Not able to create and edit VIP authentication hub provider or authhub authentication scheme from admin ui: Connection timed out
search cancel

Not able to create and edit VIP authentication hub provider or authhub authentication scheme from admin ui: Connection timed out

book

Article ID: 252310

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

SiteMinder admin ui hangs when viewing VIP Authentication scheme on siteminder admin ui.

In some cases, customer can not view or delete VIP authentication hub provider.

Administrator has taken care of policy/objects from authentication hub side configuration.

Once UI is in that state, it is very hard to recover from it, may have to recycle admin ui service. 

SiteMinder admin ui Server.log:

YYYY-mm-dd hh:mm:ss,742 ERROR [stderr] (default task-44) java.net.ConnectException: Connection timed out (Connection timed out)
YYYY-mm-dd hh:mm:ss,743 ERROR [stderr] (default task-44)     at java.net.PlainSocketImpl.socketConnect(Native Method)
YYYY-mm-dd hh:mm:ss,743 ERROR [stderr] (default task-44)     at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
YYYY-mm-dd hh:mm:ss,743 ERROR [stderr] (default task-44)     at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
YYYY-mm-dd hh:mm:ss,743 ERROR [stderr] (default task-44)     at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
YYYY-mm-dd hh:mm:ss,743 ERROR [stderr] (default task-44)     at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
YYYY-mm-dd hh:mm:ss,743 ERROR [stderr] (default task-44)     at java.net.Socket.connect(Socket.java:607)
...
YYYY-mm-dd hh:mm:ss,750 ERROR [stderr] (default task-44)     at java.lang.Thread.run(Thread.java:748)

Environment

VIP Authenticaiton Hub - release ssp-1.0.2937

SiteMinder policy server: 12.80.600.2708 

SiteMinder admin ui: 12.80.0600.2649

Cause

When user views VIP objects from SiteMinder admin ui, there were API calls made to authentication hub provider for verification using access gateway.
The verification can be certificate for ssl connection, can be configuration objects from authentication hub side.
If those calls are not returned with a response, admin ui will hang.
So the error and hung could be triggered by several possibilities:
  • Certificate is not trusted between authhub and SiteMinder.
  • Missing policy configuration objects from authentication hub side for this oidc connection.
  • Firewall blockage

Resolution

In this case, the firewall on policy server side is the root cause, which blocked communication between two products.

Once the blockage is removed, the configuration in UI is working again.