ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

SAML federation via IWA Sessionstore problem


Article ID: 143417


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER



We're running a Policy Server as IDP in Federation scenario and when a
user logs in, then then Policy Server faces a problem to set the
session data into the Session Store. The Policy Server log reports
error :

  [2616/1932][Tue Jan 07 2020
  11:55:41][SmSSInLDAPStore.cpp:1173][ERROR][sm_LoginLogout_01001] Fail
  to create object
  cn=mzL4dsadPlzAHHKi1NYrSTIf0\+mht2Zy3bmz9AaLx7qs\=,smSessionId=hcdsad1UA4Ip/n5ddsbz79jLdGkM\=,o=mysessionstore. (32)

  [2616/1932][Tue Jan 07 2020
  failed. Error code : 2

  [2616/1932][Tue Jan 07 2020
  SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for :

We've found the following KD reporting similar issue, but the
parameter request to be set from this one don't solve the issue.

  IWA + Federation Configuration Issues

How can we fix this ?




Policy Server 12.8SP3 on RedHat 7




Check if the realms a all persistents and decide if persistency is
needed or not. Having a mixture of persistent and non-persistent
realms can provoke this error. Remove also all SLO configuration that
are not is use.