Symantec Access Management

 View Only
  • 1.  IWA Federation Error

    Posted Sep 28, 2018 03:40 AM

    Hi All,

     

    We are getting the below error in the FWSTrace log for an application integrated using IWA federation. Please assist in what could be the issue:

     

    [09/28/2018][15:21:16][9140][1724][1549b1cf-a6758497-6d7038e3-811c04f5-14d2c476-083][ProcessResponses][SM_WAF_AG_PLUGIN->ProcessResponses returned SmNoAction.]
    [09/28/2018][15:21:16][9140][1724][1549b1cf-a6758497-6d7038e3-811c04f5-14d2c476-083][CSmCredentialManager::GatherAdvancedAuthCredentials][Calling SM_WAF_HTTP_PLUGIN->ProcessAdvancedAuthCredentials.]
    [09/28/2018][15:21:16][9140][1724][1549b1cf-a6758497-6d7038e3-811c04f5-14d2c476-083][SmNtc::getCredentialsWinNativeAuth][OpenThreadToken failed]
    [09/28/2018][15:21:16][9140][1724][1549b1cf-a6758497-6d7038e3-811c04f5-14d2c476-083][CSmCredentialManager::GatherAdvancedAuthCredentials][SM_WAF_HTTP_PLUGIN->ProcessAdvancedAuthCredentials returned SmFailure.]
    [09/28/2018][15:21:16][9140][1724][1549b1cf-a6758497-6d7038e3-811c04f5-14d2c476-083][ProcessAdvancedAuthentication][CredentialManager returned SmFailure, end new request.]
    [09/28/2018][15:21:16][9140][1724][][ReportHealthData][Accumulating HealthMonitorCtxt.]

     

    Regards,

    Aishwarya



  • 2.  Re: IWA Federation Error
    Best Answer

    Posted Sep 28, 2018 08:55 AM

    Aishwarya_Tri_ey

     

    Are you sure this is the FWSTrace.log. This seems to me like WebAgentTrace.log.

     

    Could you explain a bit more in details about the components (WA-WAOP or CA AG and IWA (w/WebAgent), their versions and the actual flow, so as to enable us to understand what use cases are we looking at.

     

    Also separate out IWA and federation. IWA Authentication must succeed even before touching federation. Is IWA Authentication happening successfully, If Yes - we look at federation, If No - we look at IWA.

     

    If we are debugging IWA, We would need the following from one attempt to login.

    1. WebAgentTrace.log 

    2. WebAgent.log

    3. Fiddler Traces OR HTTP Traces.

     

    If we are debugging IWA success and federation failure, We would need the following from one attempt to login.

    1. WebAgentTrace.log 

    2. WebAgent.log

    3. Fiddler Traces OR HTTP Traces.

    4. affwebserv.log

    5. FWSTrace.log.

     

     

    Regards

    Hubert