Impersonation not working on some versions of agents

book

Article ID: 36579

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Symptoms: 

Several clients have reported that, upon upgrading Siteminder to 12.52, Apache agents stop working on Impersonation.

Environment:  

Windows/Unix

Cause: 

Web agent defect.

Resolution/Workaround:

Upon investigation, it looks like during the startimpersonation process,  the "smsavedsession" is not getting generated as a cookie. This will prevent the impersonator from being able to logout.

Smsavedsession is generated only when the impersonation session starts. The Web Agent moves the existing SMSESSION to SMSAVEDSESSION and sets a new SMSESSION cookie equal to the new session spec due to a @pushsession directive in the FCC.

This was identified as a defect in several versions of R12.51 and R12.52 agents, impacting both IIS and Apache. The client needs to either get the development fix or wait for the latest 12.52 SP1CR4 patches.

However, the same use case works on agents prior to the R12.5 release.

Additional Information:

WEBAGENT R12.52 SP01 CR04 release note contains fix for:

RTC 160850 / DE102716  The Impersonation flow fails when the FCC Compat mode is set to YES.

Environment

Release:
Component: SMPLC