Unable to activate oauth Partnership reportDuplicateDID failed
search cancel

Unable to activate oauth Partnership reportDuplicateDID failed

book

Article ID: 237411

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

User currently is unable to activate one of Oauth Partnership Service after some modifications in 12.8sp2 admin ui.

And sees the below errors when trying to activate this particular oauth-partnership on WAMUI.

SMPS.log:
[32683/139841234790144][Mon Feb 14 2022 18:57:20][OAuthClientToAuthzServerPartSvc.cpp:1613][reportDuplicateDID][ERROR][sm-xobfed-01843] reportDuplicateDID failed!
[32683/139841234790144][Mon Feb 14 2022 18:57:20][OAuthClientToAuthzServerPartSvc.cpp:1475][setActivated][ERROR][sm-xobfed-00490] setActivated failed.
[32683/139841234790144][Mon Feb 14 2022 18:57:20][PartnershipService.cpp:2072][PartnershipService][ERROR][sm-xobfed-02330] PartnershipService failed.  Operation: 3

SMTraceDefault.log:

[02/14/2022][18:57:20.094][18:57:20][32683][139841249474304][CServer.cpp:6456][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][][][][Enter function CServer::Tunnel]
[02/14/2022][18:57:20.094][18:57:20][32683][139841249474304][CServer.cpp:6557][CServer::Tunnel][][][][][][][][][][][][][][][][][][::ffff:11.64.30.208][][][][Lib='smtunnelrpc', Func='DoWork', Params='', Server='', Device=''][][Resolved all the input parameters]
[02/14/2022][18:57:20.094][18:57:20][32683][139841249474304][CServer.cpp:6710][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][][][][Resolving tunnel Service function DoWork...]
[02/14/2022][18:57:20.094][18:57:20][32683][139841249474304][CServer.cpp:6740][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][][][][Start of tunnel call DoWork]
[02/14/2022][18:57:20.095][18:57:20][32683][139841249474304][CServer.cpp:6845][CServer::Tunnel][][][][][][][][][][][][][][][][6][][][][][][][][Return from tunnel call DoWork]
[02/14/2022][18:57:20.095][18:57:20][32683][139841249474304][CServer.cpp:6863][CServer::Tunnel][][][][][][][][][][][][][][][][106][][][][][][][][Leave function CServer::Tunnel]
[02/14/2022][18:57:20.095][18:57:20][32683][139841249474304][CServer.cpp:6372][CServer::ProcessRequest][][][][][][][][][][][][][][][][106][][][][][][][][Leave function CServer::ProcessRequest]
[02/14/2022][18:57:20.096][18:57:20][32683][139840846821120][CServer.cpp:1956][CAgentMessageHandler::HandleInput][][][][][][][][][][][][][][][][][][::ffff:10.0.0.1][48402][][][][][Enqueuing a Normal Priority Message, from IP ::ffff:11.64.30.208 with Port No 48402. Current count is 1]
[02/14/2022][18:57:20.096][18:57:20][32683][139841234790144][CServer.cpp:1514][ThreadPool::Run][][][][][][][][][][][][][][][][][][::ffff:10.0.0.1][48402][][][][][Dequeuing a Normal Priority message, from IP ::ffff:10.0.0.1 with Port No 48402. Current count is 0]
[02/14/2022][18:57:20.096][18:57:20][32683][139841234790144][CServer.cpp:6186][CServer::ProcessRequest][][][][][][][][][][][][][][][][][][][][][][][][Enter function CServer::ProcessRequest]
[02/14/2022][18:57:20.096][18:57:20][32683][139841234790144][CServer.cpp:6456][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][][][][Enter function CServer::Tunnel]
[02/14/2022][18:57:20.096][18:57:20][32683][139841234790144][CServer.cpp:6557][CServer::Tunnel][][][][][][][][][][][][][][][][][][::ffff:10.0.0.1][][][][Lib='XPSSvc', Func='XPSSvc_Services', Params='', Server='', Device=''][][Resolved all the input parameters]
[02/14/2022][18:57:20.096][18:57:20][32683][139841234790144][CServer.cpp:6710][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][][][][Resolving tunnel Service function XPSSvc_Services...]
[02/14/2022][18:57:20.096][18:57:20][32683][139841234790144][CServer.cpp:6740][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][][][][Start of tunnel call XPSSvc_Services]
[02/14/2022][18:57:20.102][18:57:20][32683][139841234790144][~H▒"D/^?][reportDuplicateDID][][][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR: reportDuplicateDID failed!]
[02/14/2022][18:57:20.102][18:57:20][32683][139841234790144][~H▒"D/^?][setActivated][][][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR: setActivated failed.]
[02/14/2022][18:57:20.102][18:57:20][32683][139841234790144][h▒"D/^?][PartnershipService][][][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR: PartnershipService failed.  Operation: 3]
[02/14/2022][18:57:20.102][18:57:20][32683][139841234790144][CServer.cpp:6845][CServer::Tunnel][][][][][][][][][][][][][][][][287][][][][][][][][Return from tunnel call XPSSvc_Services]
[02/14/2022][18:57:20.102][18:57:20][32683][139841234790144][CServer.cpp:6863][CServer::Tunnel][][][][][][][][][][][][][][][][387][][][][][][][][Leave function CServer::Tunnel]
[02/14/2022][18:57:20.102][18:57:20][32683][139841234790144][CServer.cpp:6372][CServer::ProcessRequest][][][][][][][][][][][][][][][][387][][][][][][][][Leave function CServer::ProcessRequest]
[02/14/2022][18:57:20.105][18:57:20][32683][139840846821120][CServer.cpp:1956][CAgentMessageHandler::HandleInput][][][][][][][][][][][][][][][][][][::ffff:11.64.30.208][48402][][][][][Enqueuing a Normal Priority Message, from IP ::ffff:11.64.30.208 with Port No 48402. Current count is 1]
[02/14/2022][18:57:20.105][18:57:20][32683][139841226397440][CServer.cpp:1514][ThreadPool::Run][][][][][][][][][][][][][][][][][][::ffff:10.0.0.1][48402][][][][][Dequeuing a Normal Priority message, from IP ::ffff:10.0.0.1 with Port No 48402. Current count is 0]
[02/14/2022][18:57:20.105][18:57:20][32683][139841226397440][CServer.cpp:6186][CServer::ProcessRequest][][][][][][][][][][][][][][][][][][][][][][][][Enter function CServer::ProcessRequest]
[02/14/2022][18:57:20.105][18:57:20][32683][139841226397440][CServer.cpp:6456][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][][][][Enter function CServer::Tunnel]
[02/14/2022][18:57:20.105][18:57:20][32683][139841226397440][CServer.cpp:6557][CServer::Tunnel][][][][][][][][][][][][][][][][][][::ffff:10.0.0.1][][][][Lib='smtunnelrpc', Func='DoWork', Params='', Server='', Device=''][][Resolved all the input parameters]
[02/14/2022][18:57:20.105][18:57:20][32683][139841226397440][CServer.cpp:6710][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][][][][Resolving tunnel Service function DoWork...]
[02/14/2022][18:57:20.105][18:57:20][32683][139841226397440][CServer.cpp:6740][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][][][][Start of tunnel call DoWork]
[02/14/2022][18:57:20.106][18:57:20][32683][139841226397440][CServer.cpp:6845][CServer::Tunnel][][][][][][][][][][][][][][][][2091][][][][][][][][Return from tunnel call DoWork]
[02/14/2022][18:57:20.106][18:57:20][32683][139841226397440][CServer.cpp:6863][CServer::Tunnel][][][][][][][][][][][][][][][][2191][][][][][][][][Leave function CServer::Tunnel]

