Error FedXPSException Activation of partnership failed in AdminUI
search cancel

Error FedXPSException Activation of partnership failed in AdminUI

book

Article ID: 256268

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

 

When running an AdminUI, and trying to activate a partnership, the browser receives an error:

    "Error: Error activating Partnership myPartnership"

The AdminUI reports:

    2022-11-09 08:29:29,505 [INFO] ims.ui.ConsolePageFilter [] - dispatch=/app/ui7/index.jsp
    2022-11-09 08:29:29,678 [ERROR] com.ca.federation.adminui.backingbean.federation.PartnershipListBean [] - **ERROR** com.ca.fedxps.api.remote.FedXPSException during UI operation.
    com.ca.fedxps.api.remote.FedXPSException: Activation of partnership failed
            at com.ca.federation.api.remote.FedServices.activate(Unknown Source) ~[fedremoteapi.jar:?]
            at com.ca.federation.adminui.backingbean.federation.PartnershipListBean.activatePartnership(PartnershipListBean.java:2143) ~[fedmgr.jar:?]
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_212]
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_212]

 

Environment

Release : 12.8.x
OS: All

Cause

 

The cause of being unable to activate the partnership is due to activating the two partnerships on the same Entity ID.

The entity id https://myserver.mydomain.com present in partnership "myPartnership" is trying to act but is failing due to it already being active in the "Legacy" Partnership from the "myLegacyPartnership" Authentication Scheme definition . 

In Authentication Schemes  ›  View Authentication Scheme: myLegacyPartnership ›  View SAML 2.0 properties

Under User Disambiguation, the XPath Query is active.

From the help page for the checkbox Active in auth schemes, the same identity values can not be used in more than 1 partnership (1).

 

Resolution

 

Deselect this XPath Query check box in the Legacy Partnership "myLegacyPartnership", save the configuration, and activate the partnership "myPartnership" to solve this issue.

 

Additional Information

 

(1)

    Active

      Indicates whether the legacy federation configuration is in use
      for a particular partnership. If the Policy Server is using the
      legacy federation configuration, confirm this check box is
      selected. If you have recreated a federated partnership with
      similar values for identity settings, such as source ID, clear
      this check box before activating the federated partnership.

      SiteMinder cannot work with a legacy and partnership configuration
      that use the same identity values or a name collision occurs.

    

Powered by Wolken Software