Issue:
We are facing issues while Federating via IWA from the IDP to an external SP
The issue occurs only with persistent sessions.
smps.log:
[2496/4800][Mon Sep 26 2016 11:12:56][IsAuthorized.cpp:70][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : UserNameIDValue.SP.21-7aac6f7f-ecab-4862-91ba-04632dbde4ed
[2496/4800][Mon Sep 26 2016 11:12:56][SmSessionServer.cpp:785][ERROR][sm-Server-06007] failed. Error code : 2
[2496/4800][Mon Sep 26 2016 11:12:56][IsAuthorized.cpp:70][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : UserNameIDFormat.SP.21-7aac6f7f-ecab-4862-91ba-04632dbde4ed
[2496/4800][Mon Sep 26 2016 11:12:56][SmSessionServer.cpp:785][ERROR][sm-Server-06007] failed. Error code : 2
[2496/4800][Mon Sep 26 2016 11:12:56][IsAuthorized.cpp:70][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : SessionIndex.SP.21-7aac6f7f-ecab-4862-91ba-04632dbde4ed
[2496/4800][Mon Sep 26 2016 11:12:56][SmSessionServer.cpp:785][ERROR][sm-Server-06007] failed. Error code : 2
[2496/4800][Mon Sep 26 2016 11:12:56][IsAuthorized.cpp:70][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : StateSLO.SP.21-7aac6f7f-ecab-4862-91ba-04632dbde4ed
[2496/4800][Mon Sep 26 2016 11:12:56][AssertionGenerator.java][ERROR][sm-FedServer-00130] postProcess() returns fatal error. Can not save the SLO information into session store.
Environment:
Policy server version is 12.52SP02CR01 SPS 12.52SP1
Cause:
You face this error because you've enable the "Windows User Security Context", and you're Web Server probably don't meet the requirements.
Resolution:
Turning off the option "Use Authenticated user's security context" in the AD User Directory definition resolves the issue
KD : TEC1405517