Symantec Access Management

 View Only

Policy Servers Sporadically not passing group response values.

  • 1.  Policy Servers Sporadically not passing group response values.

    Posted Dec 18, 2019 02:37 PM
    We created an Attribute Mapping for Group to be pass as one of the Assertion Attributes for our SSO.  Below is how it is set.

    filter(ENUMERATE(Get(SM_USERNESTEDGROUPS),STRING(RDN(STRING(%0),FALSE))),'cto_sdf*')+"^"+filter(ENUMERATE(Get(SM_USERNESTEDGROUPS),STRING(RDN(STRING(%0),FALSE))),'jk*')+"^"+filter(ENUMERATE(Get(SM_USERNESTEDGROUPS),STRING(RDN(STRING(%0),FALSE))),'CTO_SDF*')+"^"+filter(ENUMERATE(Get(SM_USERNESTEDGROUPS),STRING(RDN(STRING(%0),FALSE))),'JK*')+"^"+filter(ENUMERATE(Get(SM_USERNESTEDGROUPS),STRING(RDN(STRING(%0),FALSE))),'IBM*')+"^"+filter(ENUMERATE(Get(SM_USERNESTEDGROUPS),STRING(RDN(STRING(%0),FALSE))),'gh-pl-digital-rw*')+"^"+filter(ENUMERATE(Get(SM_USERNESTEDGROUPS),STRING(RDN(STRING(%0),FALSE))),'gh-cto-perfeng-pb*')+"^"+filter(ENUMERATE(Get(SM_USERNESTEDGROUPS),STRING(RDN(STRING(%0),FALSE))),'BPEL*')+"^"+filter(ENUMERATE(Get(SM_USERNESTEDGROUPS),STRING(RDN(STRING(%0),FALSE))),'*cto-paas*')+"^"+filter(ENUMERATE(Get(SM_USERNESTEDGROUPS),STRING(RDN(STRING(%0),FALSE))),'Jk*')

    Occasionally, multiple of our policy servers stop passing the values and we have to reboot and restart the policy server process.  Anyone, experience this issue before?

    Policy Servers are Windows 2016, 12.8 SP2.  We are pulling these groups in Active Directory.