Policy Server crashes when creating new Access Role and member is another Access Role
Article ID: 113624
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
We are testing CA IDM 14.2 & CA SSO 12.8 integration and we found a problem that causes the Policy Server to crash when the following condition occurs:
- We create a new Access Role, user attribute based. It creates correctly, and we can see it from CA SSO AdminUI.
- We create a new One Access Role, and we include as Member, the Access Role previously created. Then, we get the error:
"ImsRuntimeException:MemberPolicy.postCreate"
And the Policy Server crashes, restarting automatically.
On server.log we see:
11:06:17,197 ERROR [ims.default] (Thread-35 (HornetQ-client-global-threads-829200539)) No tasks are being added to role
11:23:44,343 ERROR [stderr] (Thread-38 (HornetQ-client-global-threads-829200539)) [facility=0 severity=3 reason=0 status=8 message=Tunnel Agent failure]
On IDM logs we see:
11:22:47,403 ERROR [stderr] (Thread-70 (HornetQ-client-global-threads-1093751839)) [facility=0 severity=3 reason=0 status=8 message=Tunnel Agent failure]
11:22:47,409 ERROR [ims.llsdk.policy.ridiculouslydetailed] (Thread-70 (HornetQ-client-global-threads-1093751839)) [facility=0 severity=3 reason=0 status=8 message=Tunnel Agent failure]
11:22:47,419 ERROR [com.netegrity.ims.exception.EventExecuteStateException] (Thread-70 (HornetQ-client-global-threads-1093751839)) Exception: : [facility=4 severity=3 reason=0 status=6 message=Unrecognized command]
11:22:47,475 ERROR [com.netegrity.ims.exception.EventExecuteStateException] (Thread-70 (HornetQ-client-global-threads-1093751839)) Execution of event: CreateAccessRoleEvent failed. Exception encountered: ImsRuntimeException:MemberPolicy.postCreate
11:22:47,479 ERROR [com.netegrity.ims.businessprocess.IMSEventController] (Thread-70 (HornetQ-client-global-threads-1093751839)) Error during event execution [a1952b49-1cde4f41-a5a1564f-764a42e4] CreateAccessRoleEvent
On smps.log we see:
[2940/1498][11:20:16][ImsCommandUtils.cpp:615][ERROR][sm-log-00000] SmImsCommand (findPSObject) Provider call failed
Error Code was: -2147418010
Error Message: Object Not Found
[2940/1498][11:20:16][ImsCommandUtils.cpp:615][ERROR][sm-log-00000] SmImsCommand (findPSObject) Provider call failed
Error Code was: -2147418010
Error Message: Object Not Found
[2940/3038][11:21:23][PolicyCache.cpp:1307][INFO][sm-Server-02880] Building policy cache ...
[2940/3038][11:21:23][PolicyCache.cpp:1406][INFO][sm-Server-02890] Building policy cache done
[2940/6617][11:23:07][ImsCommandUtils.cpp:615][ERROR][sm-log-00000] SmImsCommand (findPSObject) Provider call failed
Error Code was: -2147418010
Error Message: Object Not Found
[2940/6617][11:23:07][ImsCommandUtils.cpp:615][ERROR][sm-log-00000] SmImsCommand (findPSObject) Provider call failed
Error Code was: -2147418010
Error Message: Object Not Found
Environment
CA IDM R14.2
Policy Server R12.8 on Windows 2012 R2
Policy Server R12.8 on Windows 2012 R2
Resolution
This issue is affecting R12.7 and R12.8, and will be fixed in the upcoming releases below:
12.7.03
12.8.02
You need to upgrade to the above versions to avoid that race condition to occur and solve the issue.
12.7.03
12.8.02
You need to upgrade to the above versions to avoid that race condition to occur and solve the issue.
Feedback
Yes
No
Powered by
