Symantec Access Management

 View Only

Tech Tip : CA Single Sign-On : Custom Agent fails to validate SMSESSION

  • 1.  Tech Tip : CA Single Sign-On : Custom Agent fails to validate SMSESSION

    Broadcom Employee
    Posted Apr 05, 2019 04:50 AM

    Issue:

     

    We're running SDK Custom Agents and after the Agent Keys rollover the Policy Server,
    many Custom Agent fail to validate the SMSESSION cookies.

     

    They report error :

     

    17344 04/01/19 17:11:03 Start-Authentication-xxxxx:
    userName=Name Surname, userOsDomain=,
    userLdapDn=uid=xxxxx,ou=people,dc=myuserstore,dc=com

    17344 04/01/19 17:11:03 environment variable not enabled

    17344 04/01/19 17:11:05 Authentication-xxxxx: Failure. Error
    message is: Validation failed. Failed to decode token due to an API
    failure (SM_AGENTAPI_FAILURE)

     

    How can we solve this ? 

     

    Environment:

     

    SDK Agent 12

     

    Cause:

     

    There's an undocumented known issue where Policy Server could generate
    a null character in the key value and as such the Custom Agent cannot
    use the key correctly.

    Resolution:

     

    Compile the SDK Agent with SDK 12.52SP1CR01 or higher to have this fix.

    The workaround is to manually roll the Agent Keys with the AdminUI.

     

    KB : KB000130535