search cancel

Unexpected AuthRejects and 'Failed to get Expiry Data' errors on Policy Server

book

Article ID: 189529

calendar_today

Updated On:

Products

CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER CA Single Sign-On

Issue/Introduction

We are seeing below errors and authentications are failing for all the clients:

smaccess.log

AuthReject dc1xxxxx026 [24/Apr/2020:18:17:24 -0400] "10.83.132.14 uid=0910685784_04341,appname=fie2,ou=sso,o=xxxxx.com" "fwsappagentprd01 GET /VGApp/pe/iSSO?SAML2IDPID=Aetxxxxxx" [] [50] 50 [] []

smps.log

Failed to get Expiry Data interface to enforce single use assertion policy

trace.log

[04/24/2020][14:15:47][8225][1150228224][155c393e-602763e4-8522820f-ad665c9b-23bb85e7-a4][FWSBase.java][authenticateUser][Passing response message through login call [CHECKPOINT = SSO_RESPONSEMESSAGEINLOGIN_REQ]]
[04/24/2020][14:15:47][8225][1150228224][155c393e-602763e4-8522820f-ad665c9b-23bb85e7-a4][FWSBase.java][authenticateUser][result code from AgentAPI login call: 2]
[04/24/2020][14:15:47][8225][1150228224][155c393e-602763e4-8522820f-ad665c9b-23bb85e7-a4][FWSBase.java][authenticateUser][Login failure [CHECKPOINT = SSO_LOGINFAILURE_RSP]]
[04/24/2020][14:15:47][8225][1150228224][155c393e-602763e4-8522820f-ad665c9b-23bb85e7-a4][FWSBase.java][processFailedAuthentication][SAML Assertion based user authentication failed.]

Cause

Session Store was enabled on only one of two policy servers.  None of these errors occurred on the host with the session store enabled.

Environment

Release : 12.7

Component : SITEMINDER FEDERATION SECURITY SERVICES

Resolution

Once the session store was enabled on second policy server, the problem was resolved.