Unexpected AuthRejects and 'Failed to get Expiry Data' errors on Policy Server
search cancel

Unexpected AuthRejects and 'Failed to get Expiry Data' errors on Policy Server

book

Article ID: 189529

calendar_today

Updated On:

Products

CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER CA Single Sign-On

Issue/Introduction

We are seeing below errors and authentications are failing for all the clients:

smaccess.log

AuthReject dc1xxxxx026 [24/Apr/2020:18:17:24 -0400] "10.83.132.14 uid=0910685784_04341,appname=fie2,ou=sso,o=xxxxx.com" "fwsappagentprd01 GET /VGApp/pe/iSSO?SAML2IDPID=Aetxxxxxx" [] [50] 50 [] []

smps.log

Failed to get Expiry Data interface to enforce single use assertion policy

trace.log

[04/24/2020][14:15:47][8225][1150228224][155c393e-602763e4-8522820f-ad665c9b-23bb85e7-a4][FWSBase.java][authenticateUser][Passing response message through login call [CHECKPOINT = SSO_RESPONSEMESSAGEINLOGIN_REQ]]
[04/24/2020][14:15:47][8225][1150228224][155c393e-602763e4-8522820f-ad665c9b-23bb85e7-a4][FWSBase.java][authenticateUser][result code from AgentAPI login call: 2]
[04/24/2020][14:15:47][8225][1150228224][155c393e-602763e4-8522820f-ad665c9b-23bb85e7-a4][FWSBase.java][authenticateUser][Login failure [CHECKPOINT = SSO_LOGINFAILURE_RSP]]
[04/24/2020][14:15:47][8225][1150228224][155c393e-602763e4-8522820f-ad665c9b-23bb85e7-a4][FWSBase.java][processFailedAuthentication][SAML Assertion based user authentication failed.]

Environment

Release : 12.7

Component : SITEMINDER FEDERATION SECURITY SERVICES

Cause

Session Store was enabled on only one of two policy servers.  None of these errors occurred on the host with the session store enabled.

Resolution

Once the session store was enabled on second policy server, the problem was resolved.
Powered by Wolken Software