Symantec Access Management

Expand all | Collapse all

Federation Partnership changes breaking WAMUI

  • 1.  Federation Partnership changes breaking WAMUI

    Posted 05-11-2018 06:22 PM

    Hi all,

     

    We lately started facing a peculiar issue where every time we make a change or try to create a new federation partnership, the Admin UI crashes with a error

    "Error: Error happened when modifying new partnership ******"  

    "Error saving partnership".

     

    And you would right then realize that all other partnerships/policy objects, are no longer visible on the UI.

    Thinking this might be a one off , if you try to logout and  re-login, we see a:

    "Error :Unable to establish administration context. ".

     

    The only way for us get it back to normal functionality was to clean everything and re-register the Admin UI

     

    But while all this is happening, only the UI which was used to make the changes crashes and our Secondary UI in the same environment on a different policy server still looks and works good. The changes that were done on the UI that broke would still be reflected somehow and the federation would work upon activation.

    This has changed pretty recently though, we are not able to make anymore changes or additions to our federation partnerships now. Every attempt results in immediate WAMUI breakage with a error message "Error saving partnership

     

    Did anyone of you face this at anytime.? Our current version of CA SSO is 12.52.0105.2112

     

    Is there another way for us to make changes to the federation partnerships except for using the Admin UI.? I doubt the XPS Tools will be able to get me too far at making changes to federation partnerships.

     

    Below is what we see in the Admin UI logs: 

     

    2018-05-04 14:05:15,628 ERROR [com.ca.federation.adminui.listener.FedUiSessionListener] (http-******101.******.com%2F10.129.2.99-8443-11) [FedPersistenceHandler] Error creating FedUiPersistenceHandler:

