Unable to determine user from SiteMinder token - Retrying with a newer version of the SMTOKEN


Article ID: 191745


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite


We have a 3 node IDM (JBOSS) cluster. On one of the nodes we see the following warning in the server.log:

13:06:21,922 WARN  [ims.ui] (http-/  orig    SMTOKEN : -SM-{RC2}hzNP3CQGIDW0ncXyvZcemCBIQkKXSJS73zYAHh1Q1nHeI7TsMD+nBf+lDZchb1TR6T/Kp3aLvmvWyZo58Brr0g==

13:06:21,922 WARN  [ims.ui] (http-/ Unable to determine user from SiteMinder token: No items found
13:06:21,922 WARN  [ims.ui] (http-/ Retrying with a newer version of the SMTOKEN.

We are not sure why would see this on one of the nodes and no the other two (all are set to WARN or higher).
We would like to us the newer version in the token.

Policy Server 12.8.  SPS 12.8 update 3.  IDM 14.3 , Jboss 6.4  


Release : 14.3

Component : IdentityMinder(Identity Manager)


The message is informational only as the IDM code automatically removes the unreadable "-SM-" prefix.

You can try setting LegacyEncoding to YES in the ACO and restart the webagent and then test whether authorization to IDM works. If it works you can leave the YES setting. if not, change it back to NO and continue to allow the IDM code fix to modify the -SM-.