search cancel

Integrating Identity Manager with Symantec Siteminder (CA SSO) failed with agent imuser could not be found exception

book

Article ID: 199894

calendar_today

Updated On:

Products

CA Identity Manager SITEMINDER

Issue/Introduction

While integrating Identity Manager with Siteminder following steps in below documentation

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-2/configuring/ca-single-sign-on-integration/integrate-ca-single-sign-on-with-ca-identity-manager.html

at step 9. Restart Application Server (see above documentation), User Store and Provisioning Store are created automatically but not the Environment. IM won't start. We are getting the following exceptions

2020-09-21 13:58:04,597 INFO  [ims.Main] (MSC service thread 1-4) * Deploying Directory : UserStore
2020-09-21 13:58:26,838 INFO  [ims.Main] (MSC service thread 1-4) * Deploying Directory : ProvStore
2020-09-21 13:58:45,607 INFO  [ims.Main] (MSC service thread 1-4) * Deploying Environment : identityEnv
2020-09-21 13:58:45,940 ERROR [ims.tmt.EnvironmentService] (MSC service thread 1-4) Deploying environment environment.xml: com.netegrity.imsconfig.exception.ImsConfigException: The agent "imuser" could not be found on the SiteMinder policy server
 at com.netegrity.imsconfig.utils.PolicyServerObjects.getAgentOrAgentGroup(PolicyServerObjects.java:690) [imsconfig.jar:]
 at com.netegrity.imsconfig.model.environment.EnvironmentObjectModel.validateObjectImpl(EnvironmentObjectModel.java:896) [imsconfig.jar:]
 at com.netegrity.imsconfig.model.abstracts.ObjectModel.validateObject(ObjectModel.java:688) [imsconfig.jar:]
 at com.netegrity.imsconfig.model.ObjectModelManager.validateObjects(ObjectModelManager.java:518) [imsconfig.jar:]
 at com.netegrity.imsconfig.ImsConfig.config(ImsConfig.java:344) [imsconfig.jar:]
 at com.netegrity.ims.businessprocess.IMSEnvironmentServiceImpl.deploy(IMSEnvironmentServiceImpl.java:737) [ims.jar:]
 at com.netegrity.ims.businessprocess.IMSEnvironmentServiceImpl.deployEnvironment(IMSEnvironmentServiceImpl.java:320) [ims.jar:]
 at com.netegrity.ims.businessprocess.IMSEnvironmentServiceImpl.deployEnvironment(IMSEnvironmentServiceImpl.java:313) [ims.jar:]
 at com.netegrity.ims.businessprocess.IMSEnvironmentServiceImpl.checkDeployment(IMSEnvironmentServiceImpl.java:409) [ims.jar:]
 at com.netegrity.ims.manage.servlet.EnvDeployerServlet.init(EnvDeployerServlet.java:46) [idmmanage.jar:]
 at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
 at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:79)
 at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
 at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:220) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
 at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:125) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
 at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:509) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
 at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:88)
 at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.start(UndertowDeploymentService.java:72)
 at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
 at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [rt.jar:1.8.0_221]
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [rt.jar:1.8.0_221]
 at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_221]

2020-09-21 13:58:45,943 INFO  [ims.Main] (MSC service thread 1-4) * Importing Endpoint Role definition ActiveDirectory-RoleDef.xml on env : identityEnv
2020-09-21 13:58:46,137 INFO  [ims.Main] (MSC service thread 1-4) * Import of the Endpoint Role definition ActiveDirectory-RoleDef.xml on env : identityEnv is complete
2020-09-21 13:58:46,138 ERROR [ims.tmt.EnvironmentService] (MSC service thread 1-4) Checking deployment: java.lang.NullPointerException
 at com.netegrity.ims.businessprocess.IMSEnvironmentServiceImpl.startEnvironmentInternal(IMSEnvironmentServiceImpl.java:572) [ims.jar:]
 at com.netegrity.ims.businessprocess.IMSEnvironmentServiceImpl.startEnvironment(IMSEnvironmentServiceImpl.java:523) [ims.jar:]
 at com.netegrity.ims.businessprocess.IMSEnvironmentServiceImpl.checkDeployment(IMSEnvironmentServiceImpl.java:417) [ims.jar:]
 at com.netegrity.ims.manage.servlet.EnvDeployerServlet.init(EnvDeployerServlet.java:46) [idmmanage.jar:]
 at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
 at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:79)
 at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
 at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:220) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
 at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:125) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
 at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:509) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
 at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:88)
 at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.start(UndertowDeploymentService.java:72)
 at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
 at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [rt.jar:1.8.0_221]
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [rt.jar:1.8.0_221]
 at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_221]

Cause

This issue happens when Identity Manager is installed with OOTB IM Environment (Out-of-the-box IME). SampleEnvironment.properties file under <Application Server's deployment directory>\iam_im.ear\user_console.war\META-INF directory was not corrected before the Application Server restart.

Environment

Identity Manager 14.2
Siteminder 12.8

Resolution

Modify the following 2 parameter in SampleEnvironment.properties file under <Application Server's deployment directory>\iam_im.ear\user_console.war\META-INF directory to have correct values and the restart the Application Server again.

@IMEAgent : this parameter value should be the Web Proxy Server's SSO Web Agent name
@baseurl : this parameter value should be the Web Proxy Server's URL that redirector to IM 

e.g.

I have built my Web Proxy Server for this integration utilizing Symantec Access Gateway (SPS). The SSO Web Agent installed in this SPS machine is configured as sps_agent. In this SPS we also have configured redirection from http://<sps fqhn>/iam/im/identityEnv to http://<im fqhn>:8080/iam/im/identityEnv. So the above parameter settings are 

@IMEAgent=sps_agent
@baseurl=http://<sps fqhn>/iam/im

Additional Information

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-2/configuring/ca-single-sign-on-integration/integrate-ca-single-sign-on-with-ca-identity-manager.html