We're running a Policy Server as IDP in Federation scenario and when a
user logs in, then then Policy Server faces a problem to set the
session data into the Session Store. The Policy Server log reports
error :
[2616/1932][Tue Jan 07 2020
11:55:41][SmSSInLDAPStore.cpp:1173][ERROR][sm_LoginLogout_01001] Fail
to create object
cn=mzL4dsadPlzAHHKi1NYrSTIf0\+mht2Zy3bmz9AaLx7qs\=,smSessionId=hcdsad1UA4Ip/n5ddsbz79jLdGkM\=,o=mysessionstore. (32)
[2616/1932][Tue Jan 07 2020
11:55:41][SmSessionServer.cpp:785][ERROR][sm-Server-06007]
failed. Error code : 2
[2616/1932][Tue Jan 07 2020
11:55:41][IsAuthorized.cpp:68][ERROR][sm-Server-02740]
SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for :
UserNameIDFormat.SP.21-4b15aa6c-f399-4158-a830-8f965545b81a
We've found the following KD reporting similar issue, but the
parameter request to be set from this one don't solve the issue.
IWA + Federation Configuration Issues
https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=7614
How can we fix this ?
Policy Server 12.8SP3 on RedHat 7
Check if the realms a all persistents and decide if persistency is
needed or not. Having a mixture of persistent and non-persistent
realms can provoke this error. Remove also all SLO configuration that
are not is use.