Openid authentication scheme not authenticating requests in Policy Server
Article ID: 377214
Updated On:
Products
SITEMINDER
CA Single Sign On Agents (SiteMinder)
CA Single Sign On Secure Proxy Server (SiteMinder)
Issue/Introduction
Running Policy Server, this one fails to authenticate users with OpenID Authentication Scheme.
smtracedefault.log
[08/14/2024][13:15:44.751][13:15:44][9068][8896][SmDsDir.cpp:66][CSmDsDir::CSmDsDir][][][][][][][][][][][][][][][][][][][About to initialize directory, Oid='<id>', Name='<name>'][][Start of call InitDir.][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[08/14/2024][13:15:44.751][13:15:44][9068][8896][Sm_Auth_Message.cpp:2076][CSm_Auth_Message::AuthenticateUser][][<agent>][/<URI>/][][][][][][][][][][][][][][][][][][Evaluating OnAuthAttempt policy...][][][][][][5][0][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[08/14/2024][13:15:44.766][13:15:44][9068][8896][SmAuthorization.cpp:2325][CSmAz::IsOkGlobal][][][][][][][][][][][][][][][][][][][][][Evaluating OnAuthAttempt global policies in the realm.][][][][][][][][][][][][][][][][OnAuthAttempt][][][][][][][][][][][][][][][][][][][][][][]
[08/14/2024][13:15:44.766][13:15:44][9068][8896][Sm_Auth_Message.cpp:5200][CSm_Auth_Message::SendReply][s5/r531][<agent>][][][][][][][][][][][][][][][][][][][** Status: Authentication Attempt Failed. ][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
And the CA Access Gateway (SPS) Agent usually reports the error:
"User 'unknown' is not authenticated by Policy Server."
spsagent.log:
[08/08/2024][02:01:47.305][5708][8240][][AuthenticateUser][User 'unknown' is not authenticated by Policy Server.][CSmLowLevelAgent.cpp:1565][][][][<agent>][][*10.0.0.1][][][][][][][][][/URI/][GET][06-e294306d-3807-4325-b193-9e743ec58ed9][]
Resolution
Correct the plugin OpenID configuration from the CA Access Gateway (SPS) WebAgent.conf to solve the issue.
Feedback
Yes
No
Powered by
