Unable to establish administration context seen in Policy Server smps.log
search cancel

Unable to establish administration context seen in Policy Server smps.log

book

Article ID: 380690

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Federation (SiteMinder)

Issue/Introduction


Running Policy Server, the smps.log reports the error:

[XPSSecurity.cpp:653][ValidateAdmin][ERROR][sm-xpsxps-04390] Unable to establish administration context.

Custom SDK Java code has been recompiled with the Policy Server JVM and the SDK same version as per Policy Server.

 

Environment


  Policy Server 12.8SP8 on RedHat 7;
   JDK 1.8_192;

 

Cause


The Policy Server reports the error in a SAML transaction, which ends with the user being authenticated, and SAMLResponse being sent.

smtracedefault.log:

[10/23/2024][15:36:22.386][15:36:22][][][SmAuthServer.cpp:364][][][][][][][][][][][][][][][][][][][][][][LogMessage:INFO:[sm-Server-02760] Initialized authentication scheme <saml-auth-scheme>][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][SMTRACELOG][][][][][]

[10/23/2024][15:36:25.307][15:36:25][][][SmAuthAdminUser.cpp:167][CSmAuthAdminUser::Authenticate][][][][][][][][][][][][][][][][][][][][][Authentication succeeded.][][][][][0][][Sm_AuthApi_Accept][][][][][][][][][][][][][][][][][][][][][][][][][][][SMTRACELOG][][][][][]

[10/23/2024][15:36:25.308][15:36:25][][][XPSSecurity.cpp:653][ValidateAdmin][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR: Unable to establish administration context.][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][SMTRACELOG][][][][][]

[10/23/2024][15:36:25.312][15:36:25][][][SmAuthUser.cpp:5869][CSmAuthUser::Authenticate][][][][][][][][][][][][][][][][][][][][LDAP://ldap.example.com:636/uid=<username>,ou=People,o=example][Authenticating user by the auth scheme][<saml-auth-scheme>][][][][][][][][][][][][][][uid=<username>,ou=People,o=example][][][][][][][][][][][][][][][][][][][SMTRACELOG][][][][][]

[10/23/2024][15:36:25.323][15:36:25][][][Sm_Auth_Message.cpp:5439][CSm_Auth_Message::SendReply][s11871/r365][<saml-auth-scheme>][][][][<saml-auth-scheme>][<saml-auth-scheme>][][][][][][][][][][][][][][** Status: Authenticated. ][<saml-auth-scheme>][][][][][][idletime=3600;maxtime=7200;authlevel=5][][][][][][][][uid=<username>,ou=People,o=example][][][][][][][][][][][][][][][][][][][SMTRACELOG][][][][][]

 

Resolution


From the smtracedefault.log, after the error shows up, no further error is seen, and the Policy Server marks the transaction as success:

Status: Authenticated

During SAML authentication, Policy Server uses the authentication information obtained from SecurityContext to log in to XPS (eXtensible Policy Store), but if the SecurityContext is retrieved and it does not exist, the above error will be output.

However, if no other error messages are output at the same time and the above message is the only one, the SecurityContext itself will be retrieved in subsequent processing, and the SAML authentication process works normally.

Therefore, if no other error messages are output at the same time, no action is required and the message can be safely ignored.