search cancel

SMTRYNO cookie not being created

book

Article ID: 42128

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Issue:

We upgraded both the web agent and policy server from r12.0 SP3 to r12.52 and now noticed that the SMTRYNO cookie is no longer being created after the upgrade. This is not yet in our production environment but this issue is a serious path to our production upgrade and needs to get resolve.

 

Environment:  

1) Applications pointing to the 12.0 SP3 Policy Server (working use-case) 

2) Applications pointing to the 12.52 Policy Server (non-working use-case)

 

Cause: 

- The SMTRYNO cookie needs to be designated in the associated .fcc file that the Policy Server and Web Agent use to collect the credentials from a user.

- If the .fcc file used by the Web Agent is not adjusted to include the SMTRYNO method, the SMTRYNO cookie will not be generated.

 

SmTraceDefault.log

[04/15/2016][11:06:48][10248][68757824][CSmHttpPlugin.cpp:657][CSmHttpPlugin::ProcessResource][000000000000000000000000480516ac-2808-57111fa8-4192940-e6d63f33511][*10.22.192.13][][vlslcportal18-ext-portal-regence-dev6][][][Resolved URL: '/siteminderagent/forms/login.fcc'.]

[04/15/2016][11:06:48][10248][68757824][CSmHttpPlugin.cpp:5748][CSmHttpPlugin::AutoAuthorizedUrl][][][][][][][Auto-authorizing resource, matches IgnoreExt filter.]

[04/15/2016][11:06:48][10248][68757824][CSmHttpPlugin.cpp:698][CSmHttpPlugin::ProcessResource][000000000000000000000000480516ac-2808-57111fa8-4192940-e6d63f33511][*10.22.192.13][][vlslcportal18-ext-portal-regence-dev6][/siteminderagent/forms/login.fcc][][Autoauthorizing URL : 'https://urldefense.proofpoint.com/v2/url?u=http-3A__portal-2Ddev6.regence.com_siteminderagent_forms_login.fcc&d=CwIFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=NKKSQFB5EvGcOZK9Lu5QFMLjqnNX7f2sPBKxyBIbW54&m=y0hKfl6xNOwMnC-DaNFj8zU1w4ko_KN1e0p9K8iNruA&s=mPx-9sw0HhXCPfPKCdkP2k9rFZfj60Zm5QNNvuO6PkM&e= ' , Method: 'POST' ]

[04/15/2016][11:06:48][10248][68757824][CSmHttpPlugin.cpp:781][CSmHttpPlugin::ProcessResource][000000000000000000000000480516ac-2808-57111fa8-4192940-e6d63f33511][*10.22.192.13][][vlslcportal18-ext-portal-regence-dev6][/siteminderagent/forms/login.fcc][][Resolved METHOD: 'POST'.]

[04/15/2016][11:06:48][10248][68757824][CSmHttpPlugin.cpp:834][CSmHttpPlugin::ProcessResource][000000000000000000000000480516ac-2808-57111fa8-4192940-e6d63f33511][*10.22.192.13][][vlslcportal18-ext-portal-regence-dev6][/siteminderagent/forms/login.fcc][][Resolved cookie domain: '.regence.com'.]

[04/15/2016][11:06:48][10248][68757824][CSmResourceManager.cpp:112][CSmResourceManager::ProcessResource][000000000000000000000000480516ac-2808-57111fa8-4192940-e6d63f33511][*10.22.192.13][][vlslcportal18-ext-portal-regence-dev6][/siteminderagent/forms/login.fcc][][SM_WAF_HTTP_PLUGIN->ProcessResource returned SmSuccess.]

[04/15/2016][11:06:48][10248][68757824][CSmSessionManager.cpp:82][CSmSessionManager::EstablishSession][000000000000000000000000480516ac-2808-57111fa8-4192940-e6d63f33511][*10.22.192.13][][vlslcportal18-ext-portal-regence-dev6][/siteminderagent/forms/login.fcc][][Calling SM_WAF_HTTP_PLUGIN->EstablishSession.]

