Problem:

After modifying a federation partnership, the list of federation users seen on the Users tab of the partnership is going blank.  This is effectively disabling the partnership, forcing us to go back and add the list of users.

Environment:

Siteminder Policy Server R12.52 prior to R12.52SP1CR04, all platforms

Cause:

This is a defect in the R12.52 release of the policy server.  When the XPSSweeper utility runs, it is migrating federation objects that should instead be skipped.  This creates a condition in which when the partnership is deactivated/reactivated, the list of federation users is lost.

Resolution/Workaround:

Upgrade the Policy Server to r12.52 SP1 CR04 or higher to resolve the issue. 

Workaround: When running R12.52 releases prior to SP1 CR04, be sure to check the Users tab of any partnership after activating it (note that you must deactivate any active partnership before modifying it).  If XPSSweeper has not run between now and the last time the partnership was activated, the partnership will not encounter this problem.  In other words, the problem will only occur is XPSSweeper has run since the last time a partnership was modified.  Once a partnership is modified and repaired after an XPSSweeper run, the problem will not occur again for that partnership until XPSSweeper runs again.

By default, XPSSweeper will run automatically on a weekly basis.  It is not recommended to alter or disable the XPSSweeper frequency in order to avoid this problem.  You can use the XPSConfig utility to check the XPSSweeper autosweep schedule (choose the XPS option from the main menu, then examine the Autosweep and AutosweepSchedule parameters).