Unable to modify Application in Siteminder Admin UI, with error Failed to execute ModifyApplicationEvent of Duplicate value for CA.SM::Policy
search cancel

Unable to modify Application in Siteminder Admin UI, with error Failed to execute ModifyApplicationEvent of Duplicate value for CA.SM::Policy

book

Article ID: 225127

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign-On

Issue/Introduction

Admin user can not Modify an Application (NOT Domains->Domain) in siteminder admin UI.

After initially creating the application, user gets the following error message when modifying the application policy and clicking on "submit:"

Failed to execute ModifyApplicationEvent. ERROR MESSAGE: SmApiWrappedException:CA.SM::Policy@######(Authorized Users): Duplicate value for CA.SM::Policy.Name="Authorized Users": CA.SM::Policy@######(Authorized Users),CA.SM::Policy@######(Authorized Users).

User role can not be linked to application policy.

Environment

Release : 12.8.05

Component : SITEMINDER WAM UI

Cause

This is a defect with 12.8sp4 and 12.8sp5 admin ui.

During application creation, if user submits everything as a whole with ONE submission, the application will be created correctly, and the role is linked to policy.

However, if user submits application, policy and role by stages with multiple submission, this is where error occurs.

The role can not be linked to the policy, the application object is corrupted.

There could be ways to manually link the role to the specific policy via XPSExplorer, but it is not desired.

 

Resolution

This issue is partially fixed on 12.8 SP06.

12.8 SP06 Release note:
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/release-notes/service-packs/defects-fixed-in-12-8-06.html

R12.8 SP06 [#2649] download
https://support.broadcom.com/download-center/solution-detail.html?aparNo=99111236&os=MULTI-PLATFORM

If a Role is deleted recently, while creating new Role, please give a different Role name, instead of giving the same old Role name again.

Otherwise this could potentially result in "Duplicate value" error in admin UI too.  Fix won't be available until 12.8 SP07.

If one prefers to delete and create role with the same name:

1) Lets say, there is an Application = App1, it contains, App1Role1, App1Role2.

2) Before deleting, the above roles, just check in Policy tab, if these roles are mapped or not. If mapped, just uncheck them in the Policy Tab screen, as below.

3) Then go to the Roles Tab, delete them. Now you can create the same Role later. 

Additional Information

This issue appears to be same issue mentioned in this link:

https://community.broadcom.com/enterprisesoftware/communities/community-home/digestviewer/viewthread?GroupId=2197&MessageKey=629bd3c2-bd3d-4c36-a007-f934b760bea7&CommunityKey=f9d65308-ca9b-48b7-915c-7e9cb8fc3295&tab=digestviewer

Powered by Wolken Software