This customer had several Oauth Partnerships, and the entity id has "Disambiguation ID" enabled, with unique value "xxxx".

This  "Disambiguation ID" already given to other partners in the url, so they would like to keep it that way.

Environment

Release : 12.8

Component : SITEMINDER WAM UI

Cause

The root cause is data store corruption.

Both of these objects are involved with same "Disambiguation ID" value from ldif store export data, however, only one of them shows up in XPSExplorer.
 
XID: CA.SM::[email protected]c705-11d7-93a2-f2d90ad10000
XID: CA.SM::[email protected]fd47-19d7-938b-b18a0b01f0d1

When update or activate Oauth Partnership, "Disambiguation ID" is always checked. Customer had deleted a few old/duplicated oauth-partnerships, and they are no long showing up in UI, but those linked objects had used the exact same  "Disambiguation ID" with value "xxxx".

While we can not see one of them from admin ui, or XPSExport data.

We can see those objects in raw ldif file from store.

Because "Disambiguation ID" has to be unique within s setup environment, the orphaned object (referencing the same "Disambiguation ID") left from old/duplicated oauth-partnerships must be removed from ldap store. Then this Oauth Partnership can be activated.

Resolution

It might be a good idea to remove "Disambiguation ID" first from admin ui entity, before deleting any partnership.

The corrupted object does not show up in XPSExplorer, but can be seen from ldif export. It prevents activating the partnership.

Record (blank to exit):CA.SM::[email protected]

ERROR: Not Found.

Before the change, please back up entire policy store first using both XPSExport with xml output and LDAP export with ldif output.

Debug Module and steps to recover is below:  DE528594.zip

This file contains libFedObjects.so, replace it under ~/siteminder/lib, and back up and move the original file to somewhere else.
1)XPSConfig

2)Xtrace

3)Enabled Fed:SVC

4) From admin UI, Try activating the partnership. Look for the blocking object printed. The trace message will look like 

                SM-SE DisambiguationID is already in use  !!!!!!! for blockingObject   <XID>

//With the new libFedObjects.so in place, if you do not see the message tag "SM-SE" in log, then you may need to restart policy server.

5) XPSExplorer

6) Find XID with the above blocking object

7) Delete that object

8) From admin UI Try activating the partnership. This should recreate the backed object and activation should be successful

9) Make sure no errors are seen in smtracedefault log like earlier. If the activation fails, try activate it again and check logs for any other blocking objects still exist. If there are, then you need to delete them as well.  After it is deleted, the partnership can be activated.

Additional Information

33025716 DE528594

Attachments

1647889455266__DE528594.zip get_app
Powered by Wolken Software