search cancel

Error: Failed to decode token due to an failure in SDK Agent

book

Article ID: 130535

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER CA Single Sign On Agents (SiteMinder)

Issue/Introduction

 

When running SDK Custom Agents and after the Agent Keys rollover the Policy Server, many Custom Agents fail to validate the SMSESSION cookies. 

They report error: 

  17344 04/01/19 17:11:03 Start-Authentication-xxxxx: userName=Name Surname, userOsDomain=, userLdapDn=uid=xxxxx,ou=people,dc=myuserstore,dc=com 
  17344 04/01/19 17:11:03 environment variable not enabled 
  17344 04/01/19 17:11:05 Authentication-xxxxx: Failure. Error message is: Validation failed. Failed to decode token due to an failure (SM_AGENTAPI_FAILURE)
 

Cause

 

There's an undocumented known issue where Policy Server could generate a null character in the key value and as such the Custom Agent cannot use the key correctly.

 

Environment

 

SDK Agent 12

 

Resolution

 

Compile the SDK Agent with SDK 12.52SP1CR01 or higher to have this fix. The workaround is to manually roll the Agent Keys with the AdminUI.