[04/15/2016][11:06:48][10248][68757824][CSmSessionManager.cpp:126][CSmSessionManager::EstablishSession][000000000000000000000000480516ac-2808-57111fa8-4192940-e6d63f33511][*10.22.192.13][][vlslcportal18-ext-portal-regence-dev6][/siteminderagent/forms/login.fcc][][SM_WAF_HTTP_PLUGIN->EstablishSession returned SmNoAction.]

[04/15/2016][11:06:48][10248][68757824][CSmHighLevelAgent.cpp:406][ProcessRequest][000000000000000000000000480516ac-2808-57111fa8-4192940-e6d63f33511][*10.22.192.13][][vlslcportal18-ext-portal-regence-dev6][/siteminderagent/forms/login.fcc][][ProtectionManager returned SmNo, end new request.]

[04/15/2016][11:06:48][10248][68757824][CSmLowLevelAgent.cpp:3578][ReportHealthData][][][][][][][Accumulating HealthMonitorCtxt.]

[04/15/2016][11:06:48][10248][68757824][CSmHighLevelAgent.cpp:986][ProcessAdvancedAuthentication][000000000000000000000000480516ac-2808-57111fa8-4192940-e6d63f33511][][][][][][Start new request.]

[04/15/2016][11:06:48][10248][68757824][CSmResourceManager.cpp:187][CSmResourceManager::ProcessAdvancedAuthResource][000000000000000000000000480516ac-2808-57111fa8-4192940-e6d63f33511][][][][][][Calling SM_WAF_HTTP_PLUGIN->ProcessAdvancedAuthResource.]

[04/15/2016][11:06:48][10248][68757824][CSmHttpPlugin.cpp:8750][CSmHttpPlugin::ProcessAdvancedAuthResource][000000000000000000000000480516ac-2808-57111fa8-4192940-e6d63f33511][][][][][][Resolved HTTP_HOST: 'portal-dev6.regence.com'.]

[04/15/2016][11:06:48][10248][68757824][CSmHttpPlugin.cpp:5293][Entered CSmHttpPlugin::ResolveFQServerName sHost: ][][][][][][][portal-dev6.regence.com]

[04/15/2016][11:06:48][10248][68757824][CSmHttpPlugin.cpp:5669][CSmHttpPlugin::ResolveClientIp][000000000000000000000000480516ac-2808-57111fa8-4192940-e6d63f33511][][][][][][Resolved Client IP address '10.22.192.13'.]

[04/15/2016][11:06:48][10248][68757824][SmFCC.cpp:2942][SmFcc::getLocalePath][000000000000000000000000480516ac-2808-57111fa8-4192940-e6d63f33511][*10.22.192.13][][][][][Localized Path = /usr/pservices/ca/siteminder/webagent/samples/forms_en-US/login_en-US.fcc, working locale = en-US]

[04/15/2016][11:06:48][10248][68757824][CSmFormTemplateCache.cpp:209][CSmFormTemplateCache::GetForm][][][][][][][Form template '/usr/pservices/ca/siteminder/webagent/samples/forms_en-US/login_en-US.fcc' not found in cache.]

[04/15/2016][11:06:48][10248][68757824][CSmFormTemplateCache.cpp:226][CSmFormTemplateCache::GetForm][][][][][][][Serving form template '/usr/pservices/ca/siteminder/webagent/samples/forms_en-US/login_en-US.fcc' from disk.]

[04/15/2016][11:06:48][10248][68757824][CSmFormTemplateCache.cpp:269][CSmFormTemplateCache::GetForm][][][][][][][Form template '/usr/pservices/ca/siteminder/webagent/samples/forms_en-US/login_en-US.fcc' stored in cache

 

Resolution: 

1) It was observed that the 'login_en-us.fcc' was being called by the Web Agent instead of the 'login.fcc', used in past releases.  This is where the customer should have configured the SMTRYNO cookie settings per the documentation. [1]

2) Customer was able to make this adjustment to the ACO parameters, and update the 'login_en-us.fcc' page to their specifications.

a) In this use-case, SMTRYNO and @smretries [2] needed to be configured.

 

Additional Information: 

[1]: Security Zones for Single Sign-On

[2]: How to Configure HTML Forms Authentication 

 

Environment

Release:
Component: SMPLC