size: 83 kb Type: Knowledge Base Articles ID: TEC1731025
ServeletExec modules are still contained in Policy Server r12.6 unexpectedly.
This explains incorrect modules contained in PS 12.6.
Last Update: 2017-01-18 Size: 83 kb Type: Knowledge Base Articles ID: TEC1231149
CA Federation & Office 365 Integration: ObjectGUID as ImmutableID
This document explains CA Federation & Office 365 Integration: How to define ObjectGUID(binary attribute) as ImmutableID attribute in the Federation Partnership.
Last Update: 2017-01-12 Size: 83 kb Type: Knowledge Base Articles ID: TEC1782098
Impersonation using SDK.
Impersonation using SDK AgentAPI.login() call
Last Update: 2017-01-11 Size: 83 kb Type: Knowledge Base Articles ID: TEC499241
Administrative UI installation fails
adminui reinstall install
Last Update: 2017-01-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC548213
Is it supported to have Policy Server and AdminUI on different CR levels?
Policy server adminui crs
Last Update: 2017-01-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC553533
Administrative UI registration is failing with "Unknown Error. Create Failed".
Adminui registering Unknown Error. Create Failed
Last Update: 2017-01-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC556106
How to prevent ACS URL spoof in a Authnrequest
It is possible to insert a different Assertion Consumer Service URL into the SP authnrequest. How can this be prevented?
Last Update: 2017-01-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC1133703
Dynamically setting AuthnContextClassRef in the assertions
Dynamically setting AuthnContextClassRef in the assertions based upon the authentication scheme or authentication level that the SSO user authenticated with; currently the Assertion Generator API does not have that information exposed to it.
Last Update: 2017-01-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC1354535
SMPS Error: "Bad installation or configuration, Assertion handler can't be initialized. Leaving Assertion Generator Framework."
500 Error during CA Federation & Office 365 Transaction. SMPS Error: "Bad installation or configuration, Assertion handler can't be initialized. Leaving Assertion Generator Framework."
Last Update: 2017-01-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC1880219
"Allow Protection Override" checkbook on the custom authentication-scheme.
Documentation(topic is, "custom-authentication-schemes") describes Allow Protection Override" checkbook on the authentication-scheme. This option specifies that the protection level in the library takes precedence over the protection level specified in t
Last Update: 2017-01-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC1674413
XSS Error in the browser, CA Federation & Office 365 Integration,
XSS Error in the browser, CA Federation & Office 365 Integration, as part of CA Federation and Office 365 integration when testing in Internet Explorer after authentication,
Last Update: 2017-01-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC1252731
Signed SP Initiated Request: Signature verification failing at 3rd party IDP
"Can not verify digital signature" error at 3rd party IDP when signature cannot be verified for a signed AuthNRequest or SAMLRequest from CA Federation.
Last Update: 2017-01-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC1525465
AdminUI :: OutOfMemoryError
This technote discusses about a specific error on AdminUI and JBoss services. It gives the way to fix it.
Last Update: 2017-01-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC548400
Seeing AgentInstance errors after disabling Agent Discovery feature
This document explains why you can see AgentInstance object errors after disabling the Agent Disacovery feature and how to solve it.
Last Update: 2017-01-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC1413935
What the max length of user's password which is possible to post?
Is there a limitation on the max length of user's password which for post requests ?
Last Update: 2017-01-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC557679
WamUI :: JBoss : MyfacesConfig Error
This technote discusses about a specific error in the jboss adminui and it tells how to fix it.
Last Update: 2017-01-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC548322
Policy Server starting slow with ODSEE Policy Store
This document explains why a ODSEE Policy Store configured with the Policy Server Configuration Wizard could have performance issues and how to solve it.
Last Update: 2017-01-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC1240905
ODSEE Policy Store : Error occurred during "SearchExt" for "(&(objectClass=xpsObject)(|(xpsCategory=2)(xpsCategory=3)))", text: Insufficient access
This document explains why this error appears on ODSEE Policy Stores when using non-Directory Manager users.
Last Update: 2017-01-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC1553622
Session invalidated : cipher TLS_DHE_RSA_WITH_AES_256_CBC_SHA
This technote discusses about a specific error related to ciphers on SPS
Last Update: 2017-01-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC1346294
Accessing creds.ntc, I get in the browser the message "redirected too many times"
This technote discusses about a specific message seen in the browser when accessing the Windows Authentication Scheme.
Last Update: 2017-01-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC1845552
What does the message "SMAUTHREASON parameter value is non-numeric" mean?
This technote discusses about the meaning of a specific Web Agent message in the Web Agent traces
Last Update: 2017-01-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC1674387
Is there an Agent on Nginx ?
This technote discusses about the possibilities to protect Nginx resources.
Last Update: 2017-01-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC1633341
LDAP Groups for SharePoint FBA Authorization.
This technote discusses about the scope of usage of LDAP Group with SharePoint Agent
Last Update: 2017-01-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC506698
Policy server secure ldap connection failure
SSLv3 not working on 12.52 SP2 policy server
Last Update: 2017-01-06 Size: 83 kb Type: Knowledge Base Articles ID: TEC1138708
How to monitor memory leaks on Windows using Perfmon.exe
Windows Perfmon To Profile Memory Leak
Last Update: 2017-01-05 Size: 83 kb Type: Knowledge Base Articles ID: TEC529361
We cannot disable Agent Discovery feature in Novell eDirectory Policy Store
This document describes a workaround on how to disable Agent Discovery feature in a Novell eDirectory Policy Store
Last Update: 2017-01-05 Size: 83 kb Type: Knowledge Base Articles ID: TEC1343336
How to Configure a "WebAgent-OnReject-Text" Response Attribute
how to configure the agent to get the text set by the "WebAgent-OnReject-Text" response
Last Update: 2017-01-03 Size: 83 kb Type: Knowledge Base Articles ID: TEC1856736
Console mode install (-i console) attempts to open X-windows
java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11GraphicsEnvironment
Last Update: 2017-01-03 Size: 83 kb Type: Knowledge Base Articles ID: TEC1445642
Policy Server Hung if LDAP User Directory is unresponsive/slowly performing
Hung policy server
Last Update: 2017-01-02 Size: 83 kb Type: Knowledge Base Articles ID: TEC1013829
How to configure Impersonation?
Steps by steps instructions on how to configure Impersonation and test
Last Update: 2017-01-02 Size: 83 kb Type: Knowledge Base Articles ID: TEC1055358
Websphere Application Server Agent Installed Files List
list of installed files by the Weblogic ASA
Last Update: 2016-12-30 Size: 83 kb Type: Knowledge Base Articles ID: TEC1230496
Weblogic Application Server Agent Installed Files List
list of installed files by the Weblogic ASA
Last Update: 2016-12-30 Size: 83 kb Type: Knowledge Base Articles ID: TEC1949179
Failed to Load Library Error
custom auth scheme failed to load
Last Update: 2016-12-30 Size: 83 kb Type: Knowledge Base Articles ID: TEC1312022
Convert an HTTP Header Response Attribute to Upper Case
A WebAgent-HTTP-Header-Variable is configured to return a user attribute from an LDAP user store. The attribute is stored in a mix of upper and lower case. The HTTP Header variable needs to be in upper case.
Last Update: 2016-12-29 Size: 83 kb Type: Knowledge Base Articles ID: TEC1832505
Running Policy Server, the statistics shows "Current Thread" value equal to "Max Thread" permanently
This technote discusses the values about threads in the Policy Server statistics lines
Last Update: 2016-12-29 Size: 83 kb Type: Knowledge Base Articles ID: TEC1749666
ASA Agent cannot start and report error "Unable to create configuration setup from the policy server"
This technote discusses cause and the solution of a specific error when starting ASA Agent
Last Update: 2016-12-29 Size: 83 kb Type: Knowledge Base Articles ID: TEC1975665
Siteminder Application Roles configuration to use specific value in a multivalued attribute for authorization
How to configure Siteminder to use a specific value in a multivalued attribute for authorization
Last Update: 2016-12-23 Size: 83 kb Type: Knowledge Base Articles ID: TEC1751423
12.6 XPSSweeper integrity check tool reports error that can not be fixed automatically.
When running the new 12.6 XPSSweeper integrity check tool, there could be some errors that can not be fixed automatically. Especially regarding CA.SM::SAMLv2IdP.Name / CA.SM::UserDirectory
Last Update: 2016-12-23 Size: 83 kb Type: Knowledge Base Articles ID: TEC1462638
SSO stopped working on HR website
The SSOs on our HR website stopped working in the morning of Sept. 3. The SSO uses R12.52 SPS server in DMZ and the R12.52 policy server as the back end server. When the issue occurred, we rebooted the SPS server only and then SSOs work again. I am uploading the logs for your the check. The error I found on policy server smtracedefault log is: [09/03/2016][08:34:12.961][08:34:12][2236][736][AssertionHandlerSAML20.java][postProcess][139957d9-9577ef13-371cdb48-06d3a404-255d77cc-8ac][][][][][][][][][][][][][][][][][][][][Start to wrap-up the SAML2.0 response.][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][] [09/03/2016][08:34:12.961][08:34:12][2236][736][AuthnRequestProtocol.java][logAuditData][139957d9-9577ef13-371cdb48-06d3a404-255d77cc-8ac][][][][][][][][][][][][][][][][][][][][Error getting filling assertion audit data.][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][] [09/03/2016][08:34:12.961][08:34:12][2236][736][AuthnRequestProtocol.java][closeupProcess][139957d9-9577ef13-371cdb48-06d3a404-255d77cc-8ac][][][][][][][][][][][][][][][][][][][][POST signing option: 0][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][] [09/03/2016][08:34:12.961][08:34:12][2236][736][AuthnRequestProtocol.java][closeupProcess][139957d9-9577ef13-371cdb48-06d3a404-255d77cc-8ac][][][][][][][][][][][][][][][][][][][][The Response can not be parsed to XML document. Exception Message: The ID '_6d1107235ac34ad9ea4e242fecda21e52a7c' is not unique in this XML document][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][] [09/03/2016][08:34:12.961][08:34:12][2236][736][AssertionGenerator.java][invoke][139957d9-9577ef13-371cdb48-06d3a404-255d77cc-8ac][][][][][][][][][][][][][][][][][][][][AssertionHandler postProcess() failed. Leaving AssertionGenerator.][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][] Also from affwebserv log in SPS server, I found following errors : “Transaction with ID: 12eac848-fb750d7d-3db699a7-8de80982-f83b5fb1-fb8b failed” Please let me know what caused the SSO errors and why transaction ID is not unique. Again reboot of SPS server fixed the issue and we did not do anything to policy server at that time.
Last Update: 2016-12-22 Size: 83 kb Type: Knowledge Base Articles ID: TEC1086918
ODBC Errors with Data Stores in MSSQL Server
ODBCAD32.exe: 'Test Connection' Error: [DataDirect][ODBC SQL Server Wire Protocol driver] Cannot load trust store. SMConsole Error Failure. Siteminder can not access the following data sources: : SM-DBU-00620. Error code -1063
Last Update: 2016-12-22 Size: 83 kb Type: Knowledge Base Articles ID: TEC1507645
CA SSO/Siteminder Administrative User Interface (AdminUI) fails logon.
CA SSO/Siteminder Administrative User Interface (AdminUI) fails logon. "Error: Unable to process logins. Please contact your administrator."
Last Update: 2016-12-22 Size: 83 kb Type: Knowledge Base Articles ID: TEC1297509
Issues renaming the Secure Proxy Server access log
We are trying to rename Secure Proxy server current access log to following format: accesslog.log, it was achieved by updating httpd.conf but an additional number is getting added to the filename like (accesslog.log.1448841600).
Last Update: 2016-12-22 Size: 83 kb Type: Knowledge Base Articles ID: TEC1759004
SSL Errors with Data Stores in MSSQL Server
ODBCAD32.exe: 'Test Connection' Error: [DataDirect][ODBC SQL Server Wire Protocol driver] SSL required, but was not requested. SMConsole Error Failure. Siteminder can not access the following data sources: : SM-DBU-00620. Error code -1063
Last Update: 2016-12-22 Size: 83 kb Type: Knowledge Base Articles ID: TEC1668077
SPS Server reports error "java.net.SocketException: Broken pipe"
This technotes discusses the possible cause of a specific error in SPS
Last Update: 2016-12-22 Size: 83 kb Type: Knowledge Base Articles ID: TEC1468434
Policy Server :: HouseKeeping Thread LDAP Request : xpsCategory
This technote discusses the meaning of the xpsCategory class in Policy Server ldap searches.
Last Update: 2016-12-22 Size: 83 kb Type: Knowledge Base Articles ID: TEC1242723
When does the clock start for the request? Does it start when the reactor thread receives the request?
This question/answer below relates to the fact that the trace log can show a messages like CSm_Auth_Message::AnalyzeAgentAuthMessage that rarely take a long time to complete.
Last Update: 2016-12-21 Size: 83 kb Type: Knowledge Base Articles ID: TEC1018926
What could be one of the causes of the "TCP Message timed out" error? Can one of the causes be, the message stays in the queue for too long after SiteMinder receives it and it times out?
This question/answer below relates to the fact that the trace log can show a messages like CSm_Auth_Message::AnalyzeAgentAuthMessage that rarely take a long time to complete. At the same time you received a TCP timed out message, the CSm_Auth_Message
Last Update: 2016-12-21 Size: 83 kb Type: Knowledge Base Articles ID: TEC1863715
What could be one of the many causes of the "TCP Message timed out" message
The TCP time out and it's message is not the cause of the problem It is just the reflection of the problem
Last Update: 2016-12-21 Size: 83 kb Type: Knowledge Base Articles ID: TEC1293763
Policy Server :: Federation : SAML WCTX Parameter
This technote discusses the value that the WCTX parameter should have
Last Update: 2016-12-20 Size: 83 kb Type: Knowledge Base Articles ID: TEC606703
Policy Server :: smps.log : Unable to establish administration context
This technote discusses about a specific error message in smps.log
Last Update: 2016-12-20 Size: 83 kb Type: Knowledge Base Articles ID: TEC604281
When is AgentID.dat file created?
This document explains when and how the AgentID.dat file can be created
Last Update: 2016-12-20 Size: 83 kb Type: Knowledge Base Articles ID: TEC1697265
IWA authentication fails with a 403 Forbidden Error
After updating my IIS 7 web agents from 12.0 to 12.51 I can no longer get IWA to work properly, and get a 403 error
Last Update: 2016-12-16 Size: 83 kb Type: Knowledge Base Articles ID: TEC1095426
After upgrade of SiteMinder 12.52 from CR1 to CR5 wily stopped working
We recently applied CR5 patch to Policy Server CR12.52 CR1 on our Solaris servers. Policy server is working fine. But it is unable to load the wily library. We can clearly see this error message in the SMPS.Log. "Failed to initialize event handler"
Last Update: 2016-12-16 Size: 83 kb Type: Knowledge Base Articles ID: TEC1197262
Is there any limitation with CA Access gateway / SPS on Uploading/Downloading large files ?
When trying to upload/download large files with CA Access gateway / SPS, it fails if file size is more than 2 GB.
Last Update: 2016-12-16 Size: 83 kb Type: Knowledge Base Articles ID: TEC1201607
Webagent fail procesing FCC
When using Form authentication, webagent is failing on processing FCC. One of the reason could be a problem with the SMENC variable
Last Update: 2016-12-16 Size: 83 kb Type: Knowledge Base Articles ID: TEC1237162
Can't connect to CA DIRECTORY policystore
Problem switching policy stores from Oracle LDAP to CA Directory over SSL
Last Update: 2016-12-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC1935395
AD Old Password Still Accepted
Old Active Directory user password still accepted
Last Update: 2016-12-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC1080524
JVM Debugging in Policy server
How to debug JVM related error in Policy server
Last Update: 2016-12-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC1608681
SM web agent LLAWP failed to initialized with Apache 2.4 on startup due to Semaphore issue
How to resolve Web Server/Web Agent startup issues and outages due to orphaned semaphores and shared memory segments
Last Update: 2016-12-14 Size: 83 kb Type: Knowledge Base Articles ID: TEC1063617
Multi-Master LDAP Policy Store Considerations
ldap multi-master admininstration
Last Update: 2016-12-14 Size: 83 kb Type: Knowledge Base Articles ID: TEC1528671
Does Agent for SharePoint support SSO Zones?
zones sharepoint session cookies
Last Update: 2016-12-14 Size: 83 kb Type: Knowledge Base Articles ID: TEC1179946
Search target="root" info="base, objectClass=*"
objectClass=* searches
Last Update: 2016-12-14 Size: 83 kb Type: Knowledge Base Articles ID: TEC454675
SPS: Message: java.security.InvalidKeyException: Illegal key size
while testing SPS Oauth2 client with our internal Oauth Server. After receiving code from the browser, SPS returns 500 and dumps the error in the log. I can reproduce the issue any time by resubmitting same request to SPS.
Last Update: 2016-12-14 Size: 83 kb Type: Knowledge Base Articles ID: TEC1629539
Administrative UI :How to enable SSL Debug
Steps to enable SSL debugging on Admin UI JBoss
Last Update: 2016-12-13 Size: 83 kb Type: Knowledge Base Articles ID: TEC1712227
Administrative UI :How to increase the request time out
How to increase the request time out for the Admin UI request to Policy server
Last Update: 2016-12-13 Size: 83 kb Type: Knowledge Base Articles ID: TEC1609018
Administrative UI : Vulnerability : Lack of Cookie Attribute - Secure
The JSESSIONID cookie of Admin UI missing secure flag
Last Update: 2016-12-13 Size: 83 kb Type: Knowledge Base Articles ID: TEC1126443
Administrative UI : Vulnerability : Insufficient Session Expiration
Administrative UI session timeout very high
Last Update: 2016-12-13 Size: 83 kb Type: Knowledge Base Articles ID: TEC1662884
Datetime field overflow error occurred when call SQLExecute for Housekeeping Policy Data Read
DB2 upgrade from 9.7 to 10.5, An error occurred when calling "SQLExecute" for "Housekeeping Policy Data Read" query [ERROR][sm-xpsxps-00810] Native Diagnostic: 22008:0 [NS][ODBC DB2 Wire Protocol driver]Datetime field overflow. Error in parameter 1.
Last Update: 2016-12-13 Size: 83 kb Type: Knowledge Base Articles ID: TEC1147054
How to enable SM_USERGROUPS
SM_USERGROUPS
Last Update: 2016-12-11 Size: 83 kb Type: Knowledge Base Articles ID: TEC1868824
SP-Initiated POST request results in 400 Error
SP-Initiated POST request results in 400 Error: No SAMLRequest or SPID parameter in request to SAML2 Single Sign-On Service Ending SAML2 Single Sign-On Service request processing with HTTP error 400
Last Update: 2016-12-09 Size: 83 kb Type: Knowledge Base Articles ID: TEC1344266
Integrating CA Single Sign On (fka SiteMinder) with Oracle WebLogic with Oracle WebCenter 12 deployed
Oracle WebCenter requires the Subject to be signed with a WebLogic Principal, but the SiteMinder Authentication Provider signs the Subject with a SiteMinder Principal. How do I get CA Single Sign On to integrate when WebCenter 12 is deployed on WebLogic?
Last Update: 2016-12-08 Size: 83 kb Type: Knowledge Base Articles ID: TEC1856623
Maximum hours for Session Maximum Timeout, Idle Timeout, and Validation Period of Realms
The upper limit of Max Session Timeout, Idle Timeout, and Validation Period of Realms
Last Update: 2016-12-08 Size: 83 kb Type: Knowledge Base Articles ID: TEC1706646
How to configure the Single Sign On TAI so that the SiteMinder User can be located as a unique user within the WebSphere User Registry.
How to determine what Identity will be propagated to WebSphere by the Single Sign On TAI and used to query the WebSphere User Registry to obtain the UniqueUserID from the user's WebSphere User Registry attributes.
Last Update: 2016-12-07 Size: 82 kb Type: Knowledge Base Articles ID: TEC1364609
How to utilize an LDAP User Directory with a custom ObjecClass in a Single Sign On (fka SiteMinder) environment.
This article explains the sm.registry modifications required to utilize an LDAP User Directory that is configured with a custom ObjectClass for the users with the CA Single Sign On (fka SiteMinder) environment.
Last Update: 2016-12-05 Size: 83 kb Type: Knowledge Base Articles ID: TEC1297676
RSA Auth Scheme Configuration error
what are the requirements for RSA auth scheme configuration
Last Update: 2016-12-02 Size: 83 kb Type: Knowledge Base Articles ID: TEC1415752
Does updating the x509 with a different "issued to" certificate name keep the alias and all existing partnerships in place?
updating the x509 with a different "issued to" certificate name keep the alias and all existing partnerships in place?
Last Update: 2016-12-01 Size: 83 kb Type: Knowledge Base Articles ID: TEC1593171
Steps involved for update Policy Server encryption key
Steps need to do for change policy server encryption key
Last Update: 2016-12-01 Size: 83 kb Type: Knowledge Base Articles ID: TEC1795424
HTTP Error 503 when using Form Authentication with IIS 7.5
When using form authentication scheme, getting 503 error with IIS. When using basic, no problem. Need to check web.conf and preconditions.
Last Update: 2016-11-30 Size: 83 kb Type: Knowledge Base Articles ID: TEC1060401
How to configure X.509 Cert Authentication with CA Access Gateway
steps to configure X.509 Cert Authentication with CA Access Gateway
Last Update: 2016-11-30 Size: 83 kb Type: Knowledge Base Articles ID: TEC1135734
Web Agent Trace files are empty
Agent Logs and Traces are both configured. Both Agent Logs and Agent Traces are being created, however the Agent Trace files are empty.
Last Update: 2016-11-29 Size: 83 kb Type: Knowledge Base Articles ID: TEC1363943
Singing algorithm is coming as SHA1 in Metadata export even though we select SHA256 in Entity/Partnership
The Singing algorithm is coming as SHA1 in Metadata export even though we select SHA256 in Entity/Partnership
Last Update: 2016-11-29 Size: 83 kb Type: Knowledge Base Articles ID: TEC1744788
Changes on smpolicysrv stats
why smpolicysrv stats format have been changed from r12.52 sp1 cr05 onwards. Why Waits and Misses are removed from smpolicysrv stats? smpolicysrv –stats
Last Update: 2016-11-29 Size: 83 kb Type: Knowledge Base Articles ID: TEC1814821
Federation SMPORTALURL vulnerability
Federation SMPORTALURL poses OpenRedirect Vulnerability
Last Update: 2016-11-29 Size: 83 kb Type: Knowledge Base Articles ID: TEC1519514
AdminUI :: Certificate : Attribute Format
This technote discusses about Certificate format that can be used with the AdminUI
Last Update: 2016-11-29 Size: 83 kb Type: Knowledge Base Articles ID: TEC617304
Federation Manager :: Delegated Authentication Status : Session Timeout and Redirection to the Delegated Authentication Page
This technote discusses the usage of the "Track Delegated Authentication Status" feature for federation partnership
Last Update: 2016-11-29 Size: 83 kb Type: Knowledge Base Articles ID: TEC1446194
Policy Server :: LDAP Group : Member Definitions
This technotes discusses about values that a LDAP Group can have
Last Update: 2016-11-29 Size: 83 kb Type: Knowledge Base Articles ID: TEC616945
AdminUI :: Error : The administrator directory could not be initialized
Trying to access the AdminUI running on Linux, I get 500 return code in the browser
Last Update: 2016-11-29 Size: 83 kb Type: Knowledge Base Articles ID: TEC1456355
Characters ";" and "=" are encoded in URL but not decoded on redirection to the target URL after authentication.
