Bad or missing context 'SESSION struct' in web agent log

book

Article ID: 36472

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Issue:
Customer see following error message in web agent log intermittently

[ERROR][sm-AgentFramework-00530] LLA: Bad or missing context 'SESSION struct'.

In general, the following error message

Bad or missing context 'SESSION struct'

is related to session logout whereby it can't find the session when it try to logout.

However, there is a use case whereby this shouldn't log as Error.
Use case:
1. Protect a Realm with Anonymous Authentication Scheme.
2. Add a logoffuri to the ACO
3. In a browser go to a protected page then go to the logoffurl page and the error will appear in the web agent log file.

Snippet of web agent log
[CSmLowLevelAgent.cpp:4448][ERROR][sm-AgentFramework-00530] LLA: Bad or missing context 'SESSION struct'.

Snippet of web agent trace log at the Message field that show access to logoffuri and calling LogoutSession with empty session.

[Resolved URL: '/sso/ssologout.html'.]
[LogoffURI request.]
[Removing HTTP cache request headers.]
[Resolved METHOD: 'GET'.]
[Resolved cookie domain: '.xyz.com'.]
[SM_WAF_HTTP_PLUGIN->ProcessResource returned SmSuccess.]
[Calling SM_WAF_HTTP_PLUGIN->EstablishSession.]
[Decoded SMIDENTITY Cookie - User(GUID) = 'yoWp3BjJaVhK8TjcR2vxDVaWx5Q=']
[Processed SMIDENTITY cookie.]
[SM_WAF_HTTP_PLUGIN->EstablishSession returned SmSuccess.]
[Calling LogoutSession for session ''.]
[Calling SM_WAF_HTTP_PLUGIN->TerminateSession.]
[Removing SMSESSION cookie.]
[SM_WAF_HTTP_PLUGIN->TerminateSession returned SmSuccess.]
[ProtectionManager returned SmNo, end new request.]

Environment:
Policy Server :- R12.52 SP1 (b499)
OS:- Win 2008 R2
WebAgent Version:- R12.52 SP1 (FileVersion: 12.52.0100.499.)
OS:- RHEL 6.6 x64
WebServer Version:- ASF Apache 2.4.1/64 bit, worker mode

Cause:
Inproper handle of following use case:
1) Protect a Realm with Anonymous Authentication Scheme.
2) Add a logoffuri to the ACO
3) In a browser go to a protected page then go to the logoffurl page

Resolution:
SE improve the logic of code so the error will not log when fall into the use case.

The outcome of the change
1. No error message appears in the web agent log file.
2. Web agent trace log will get the following message:

Skipping LogoutSession because it is an Anonymous Session  (GUID) ‘<guid id>.

This issue fix in following release
R12.52 SP01 CR05 onwards
R12.52 SP02 CR01 onwards

Environment

Release:
Component: SMAPC