Issue:

We are facing issues while Federating via IWA from the IDP to an external SP

The issue occurs only with persistent sessions.

smps.log:

[2496/4800][Mon Sep 26 2016 11:12:56][IsAuthorized.cpp:70][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : UserNameIDValue.SP.21-7aac6f7f-ecab-4862-91ba-04632dbde4ed

[2496/4800][Mon Sep 26 2016 11:12:56][SmSessionServer.cpp:785][ERROR][sm-Server-06007] failed. Error code : 2

[2496/4800][Mon Sep 26 2016 11:12:56][IsAuthorized.cpp:70][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : UserNameIDFormat.SP.21-7aac6f7f-ecab-4862-91ba-04632dbde4ed

[2496/4800][Mon Sep 26 2016 11:12:56][SmSessionServer.cpp:785][ERROR][sm-Server-06007] failed. Error code : 2

[2496/4800][Mon Sep 26 2016 11:12:56][IsAuthorized.cpp:70][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : SessionIndex.SP.21-7aac6f7f-ecab-4862-91ba-04632dbde4ed

[2496/4800][Mon Sep 26 2016 11:12:56][SmSessionServer.cpp:785][ERROR][sm-Server-06007] failed. Error code : 2

[2496/4800][Mon Sep 26 2016 11:12:56][IsAuthorized.cpp:70][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : StateSLO.SP.21-7aac6f7f-ecab-4862-91ba-04632dbde4ed

[2496/4800][Mon Sep 26 2016 11:12:56][AssertionGenerator.java][ERROR][sm-FedServer-00130] postProcess() returns fatal error. Can not save the SLO information into session store.

Environment:

Policy server version is 12.52SP02CR01 SPS 12.52SP1

Cause:

You face this error because you've enable the "Windows User Security Context", and you're Web Server probably don't meet the requirements.

Resolution:

Turning off the option "Use Authenticated user's security context" in the AD User Directory definition resolves the issue

KD : TEC1405517