Error while searching for SAML federation remote entities

Article Id: 192753
Status: Published
Updated On: 11-06-2020 06:54
Products:
CA Single Sign On Secure Proxy Server (SiteMinder) , CA Single Sign On Agents (SiteMinder) , CA Single Sign On Federation (SiteMinder) , CA Single Sign On SOA Security Manager (SiteMinder) , SITEMINDER
Issue/Introduction:

 

We're running an AdminUI and when we look for SAML Federation remote entities,
the AdminUI reports error in the browser :

   Entity

   Error: An error occurred while loading
   of the entity list.

How can we fix that ?

 

Cause:

 

The export fails because it hits and un readable object :

When you try to export the Policy Store data, it fails, and the
XPSExport command reports :

XPSExport.log

  [10836/9904][Fri Jun 05 2020 16:33:29][Database.cpp:689][InitDB][INFO]
  [sm-xpsxps-00120] Initializing XPS Version 12.52.0102.766

  [10836/9904][Fri Jun 05 2020 16:33:38][EmitterR12.cpp:2191]
  [CEmitterR12::OutputObjectsV1][FATAL][sm-xpsxps-05100] Unable to read 
  attribute CA.FED::SPBase.AssConSvcsLink[0] of object 
  CA.FED::[email protected](mySP1)

And the XPSSweeper tool reports several data corruption in the Policy
Store :

XPSSweeper.log :

  [31044/19092][Fri Jun 05 2020 16:29:15][Validate.cpp:160]
  [ValidationIndexer::Process][WARN][sm-xpsxps-03220] 
  CA.SM::[email protected](myPolicy-1): 
  Duplicate value for CA.SM::Policy.Name="myPolicy-1": 
  CA.SM::[email protected](myPolicy-1),
  CA.SM::[email protected](myPolicy-1).

  [31044/19092][Fri Jun 05 2020 16:29:15][Validate.cpp:483]
  [IXPSObjectV1::ValidateClass][ERROR][CA-SM-Assert] 
  CA.FED::[email protected]
  Assert failed: pLink

  [31044/19092][Fri Jun 05 2020 16:29:15][Sweeper.cpp:158]
  [CXPSIO::CheckConsistency::SweeperValidationMonitor::Validated][ERROR]
  [sm-xpsxps-05750] Invalid Object: 
  CA.FED::[email protected]

  [31044/19092][Fri Jun 05 2020 16:29:15][Validate.cpp:483]
  [IXPSObjectV1::ValidateClass][ERROR][CA-SM-Assert] 
  CA.FED::[email protected](mySP1): 
  Assert failed: pLink

  [31044/19092][Fri Jun 05 2020 16:29:15][Sweeper.cpp:158]
  [CXPSIO::CheckConsistency::SweeperValidationMonitor::Validated][ERROR]
  [sm-xpsxps-05750] Invalid Object: 
  CA.FED::[email protected](mySP1).

  [31044/19092][Fri Jun 05 2020 16:29:15][Validate.cpp:483]
  [IXPSObjectV1::ValidateClass][ERROR][CA-SM-Assert] 
  CA.FED::[email protected](myPartnership-1): 
  Assert failed: pLink

  [31044/19092][Fri Jun 05 2020 16:29:16][Sweeper.cpp:158]
  [CXPSIO::CheckConsistency::SweeperValidationMonitor::Validated][ERROR]
  [sm-xpsxps-05750] Invalid Object: 
  CA.FED::[email protected](myPartnership-1).

  [31044/19092][Fri Jun 05 2020 16:29:16][Validate.cpp:483]
  [IXPSObjectV1::ValidateClass][ERROR][CA-SM-Assert] 
  CA.FED::[email protected](mySP1-application): 
  Assert failed: pLink

  [31044/19092][Fri Jun 05 2020 16:29:16][Sweeper.cpp:158]
  [CXPSIO::CheckConsistency::SweeperValidationMonitor::Validated][ERROR]
  [sm-xpsxps-05750] Invalid Object: 
  CA.FED::[email protected](mySP1-application).

Environment:

AdminUI all versions

Resolution:

 

Run XPSExplorer and fix the following objects :

  - CA.FED::[email protected](mySP1)
    misses so many parameters that the Policy Server cannot read it;

  - Policy Name duplicated "myPolicy-1" :
    CA.SM::[email protected](myPolicy-1)
    CA.SM::[email protected](myPolicy-1)

    Name should be uniques.

  - Object CA.FED::[email protected]
    misses a link attribute value;

  - Object CA.FED::[email protected](mySP1) 
    misses a link attribute value;

  - Object CA.FED::[email protected](myPartnership-1) 
    misses a link attribute value;

  - Object CA.FED::[email protected](mySP1-application)
    misses a link attribute value;