This article explains a compatibility issue between Web Agent r6 and r12.5x.
Last Update: 2016-11-28 Size: 83 kb Type: Knowledge Base Articles ID: TEC1788452
Missing registry entries
Few registry entries that used to exist in r12.0 is not available in 12.52Sp2
Last Update: 2016-11-28 Size: 83 kb Type: Knowledge Base Articles ID: TEC1264816
What is FlushObjCache registry used for
Flushing object cache
Last Update: 2016-11-28 Size: 83 kb Type: Knowledge Base Articles ID: TEC1956095
Unable to insert into audit database : String or binary data would be truncated
String or binary data would be truncated error is shown while inserting record into smobjlog4 table
Last Update: 2016-11-27 Size: 83 kb Type: Knowledge Base Articles ID: TEC1269524
When I try to change my password and it's refused, the page doesn't show the User-Friendly message (smpwservices.fcc)
This technote discusses about missing data when doing password change and the password isn't accepted
Last Update: 2016-11-25 Size: 83 kb Type: Knowledge Base Articles ID: TEC1736652
Exception trying to extract entities from metadata
We are having exception errors while importing entity metadata
Last Update: 2016-11-24 Size: 83 kb Type: Knowledge Base Articles ID: TEC1763376
Error when registering AdminUI and accessing for the 1st time
After installing and configuring the AdminUI properly and done the XPSRegclient for the registration. Error when trying to login to the AdminUI
Last Update: 2016-11-24 Size: 83 kb Type: Knowledge Base Articles ID: TEC1088134
IDP defaulting to different AssertionConsumerServiceURL
IDP defaulting to different AssertionConsumerServiceURL other than the one sent by SP
Last Update: 2016-11-23 Size: 83 kb Type: Knowledge Base Articles ID: TEC1912939
SPS Tuning on Linux
This technote discusses of some aspect of SPS tuning on Linux
Last Update: 2016-11-23 Size: 83 kb Type: Knowledge Base Articles ID: TEC1785241
Issues with KeyMarker: 4 while importing Agent keys
Why am i getting issues with KeyMarker: 4 while importing Agent keys
Last Update: 2016-11-23 Size: 83 kb Type: Knowledge Base Articles ID: TEC1786593
Changes made in Fed Object not reflected in CA Access Gateway / Secure Proxy Server
Sometimes making changes to the Federation Setup (ACS URLs), changes are not taken into account automatically by CA Access Gateway / Secure Proxy Server and need a complete restart.
Last Update: 2016-11-23 Size: 83 kb Type: Knowledge Base Articles ID: TEC1686988
Can not see user Groups in HTTP headers
In your application you may be interested in getting groups associated with a logged user. You can use the default Siteminder variables : %SM_USERGROUPS or %SM_USERNESTEDGROUPS
Last Update: 2016-11-23 Size: 83 kb Type: Knowledge Base Articles ID: TEC1726572
FSS UI Certificate Expired so not loading
FSS UI not loading up. It was working before
Last Update: 2016-11-23 Size: 83 kb Type: Knowledge Base Articles ID: TEC1896137
No error message when Agent Key Rollover is executed.
When customer construct PostgreSQL key store replication, he executed Agent Key rollover in AdminUI to read-only key store.
Last Update: 2016-11-22 Size: 83 kb Type: Knowledge Base Articles ID: TEC1819671
Policy Store can't fail back properly
Policy Server can't fail back to secondary store
Last Update: 2016-11-22 Size: 83 kb Type: Knowledge Base Articles ID: TEC1314005
Redirect Response with Auth/Az Web services
How does redirect response work with SPS Auth/Az Web services
Last Update: 2016-11-22 Size: 83 kb Type: Knowledge Base Articles ID: TEC1470994
Session Assurance stuck before target page where the request reaches /siteminderagent/redirect.sac
This document shows how to solve the situation where having Session Assurance enabled the request gets stuck when requesting redirect.sac file
Last Update: 2016-11-21 Size: 83 kb Type: Knowledge Base Articles ID: TEC1307516
Agent for SharePoint doesn't seem to handle Session Assurance ticket
This technote discusses about the use of Session Assurance with Agent for SharePoint
Last Update: 2016-11-21 Size: 83 kb Type: Knowledge Base Articles ID: TEC1460869
OneView Monitor cannot save new view settings
This document explains why this problem happens and how to solve it
Last Update: 2016-11-21 Size: 83 kb Type: Knowledge Base Articles ID: TEC1332975
Active Response Becomes Static Response
An active response becomes a static response when edited in the AdminUI more than three times.
Last Update: 2016-11-18 Size: 83 kb Type: Knowledge Base Articles ID: TEC1531208
How to append "@abc.com" to assertion attribute
I have an assertion attribute called EmployeeNumber but SP is accepting in below mentioned form. How to achive it? EmployeeNumber@abc.com Here we need to add "@abc.com" to the employee number.
