search cancel

Error: SMSESSION decode failed with API code -57 in ASA WebLogic

book

Article ID: 226330

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder)

Issue/Introduction

 

Login issues occur with some users in the Production environment. The error message with code -57 could be related and may be useful to explain the reason for this behavior.

Weblogic Application Server v10.3.6 which is configured with a TAI.

When any user logins to the application running on Weblogic, Siteminder ASA Agent authenticates and authorizes successfully this user, but sometimes the TAI verification fails with this error message:

  java.io.IOException: SM session decode failed with API code -57
   at com.axa.mx.siteminder.weblogic.auth.SMSessionValidate.process(SMSessionValidate.java:122)
   at com.axa.mx.siteminder.weblogic.auth.SiteminderLoginModule.login(SiteminderLoginModule.java:73)
   at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
   at java.security.AccessController.doPrivileged(Native Method)
   at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
   at sun.reflect.GeneratedMethodAccessor679.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:606)
   at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
   at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
   at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
   at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
   at java.security.AccessController.doPrivileged(Native Method)
   at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
   at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
   at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
   at sun.reflect.GeneratedMethodAccessor723.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:606)
   at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
   at com.sun.proxy.$Proxy16.login(Unknown Source)
   at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
   at com.bea.common.security.internal.service.IdentityAssertionCallbackServiceImpl.assertIdentity(IdentityAssertionCallbackServiceImpl.java:142)
   at sun.reflect.GeneratedMethodAccessor684.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:606)
   at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
   at com.sun.proxy.$Proxy17.assertIdentity(Unknown Source)
   at com.bea.common.security.internal.service.IdentityAssertionServiceImpl.assertIdentity(IdentityAssertionServiceImpl.java:83)
   at sun.reflect.GeneratedMethodAccessor681.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:606)
   at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
   at com.sun.proxy.$Proxy37.assertIdentity(Unknown Source)
   at weblogic.security.service.WLSIdentityAssertionServiceWrapper.assertIdentity(WLSIdentityAssertionServiceWrapper.java:59)
   at weblogic.security.service.PrincipalAuthenticator.assertIdentity(PrincipalAuthenticator.java:417)
   at weblogic.servlet.security.internal.CertSecurityModule.assertIdentity(CertSecurityModule.java:140)
   at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(CertSecurityModule.java:71)
   at weblogic.servlet.security.internal.SecurityModule.checkAccess(SecurityModule.java:122)

 

Resolution

 

  • Ensure that the Apache Web Server's time and time for all other components machines are in sync with NTP and resolved the issue.