search cancel

Policy Server crashes when creating new Access Role and member is another Access Role

book

Article ID: 113624

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction



We are testing CA IDM 14.2 & CA SSO 12.8 integration and we found a problem that causes the Policy Server to crash when the following condition occurs:

- We create a new Access Role, user attribute based. It creates correctly, and we can see it from CA SSO AdminUI.
- We create a new One Access Role, and we include as Member, the Access Role previously created. Then, we get the error:
"ImsRuntimeException:MemberPolicy.postCreate"
And the Policy Server crashes, restarting automatically.

On server.log we see:
11:06:17,197 ERROR [ims.default] (Thread-35 (HornetQ-client-global-threads-829200539)) No tasks are being added to role 
11:23:44,343 ERROR [stderr] (Thread-38 (HornetQ-client-global-threads-829200539)) [facility=0 severity=3 reason=0 status=8 message=Tunnel Agent failure] 


On IDM logs we see:
11:22:47,403 ERROR [stderr] (Thread-70 (HornetQ-client-global-threads-1093751839)) [facility=0 severity=3 reason=0 status=8 message=Tunnel Agent failure] 
11:22:47,409 ERROR [ims.llsdk.policy.ridiculouslydetailed] (Thread-70 (HornetQ-client-global-threads-1093751839)) [facility=0 severity=3 reason=0 status=8 message=Tunnel Agent failure] 
11:22:47,419 ERROR [com.netegrity.ims.exception.EventExecuteStateException] (Thread-70 (HornetQ-client-global-threads-1093751839)) Exception: : [facility=4 severity=3 reason=0 status=6 message=Unrecognized command] 
11:22:47,475 ERROR [com.netegrity.ims.exception.EventExecuteStateException] (Thread-70 (HornetQ-client-global-threads-1093751839)) Execution of event: CreateAccessRoleEvent failed. Exception encountered: ImsRuntimeException:MemberPolicy.postCreate 
11:22:47,479 ERROR [com.netegrity.ims.businessprocess.IMSEventController] (Thread-70 (HornetQ-client-global-threads-1093751839)) Error during event execution [a1952b49-1cde4f41-a5a1564f-764a42e4] CreateAccessRoleEvent 


On smps.log we see:
[2940/1498][11:20:16][ImsCommandUtils.cpp:615][ERROR][sm-log-00000] SmImsCommand (findPSObject) Provider call failed 
Error Code was: -2147418010 
Error Message: Object Not Found 
[2940/1498][11:20:16][ImsCommandUtils.cpp:615][ERROR][sm-log-00000] SmImsCommand (findPSObject) Provider call failed 
Error Code was: -2147418010 
Error Message: Object Not Found 
[2940/3038][11:21:23][PolicyCache.cpp:1307][INFO][sm-Server-02880] Building policy cache ... 
[2940/3038][11:21:23][PolicyCache.cpp:1406][INFO][sm-Server-02890] Building policy cache done 
[2940/6617][11:23:07][ImsCommandUtils.cpp:615][ERROR][sm-log-00000] SmImsCommand (findPSObject) Provider call failed 
Error Code was: -2147418010 
Error Message: Object Not Found 
[2940/6617][11:23:07][ImsCommandUtils.cpp:615][ERROR][sm-log-00000] SmImsCommand (findPSObject) Provider call failed 
Error Code was: -2147418010 
Error Message: Object Not Found 


 

Environment

CA IDM R14.2
Policy Server R12.8 on Windows 2012 R2

Resolution

This issue is affecting R12.7 and R12.8, and will be fixed in the upcoming releases below:
12.7.03
12.8.02
You need to upgrade to the above versions to avoid that race condition to occur and solve the issue.