Custom Agent fails to validate SMSESSION

Article Id: 130535
Status: Published
Updated On: 05-04-2019 01:38
Products:
CA Single Sign On Secure Proxy Server (SiteMinder) , AXIOMATICS POLICY SERVER , CA Single Sign On SOA Security Manager (SiteMinder) , CA Single Sign-On , CA Single Sign-On
Issue/Introduction:

We're running SDK Custom Agents and after the Agent Keys rollover the Policy Server, 
many Custom Agent fail to validate the SMSESSION cookies. 

They report error : 

  17344 04/01/19 17:11:03 Start-Authentication-xxxxx: 
  userName=Name Surname, userOsDomain=, 
  userLdapDn=uid=xxxxx,ou=people,dc=myuserstore,dc=com 

  17344 04/01/19 17:11:03 environment variable not enabled 

  17344 04/01/19 17:11:05 Authentication-xxxxx: Failure. Error 
  message is: Validation failed. Failed to decode token due to an API 
  failure (SM_AGENTAPI_FAILURE) 

How can we solve this ?

Cause:

There's an undocumented known issue where Policy Server could generate
a null character in the key value and as such the Custom Agent cannot
use the key correctly.
 

Environment:

SDK Agent 12

Resolution:

Compile the SDK Agent with SDK 12.52SP1CR01 or higher to have this fix.

The workaround is to manually roll the Agent Keys with the AdminUI.