    com.ca.fedxps.api.remote.FedXPSException: com.ca.federation.client.XPSException: Tunnel Agent failed : : :
    at com.ca.fedxps.api.remote.FedXPSObjectStore.search(FedXPSObjectStore.java:591)
    at com.ca.fedxps.api.remote.FedXPSObjectStore.search(FedXPSObjectStore.java:507)
    at com.ca.fedxps.api.remote.FedXPSObjectStore.initialize(FedXPSObjectStore.java:131)
    at com.ca.federation.adminui.common.FedUiPersistenceHandler.init(FedUiPersistenceHandler.java:159)
    at com.ca.federation.adminui.common.FedUiPersistenceHandler.reset(FedUiPersistenceHandler.java:200)
    at com.ca.federation.adminui.backingbean.federation.AbstractListBean.getSortSearchList(AbstractListBean.java:200)
    at sun.reflect.GeneratedMethodAccessor361.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.myfaces.el.PropertyResolverImpl.getProperty(PropertyResolverImpl.java:457)
    at org.apache.myfaces.el.PropertyResolverImpl.getValue(PropertyResolverImpl.java:85)
    at org.apache.myfaces.el.ELParserHelper$MyPropertySuffix.evaluate(ELParserHelper.java:535)
    at org.apache.commons.el.ComplexValue.evaluate(ComplexValue.java:145)
    at org.apache.commons.el.BinaryOperatorExpression.evaluate(BinaryOperatorExpression.java:154)
    at org.apache.myfaces.el.ValueBindingImpl.getValue(ValueBindingImpl.java:386)
    at javax.faces.component.UIComponentBase.isRendered(UIComponentBase.java:1078)
    at javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:511)
    at org.apache.myfaces.shared_impl.renderkit.RendererUtils.renderChild(RendererUtils.java:412)
    at org.apache.myfaces.shared_impl.renderkit.html.HtmlGridRendererBase.renderChildren(HtmlGridRendererBase.java:229)
    at org.apache.myfaces.shared_impl.renderkit.html.HtmlGridRendererBase.encodeEnd(HtmlGridRendererBase.java:101)
    at javax.faces.component.UIComponentBase.encodeEnd(UIComponentBase.java:539)
    at javax.faces.webapp.UIComponentTag.encodeEnd(UIComponentTag.java:498)
    at javax.faces.webapp.UIComponentTag.doEndTag(UIComponentTag.java:366)
    at org.apache.myfaces.shared_impl.taglib.UIComponentBodyTagBase.doEndTag(UIComponentBodyTagBase.java:57)
    at org.apache.jsp.app.webadmin.federation.viewpartnershiplist_005finc_jsp._jspx_meth_h_005fpanelGrid_005f0(viewpartnershiplist_005finc_jsp.java:234)
    at org.apache.jsp.app.webadmin.federation.viewpartnershiplist_005finc_jsp._jspService(viewpartnershiplist_005finc_jsp.java:150)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:369)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:322)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:249)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:638)
    at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:543)
    at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:480)
    at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:968)
    at org.apache.jsp.app.webadmin.federation.viewpartnershiplist_005fint_jsp._jspService(viewpartnershiplist_005fint_jsp.java:110)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:369)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:322)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:249)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:638)
    at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:543)
    at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:480)
    at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:968)
    at org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:611)
    at com.netegrity.webapp.page.AbstractPage.includePageFragment(AbstractPage.java:302)
    at com.netegrity.webapp.page.AbstractPage.display(AbstractPage.java:161)
    at com.netegrity.webapp.page.NestingWrapper.display(NestingWrapper.java:180)
    at com.ca.siteminder.framework.faces.FacesTabController.display(FacesTabController.java:99)
    at com.netegrity.webapp.page.NestingWrapper.display(NestingWrapper.java:180)
    at idm_jsp.app.page.task_005fbody_jsp._jspService(Unknown Source)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:638)
    at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:543)
    at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:480)
    at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:968)
    at org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:611)
    at com.netegrity.webapp.page.jsf.ViewHandler.renderView(ViewHandler.java:141)
    at org.apache.myfaces.lifecycle.RenderResponseExecutor.execute(RenderResponseExecutor.java:41)
    at org.apache.myfaces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:132)
    at com.netegrity.webapp.page.jsf.JSFParentPage.display(JSFParentPage.java:151)
    at com.netegrity.webapp.page.TaskController.display(TaskController.java:467)
    at com.netegrity.taglib.skin.TagUtilLocal.displayTaskBody(TagUtilLocal.java:993)
    at com.netegrity.taglib.skin.TaskBodyTag.doStartTag(TaskBodyTag.java:49)
    at idm_jsp.app.ui7.index_jsp._jspx_meth_skin_taskbody_1(Unknown Source)
    at idm_jsp.app.ui7.index_jsp._jspx_meth_skin_ifprotected_3(Unknown Source)
    at idm_jsp.app.ui7.index_jsp._jspx_meth_skin_iftaskpage_2(Unknown Source)
    at idm_jsp.app.ui7.index_jsp._jspService(Unknown Source)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:638)
    at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:444)
    at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:382)
    at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:310)
    at com.netegrity.webapp.filter.ConsolePageFilter.doFilter(ConsolePageFilter.java:531)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at com.netegrity.webapp.page.jsf.FacesFilter.doFilter2(FacesFilter.java:180)
    at com.netegrity.webapp.page.jsf.FacesFilter.doFilter(FacesFilter.java:151)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:147)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at com.netegrity.webapp.authentication.FrameworkLoginFilter.doFilter(FrameworkLoginFilter.java:322)
    at com.ca.siteminder.webadmin.configuration.ui.servlet.SiteMinderLoginFilter.doFilter(SiteMinderLoginFilter.java:457)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at com.netegrity.webapp.filter.LocaleFilter.doFilter(LocaleFilter.java:100)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at com.netegrity.webapp.filter.SessionFilter.doFilter(SessionFilter.java:103)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
    at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
    at java.lang.Thread.run(Thread.java:662)
    Caused by: com.ca.federation.client.XPSException: Tunnel Agent failed : : :
    at com.ca.federation.client.Connection.execute(Connection.java:357)
    at com.ca.federation.client.Connection.execute(Connection.java:167)
    at com.ca.federation.client.XPSHandle.search(XPSHandle.java:756)
    at com.ca.fedxps.api.remote.FedXPSObjectStore.search(FedXPSObjectStore.java:554)
    ... 121 more
    2018-05-04 14:05:15,639 ERROR [com.ca.federation.adminui.backingbean.federation.AbstractListBean] (http-******101.XXXXXXXX.com%2F10.129.2.99-8443-11) **ERROR** FedXPSException trying to load list of entities: com.ca.federation.client.XPSException: Tunnel Agent failed : : :
    com.ca.fedxps.api.remote.FedXPSException: com.ca.federation.client.XPSException: Tunnel Agent failed : : :

     

     

     

    Thanks in Advance,

    Kamal T   

     

    #federation #cafederationmanager #samlfederation



  • 2.  Re: Federation Partnership changes breaking WAMUI

    Posted 05-14-2018 07:02 AM

    Kamal,  We will need to understand some background and how you came to this point. Was there an y upgrade? when did you start having this problem and what was the change that happened before this started, assuming this was a working system? We also need to understand how the overall configuration is, any policy store replicas?

     

    It's likely some sort of policy store corruption, but this can be only revealed by running  XPSSweeper with verbose trace,.

    best, Vijay