Error : Failed to retrieve expiry data interface in Policy Server
search cancel

Error : Failed to retrieve expiry data interface in Policy Server

book

Article ID: 232411

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

 

When running Policy Server as Services Provider, when user gets
authenticated on Azure Active Directory, then Policy Server fails to
handle the request.

Policy Server reports the following errors :

smtracedefault.log :

  [01/06/2022][18:32:44.155][18:32:44][20674][139691370202880][SmAuthSaml.cpp:683]
  [saveSLOInformation][][][][][][][][][][][][][][][][][][][][][Enter saveSLOInformation]

  [01/06/2022][18:32:44.155][18:32:44][20674][139691370202880][SmAuthSaml.cpp:689]
  [saveSLOInformation][][][][][][][][][][][][][][][][][][][][][SessionID DadsaaWEEWFsDsWe223s2=]

  [01/06/2022][18:32:44.155][18:32:44][20674][139691370202880][SmAuthSaml.cpp:693]
  [saveSLOInformation][][][][][][][][][][][][][][][][][][][][][SessionIndex _55c70b60-2658-4eab-ad0b-fcf26890c601]

  [01/06/2022][18:32:44.155][18:32:44][20674][139691370202880][Sm_Auth_Message.cpp:104]
  [g_ServerTrace][][][][][][][][][][][][][][][][][][][][Enter GetProviderId][
  GetProviderId: Enter GetProviderId]

  [01/06/2022][18:32:44.155][18:32:44][20674][139691370202880][SmAuthSaml.cpp:704]
  [saveSLOInformation][][][][][][][][][][][][][][][][][][][][]
  [Retrieved providerId https://sts.windows.net/dwskk2234e3-d00sd-ssd2323-ssw823/]

  [01/06/2022][18:32:44.155][18:32:44][20674][139691370202880][SmAuthSaml.cpp:764]
  [saveSLOInformation][][][][][][][][][][][][][][][][][][][][][Failed to retrieve expiry data interface]

  [01/06/2022][18:32:44.155][18:32:44][20674][139691370202880][SmAuthSaml.cpp:1857][]
  [][][][][][][][][][][][][][][][][][][][]
  [LogMessage:ERROR:[sm-log-00000] Failed to save SLO expiry table data]

 

Cause

 

At first glance, there might be a problem with the Session
Store. Session Store is a requirement for WS-Federation and SLO.

Partnership with Azure Active Directory has SLO configured :

  SLOServicePostURL=https://login.microsoftonline.com/dwskk2234e3-d00sd-ssd2323-ssw823/saml2,
  Name=myADFS,
  SLOServiceURL=https://login.microsoftonline.com/dwskk2234e3-d00sd-ssd2323-ssw823/saml2

From documentation, Session Store is required in Partnership to handle
SLO as Azure Directory integration needs WS-Federation (1) and
WS-Federation requires a Session Store when SLO feature is enable (2).

 

Resolution

 

Enable Session Store to solve the issue.

 

Additional Information

 

(1)

    Configure a WS-Federation Partnership with Microsoft Azure

      Configure a WS-Federation partnership with Microsoft Azure.

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/partnership-federation/single-sign-on-to-microsoft-azure.html

(2)

    Federation Features Requiring the Session Store

      Sign-out (WS-Federation)

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/partnership-federation/federation-features-requiring-the-session-store.html

 

Powered by Wolken Software