Invalid Session Token
search cancel

Invalid Session Token

book

Article ID: 107119

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

When Siteminder is trying to validate SMSESSION cookie we are seeing the below error and user is unable to get to application:

smtracedefault log:
###################
[07/17/2018][14:29:17.654][14:29:17][53658][140686988916480][Sm_Az_Message.cpp:828][CSm_Az_Message::FormatAttribute][s9/r2][agent.test][][][][Protected Resource][Production][][][][][][][][][][][][][Invalid session token][Send response attribute 158, data size is 21][][][][][]
[07/17/2018][14:29:17.654][14:29:17][53658][140686988916480][Sm_Az_Message.cpp:828][CSm_Az_Message::FormatAttribute][s9/r2][agent.test][][][][Protected Resource][Production][][][][][][][][][][][][][][Send response attribute 146, data size is 0][][][][][]
[07/17/2018][14:29:17.654][14:29:17][53658][140686988916480][Sm_Az_Message.cpp:828][CSm_Az_Message::FormatAttribute][s9/r2][agent.test][][][][Protected Resource][Production][][][][][][][][][][][][][][Send response attribute 147, data size is 0][][][][][]
[07/17/2018][14:29:17.654][14:29:17][53658][140686988916480][Sm_Az_Message.cpp:598][CSm_Az_Message::SendReply][s9/r2][agent.test][][][][Protected Resource][Production][][][][][][][][][][][][][][** Status: Not Authorized. Invalid session token][][][][][]

Environment

All SSO versions

Resolution

1) Please make sure session store instance is running and policy server is able to connect to it.
2) Session store should be enabled on all policy server intances
3) If the Session Stores are in replication, the replication must be in realtime. When the request is sent to another policy server and if the session data is not replicated then the user access would be denied.
4) It is also possible a proxy or a load balancer is sending cached SMSESSION cookie causing the session to be rejected as the session data would not found in the session store.
5) Ensure all policy servers are timely synchronized. If a session data was created by Policy Server at 1pm and one of the Policy Server's time is 3pm then the this other Policy Server may find the session data to be expired and delete them causing confusion. (Some NTP servers can cause the system time to intermittently go back and forth)

Powered by Wolken Software