Last Update: 2016-11-17 Size: 83 kb Type: Knowledge Base Articles ID: TEC1433231
FSS UI password lost
This document tells how you can recover the passwords used to access FSS UI
Last Update: 2016-11-17 Size: 83 kb Type: Knowledge Base Articles ID: TEC1587782
SPS Exceptions reported when trying to access any tab in the Proxy UI
Cannot access the ProxyUI tabs, and the logs reporting SPS Exceptions
Last Update: 2016-11-17 Size: 83 kb Type: Knowledge Base Articles ID: TEC1807881
SPS Reporting Error After Install: Possible cause: architecture word width mismatch
architecture word width mismatch error reported in sps logs after installation
Last Update: 2016-11-17 Size: 83 kb Type: Knowledge Base Articles ID: TEC1928075
How to disable SM_PROXYREQUEST HTTP header
This document clarifies if this HTTP header is sent or not by default by the Web Agent, and if it can be disabled and how.
Last Update: 2016-11-17 Size: 83 kb Type: Knowledge Base Articles ID: TEC1721009
AdminUI is failing to establish trust with Policy Server
Failed to establish trust with the Policy Server
Last Update: 2016-11-17 Size: 83 kb Type: Knowledge Base Articles ID: TEC1402986
Can we install Install patches on RedHat kernel where CA Access gateway is running ?
Part of System Administrator task is to get latest patches on the system. If OS is Supported we do certify last patches.
Last Update: 2016-11-17 Size: 83 kb Type: Knowledge Base Articles ID: TEC1453254
Encrypted Active Response
How to send and consume encrypted active response
Last Update: 2016-11-17 Size: 83 kb Type: Knowledge Base Articles ID: TEC1703842
How to enable and disable xtrace in policy server
Run xpsconfig for xtrace configuration
Last Update: 2016-11-17 Size: 83 kb Type: Knowledge Base Articles ID: TEC1353959
How to Pre-fill username during step up authentication
In this guide we will see how to pre-fill the username field during second challenge in step up authentication
Last Update: 2016-11-17 Size: 83 kb Type: Knowledge Base Articles ID: TEC1030902
Is there a stand-alone Test Tool?
Test tool, SDK
Last Update: 2016-11-16 Size: 83 kb Type: Knowledge Base Articles ID: TEC1567605
Resolving an HTTP 405 (METHOD Not Allowed) error with IdentityIQ on a REST API FORM PostBack when the site is protected by CA Single Sign On (fka SiteMinder).
SailPoint Technologies Inc. IdentityIQ with AngularJS and XSRF/CSRF (Cross-Site Request Forgery) causes an HTTP 405 (METHOD Not Allowed) error on a REST API FORM PostBack when the site is protected by CA Single Sign On (fka SiteMinder).
Last Update: 2016-11-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC1498416
Web Agent rejects Third Party Token
Is there a setting for web agent that can convert a “Third Party Token” to a standard token after validation? unable to process SMSESSION
Last Update: 2016-11-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC1542117
Unable to execute ActiveExpression and getting java.util.MissingResourceException in profiler logs
[Active expression 'GetActiveAttr;smjavaapi;JavaActiveExpression;com.netegrity.assertiongenerator.AssertionGenerator -AssertionHandler:SAML20 basic:HomePlanBlueCrossCode=170|basic:HomePlanBlueShieldCode=670|basic:HostPlan=Blue Cross Blue Shield of Louisia
Last Update: 2016-11-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC1785387
AceInitialization failed for RSA Authentication
LogMessage:ERROR:[sm-LoginLogout-00850] SmAuthenticate: AceInitialization failed LogMessage:ERROR:[sm-Server-02960] Failed to initialize authentication scheme Cannot init Auth scheme. leave function
Last Update: 2016-11-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC1439437
# in URL / URI
Text after # in URL is not processed. Problem with # in URL with siteminder
Last Update: 2016-11-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC1759365
Web Agent :: Windows : Event ID Description
This technote discusses about the Event IDs for the Web Agent in Windows systems.
Last Update: 2016-11-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC606992
Web Agent :: ACO : DisableDNSLookup Precisions
This technote discusses about a specific ACO parameter
Last Update: 2016-11-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC612510
Policy Server :: ODBC Audit Logs : Timestamps
This technote discusses about timestamps in audit logs
Last Update: 2016-11-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC613228
Policy Server :: ODBC : File not found '.odbcinst.ini'
This technote discusses about the ways to trouble shoot the error .odbcinst.ini
Last Update: 2016-11-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC615853
Internationalization doesn't work in upgraded 12.52SP1 CA Single Sign-On environment.
This technote discusses about specific settings for localization in upgraded environment.
