Unable to determine user from SiteMinder token - Retrying with a newer version of the SMTOKEN

book

Article ID: 191745

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

We have a 3 node IDM (JBOSS) cluster. On one of the nodes we see the following warning in the server.log:

13:06:21,922 WARN  [ims.ui] (http-/0.0.0.0:8080-1)  orig    SMTOKEN : -SM-{RC2}hzNP3CQGIDW0ncXyvZcemCBIQkKXSJS73zYAHh1Q1nHeI7TsMD+nBf+lDZchb1TR6T/Kp3aLvmvWyZo58Brr0g==

13:06:21,922 WARN  [ims.ui] (http-/0.0.0.0:8080-1) Unable to determine user from SiteMinder token: No items found
13:06:21,922 WARN  [ims.ui] (http-/0.0.0.0:8080-1) Retrying with a newer version of the SMTOKEN.

We are not sure why would see this on one of the nodes and no the other two (all are set to WARN or higher).
We would like to us the newer version in the token.

Policy Server 12.8.  SPS 12.8 update 3.  IDM 14.3 , Jboss 6.4  

Environment

Release : 14.3

Component : IdentityMinder(Identity Manager)

Resolution

The message is informational only as the IDM code automatically removes the unreadable "-SM-" prefix.

You can try setting LegacyEncoding to YES in the ACO and restart the webagent and then test whether authorization to IDM works. If it works you can leave the YES setting. if not, change it back to NO and continue to allow the IDM code fix to modify the -SM-.