search cancel

Policy Store Replication is working but not reflected in WAM UI


Article ID: 195418


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER


Policy Store replication is working fine. Any objects created on PS1 is populated in the policy store and replicated to other policy stores.

But when I protect a resource in PS1 AdminUI, it is enforced in PS1 but is not on PS2.

Some created objects do not appear on the AdminUI.

Agents are not picking up the ACO changes or realm changes.


Time synchronization issue.

(In case of CA Directory, modify-on-add is missing in the configuraation)


Release : 12.8.03

Component : SITEMINDER - Policy Server


1) Make sure the policy servers are synced to a time server. In fact, all siteminder and 3rd party components involved must be in time sync.

2) Increase the Policy Server registry setting MaxTimeDeltaBetweenServers. On linux this is in the sm.registry file. It is difficult to make a recommendation because this is entirely dependent on the time sync and network latency which are outside of the control of siteminder, but maybe start with 30 seconds. You need to restart the policy server after making this change. This registry is just adding more tolerance but having time synchronized is more important.

See the links below for an explanation:


Also, for CA Directory, "set modify-on-add = true" in the directory configuration for both directories.