Symantec Access Management

Hi,

I'm working with a custom to migrate their SharePoint agent from a SiteMinder 12.0 environment to a newly deployed SiteMinder r12.8 enviornment. 

The SharePoint agent is of version 12.52. 

All the policy store objects(agent, ACO, Legacy Federation objects, etc...) were export/imported into the 12.8 environment. 

We also retrieved the Private Key and cert pair that were used in the 12.0 environment from the SharePoint admin and uploaded into the 12.8 environment via the AdminUI. 

We then executed smreghost to reregister the SharePoint agent to the 12.8 environment. After restarting the agent we see that the agent is communication with the new policy servers. 

Upon testing login, we are getting custom login page via the protected redirect.jsp and after entering creds, we are getting a 500 page. 

From the WebAgentTrace logs, we see the following: 
- Calling authorizeEx to invoke WSFED assertion generator. 
- Result of authorizEx call is: 2
- Transaction with ID: xxxxxxxxxxxxxx failed. Reason WSFED_SSO_FAILED_AUTHEX
- Ending WSFED Single SIgn-On Service request processing with HTTP error 500. 

Questions: 
1) Are there any additional steps that are needed to repoint the SharePoint agent to the new 12.8 environment? In the documentation, i see there is a SharePoint connection Wizard, but I don't believe its necessary since the Federation objects are already imported. 

2) Any knowledge on what the WSFED_SSO_FAILED_AUTHEX error means? Or possible solutions to resolve? 

Thanks for any info that can be provided. 

Regards, 

Michael Pass

Michael,
WSFED_SSO_FAILED_AUTHEX  generally means ===>>>The user failed to the authorized by the Policy Server.

You'll need Policy Sever log and trace and FWSTrace. Do you see the user getting authenticated in the Policy Server trace? Probably is. Please review the policy for the SP user at the IDP side, also make sure the user is included in the user directory the policy attaches to.

Thanks, Vijay
Original Message:
Sent: 11-13-2019 06:48 PM
From: Michael Pass
Subject: SharePoint Agent Migration

Hi,

I'm working with a custom to migrate their SharePoint agent from a SiteMinder 12.0 environment to a newly deployed SiteMinder r12.8 enviornment.

The SharePoint agent is of version 12.52.

All the policy store objects(agent, ACO, Legacy Federation objects, etc...) were export/imported into the 12.8 environment.

We also retrieved the Private Key and cert pair that were used in the 12.0 environment from the SharePoint admin and uploaded into the 12.8 environment via the AdminUI.

We then executed smreghost to reregister the SharePoint agent to the 12.8 environment. After restarting the agent we see that the agent is communication with the new policy servers.

Upon testing login, we are getting custom login page via the protected redirect.jsp and after entering creds, we are getting a 500 page.

From the WebAgentTrace logs, we see the following:
- Calling authorizeEx to invoke WSFED assertion generator. 
- Result of authorizEx call is: 2
- Transaction with ID: xxxxxxxxxxxxxx failed. Reason WSFED_SSO_FAILED_AUTHEX
- Ending WSFED Single SIgn-On Service request processing with HTTP error 500. 

Questions:
1) Are there any additional steps that are needed to repoint the SharePoint agent to the new 12.8 environment? In the documentation, i see there is a SharePoint connection Wizard, but I don't believe its necessary since the Federation objects are already imported.

2) Any knowledge on what the WSFED_SSO_FAILED_AUTHEX error means? Or possible solutions to resolve?

Thanks for any info that can be provided.

Regards,

Michael Pass