Error while searching for SAML federation remote entities

book

Article ID: 192753

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're running an AdminUI and when we look for SAML Federation remote entities,
the AdminUI reports error in the browser :

   Entity

   Error: An error occurred while loading
   of the entity list.

How can we fix that ?

 

Cause

 

The export fails because it hits and un readable object :

When you try to export the Policy Store data, it fails, and the
XPSExport command reports :

XPSExport.log

  [10836/9904][Fri Jun 05 2020 16:33:29][Database.cpp:689][InitDB][INFO]
  [sm-xpsxps-00120] Initializing XPS Version 12.52.0102.766

  [10836/9904][Fri Jun 05 2020 16:33:38][EmitterR12.cpp:2191]
  [CEmitterR12::OutputObjectsV1][FATAL][sm-xpsxps-05100] Unable to read 
  attribute CA.FED::SPBase.AssConSvcsLink[0] of object 
  CA.FED::[email protected](mySP1)

And the XPSSweeper tool reports several data corruption in the Policy
Store :

XPSSweeper.log :

  [31044/19092][Fri Jun 05 2020 16:29:15][Validate.cpp:160]
  [ValidationIndexer::Process][WARN][sm-xpsxps-03220] 
  CA.SM::[email protected](myPolicy-1): 
  Duplicate value for CA.SM::Policy.Name="myPolicy-1": 
  CA.SM::[email protected](myPolicy-1),
  CA.SM::[email protected](myPolicy-1).

  [31044/19092][Fri Jun 05 2020 16:29:15][Validate.cpp:483]
  [IXPSObjectV1::ValidateClass][ERROR][CA-SM-Assert] 
  CA.FED::[email protected]ed44s-a221-414e-819e-83d599c7019f: 
  Assert failed: pLink

  [31044/19092][Fri Jun 05 2020 16:29:15][Sweeper.cpp:158]
  [CXPSIO::CheckConsistency::SweeperValidationMonitor::Validated][ERROR]
  [sm-xpsxps-05750] Invalid Object: 
  CA.FED::[email protected]

  [31044/19092][Fri Jun 05 2020 16:29:15][Validate.cpp:483]
  [IXPSObjectV1::ValidateClass][ERROR][CA-SM-Assert] 
  CA.FED::[email protected](mySP1): 
  Assert failed: pLink

  [31044/19092][Fri Jun 05 2020 16:29:15][Sweeper.cpp:158]
  [CXPSIO::CheckConsistency::SweeperValidationMonitor::Validated][ERROR]
  [sm-xpsxps-05750] Invalid Object: 
  CA.FED::[email protected](mySP1).

  [31044/19092][Fri Jun 05 2020 16:29:15][Validate.cpp:483]
  [IXPSObjectV1::ValidateClass][ERROR][CA-SM-Assert] 
  CA.FED::[email protected](myPartnership-1): 
  Assert failed: pLink

  [31044/19092][Fri Jun 05 2020 16:29:16][Sweeper.cpp:158]
  [CXPSIO::CheckConsistency::SweeperValidationMonitor::Validated][ERROR]
  [sm-xpsxps-05750] Invalid Object: 
  CA.FED::[email protected](myPartnership-1).

  [31044/19092][Fri Jun 05 2020 16:29:16][Validate.cpp:483]
  [IXPSObjectV1::ValidateClass][ERROR][CA-SM-Assert] 
  CA.FED::[email protected](mySP1-application): 
  Assert failed: pLink

  [31044/19092][Fri Jun 05 2020 16:29:16][Sweeper.cpp:158]
  [CXPSIO::CheckConsistency::SweeperValidationMonitor::Validated][ERROR]
  [sm-xpsxps-05750] Invalid Object: 
  CA.FED::[email protected](mySP1-application).

Environment

AdminUI all versions

Resolution

 

Run XPSExplorer and fix the following objects :

  - CA.FED::[email protected](mySP1)
    misses so many parameters that the Policy Server cannot read it;

  - Policy Name duplicated "myPolicy-1" :
    CA.SM::[email protected](myPolicy-1)
    CA.SM::[email protected](myPolicy-1)

    Name should be uniques.

  - Object CA.FED::[email protected]
    misses a link attribute value;

  - Object CA.FED::[email protected](mySP1) 
    misses a link attribute value;

  - Object CA.FED::[email protected](myPartnership-1) 
    misses a link attribute value;

  - Object CA.FED::[email protected](mySP1-application)
    misses a link attribute value;