We have an application the makes an SSH call to the Siteminder policy server and the policy import on policy servers is successful, But it is failing to return the response to the app server from one of the policy server cluster.
Command used for SSH call:
ssh -o StrictHostKeyChecking=no -q [email protected] source /export/home/user/.profile;timeout 1800 XPSImport /opt/vgi/siteminder/tmp/spx_export_tes_abc_v0001_20211219_256_host.xml -npass;rm -f /opt/vgi/siteminder/tmp/spx_export_tes_abc_v0001_20211219_256_host.xml
We see the following error message if we use curl instead of SSH:
ERROR:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<title>502 Proxy Error</title>
<p>The proxy server received an invalid
response from an upstream server.<br />
The proxy server could not handle the request<p>Reason: <strong>Error reading from remote server</strong></p></p>
* Connection #0 to host satspx.vanguard.com left intact
* Closing connection #0
We do not have this issue with other policy servers on the same subnet.
Release : 12.8.05
Component : Siteminder Policy Server
Customer was using sshpass to issue the ssh command that executed the XPSImport. For some reason the ssh process was not realizing that the commands had completed successfully, and was essentially acting as though it was hung. This behavior could not be reproduced when running the same command from the same host interactively. If the ssh process was killed on either the application server or the remote policy server, the command would complete successfully. Thus this issue is confined to the way the customer is running the commands.
The XPSImport command was completing and exiting with success code every time. It was either the sshpass or ssh program on the Tomcat host that was getting hung. the problem could not be reproduced when running the same commands from the same Tomcat host interactively. Customer will work with the relevant vendors to address the issue.