Last Update: 2016-11-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC1210489
Starting the Web Server, the Session Linker libraries cannot be loaded reporting an undefined symbol: ap_rputs
This technote discusses a specific error when integrating SessionLinker with Web Agent and Apache Web Server
Last Update: 2016-11-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC1499565
Default HTTP Header for unprotected resources
This explains Default HTTP Header functionality for unprotected resources.
Last Update: 2016-11-14 Size: 83 kb Type: Knowledge Base Articles ID: TEC1420414
Getting the errors "Assert failed: Attr" and "Assert failed: Domain" when importing a Policy Store export with XPSImport
This document discusses the causes of this error message and in which ways this can be solved
Last Update: 2016-11-11 Size: 83 kb Type: Knowledge Base Articles ID: TEC1320082
Getting the error "Duplicate value for CA.SM::Realm.Name" when importing a Policy Store export with XPSImport
This document discusses the causes of this error message and in which ways we can solve this
Last Update: 2016-11-11 Size: 83 kb Type: Knowledge Base Articles ID: TEC1179514
How to configure extended ODBC traces on Windows 2012 ?
Having extented ODBC traces is useful to debug problem with ODBC components. Configure it on Windows 2012 is slight different than on 2003/2008.
Last Update: 2016-11-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC1975861
Why is there some differences between JVMOptions.txt in Siteminder releases ?
The JVMOptions.txt file contains the settings that the Policy Server uses when creating the Java virtual machine. It can vary depending on version.
Last Update: 2016-11-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC1906857
If you have already registered a WAMUI with a policy server, but want to register it against other policy servers
AdminUI WamUI register
Last Update: 2016-11-09 Size: 83 kb Type: Knowledge Base Articles ID: TEC1425033
The backend Web Server gives the unauthorized response instead of the Web Agent Reverse Proxy
This technote discusses about the configuration of the Apache Web Server when Web Agent is configured on it.
Last Update: 2016-11-09 Size: 83 kb Type: Knowledge Base Articles ID: TEC1052572
Policy Server cannot stop normally and shows "Using SIGKILL to stop the Policy Server"
This technote discusses the solution about a specific issue happening at the Policy Server shutdown on Unix / Linux
Last Update: 2016-11-09 Size: 83 kb Type: Knowledge Base Articles ID: TEC1921835
smkeyimport creates new four Agent Keys in the existing Key Store. This results in the duplicate set of Agent Keys.
This article explains a remark when running smkeyimport.
Last Update: 2016-11-09 Size: 83 kb Type: Knowledge Base Articles ID: TEC1673294
SiteMinder platform support matrix for all SiteMinder components
SiteMinder platform support matrix
Last Update: 2016-11-08 Size: 83 kb Type: Knowledge Base Articles ID: TEC487209
SMSESSION Cookie for Unprotected Realm
This article explains SMSESSION cookie issuing function.
Last Update: 2016-11-07 Size: 83 kb Type: Knowledge Base Articles ID: TEC1819257
Max Connections for Apache 'event' MPM model
Apache Web Server is configured as event MPM model. In this case, what is the max connections from Web Agent to Policy Server calculated w/ using MaxSocketsPerPort?
Last Update: 2016-11-02 Size: 83 kb Type: Knowledge Base Articles ID: TEC1553236
IgnoreHost :: DefaultAgentName
This explains the requirement of IgnoreHost ACO parameter.
Last Update: 2016-11-02 Size: 83 kb Type: Knowledge Base Articles ID: TEC511356
How to setup Facebook OAuth Federation Partnership
Facebook App integration Creating a Facebook developers account Creating a local, remote entities and the partnership using the client ID and secret provided by Facebook
Last Update: 2016-10-31 Size: 83 kb Type: Knowledge Base Articles ID: TEC1639764
Unable to run xpssecurity
xpssecurity is not recognized as an internal or external command, operable program or batch file.
Last Update: 2016-10-31 Size: 83 kb Type: Knowledge Base Articles ID: TEC1100582
Not enough temp space - installing Siteminder Administrative UI
CA Siteminder Administrative UI installer needs 31457228KB on the TEMP disk. There is only 1889272 KB on the TEMP disk. Cleanup the TEMP disk or move the files to any other location and relaunch the installer.
Last Update: 2016-10-26 Size: 83 kb Type: Knowledge Base Articles ID: TEC1952423
Is the ACO loaded from the smhost.conf or from the HCO ?
ACO loading process.
Last Update: 2016-10-25 Size: 83 kb Type: Knowledge Base Articles ID: TEC1678621
Configuring XPSSweeper to run on a Schedule
Automating XPSSweeper to run on a schedule.
Last Update: 2016-10-25 Size: 83 kb Type: Knowledge Base Articles ID: TEC1578712
Please note that you can always access the full list going to the following link:
CA Single Sign-On
Best Regards,
Ujwol Shrestha
Principal Support Engineer
CA Technologies