SAML federation via IWA Sessionstore problem


Article ID: 143417


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER



We're running a Policy Server as IDP in Federation scenario and when a
user logs in, then then Policy Server faces a problem to set the
session data into the Session Store. The Policy Server log reports
error :

  [2616/1932][Tue Jan 07 2020
  11:55:41][SmSSInLDAPStore.cpp:1173][ERROR][sm_LoginLogout_01001] Fail
  to create object
  cn=mzL4dsadPlzAHHKi1NYrSTIf0\+mht2Zy3bmz9AaLx7qs\=,smSessionId=hcdsad1UA4Ip/n5ddsbz79jLdGkM\=,o=mysessionstore. (32)

  [2616/1932][Tue Jan 07 2020
  failed. Error code : 2

  [2616/1932][Tue Jan 07 2020
  SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for :

We've found the following KD reporting similar issue, but the
parameter request to be set from this one don't solve the issue.

  IWA + Federation Configuration Issues

How can we fix this ?




Policy Server 12.8SP3 on RedHat 7




Check if the realms a all persistents and decide if persistency is
needed or not. Having a mixture of persistent and non-persistent
realms can provoke this error. Remove also all SLO configuration that
are not is use.