search cancel

AssertionGenerate Events for the Failed Scenario

book

Article ID: 200282

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Federation (SiteMinder) SITEMINDER

Issue/Introduction

We recently had an outage in which assertion generation was failing due to the database from which we pull the assertion attributes being down.  We noticed that during the outage, we did not see any failed assertions in the smaccess.log.  How can we add such events to this log?

Environment

Release : 12.8

Component : SITEMINDER FEDERATION SECURITY SERVICES

Cause

The audit log (smaccess.log) shows the results of decisions and thus may not show the result of requests that ended in error.  This is because the error often ends the processing of the request and thus the expected decision is never made.  In this customer's instance, when the database could not be contacted to retrieve the assertion attributes, the policy server stopped processing the request at that point and thus no assertion generation event was written to the smaccess.log.

Resolution

Audit log will only contain decision results and will not reflect when a request ends in error. The smps.log will reflect error conditions on the policy server and affwebserv.log will show any federation requests that ended in error.
Powered by Wolken Software