The Secure Proxy Server Cannot Be Started Without a Valid Set Of Proxy Rules.

book

Article ID: 38557

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Summary:

There is an issue with proxyrules.xml file. I saw an error in default log. I stopped services on the Secure Proxy Server due to the following error. After stopping services on SPS, We confirmed access to site has been restored. 

The log shows the following error messages:

[ERROR] - file: [conf/proxyrules.xml] does not exist 
[ERROR] - The Secure Proxy Server Cannot Be Started Without a Valid Set Of Proxy Rules. 
[ERROR] - You MUST Shutdown the Secure Proxy Server, Correct This Error, and Restart. 

There was an HTTP 502 error returned back to the user when this issue occured.

Instructions

 

There can be a couple of reasons why this might happen on its own in a previously-working deployment. Here are some things to check to ensure that the Secure Proxy Server will be able to find and read the contents of the proxyrules.xml and complete startup:

1. Check to make sure that the proxyrules.xml file has not been moved, deleted or renamed. It should be in the original installation path <SPS Home>/proxy-engine/conf

2. Ensure that permissions for the proxyrules.xml will allow the Tomcat user to read the file. By default, the Tomcat user is set as “nobody” in the “nobody” group, so at the minimum that user should have read permissions.

3. When restarting the Secure Proxy Server services, using the “sps-ctl stop” and “sps-ctl start” commands, as well as from the “Services” administrative plugin (Windows), ensure that there is enough time for the JVM to shut down completely. You can encounter the above error if the proxyrules.xml file is still “in use” by the Java process and locked by the OS.

Environment

Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus
Component: