The error message "Request Failed: Please contact your system administrator for support" is a generic response in Identity Portal that can occur under several different circumstances:

• Intermittent errors when accessing the portal via a Load Balancer or PingAccess.
• Errors occurring after a period of user inactivity (session timeout) instead of a redirect to the login page.
• Intermittent errors occurring immediately after integrating Identity Portal with Single Sign-On (SSO).

• Identity Portal 14.x (vApp or non-vApp)
• Symantec SiteMinder (SSO) 12.x
• Infrastructure involving PingAccess and/or Load Balancers

• Infrastructure: Incorrect configuration of the Load Balancer or PingAccess (e.g., session stickiness, clock synchronization, or application type).
• Session Mismatch: A discrepancy between the SSO LogOffUri and the Identity Portal Logout redirect URL.
• SSO Configuration: Missing protection for specific REST resources within the SSO Realm or missing file extensions in the Agent Configuration Object (ACO) IgnoreExt attribute.

Scenario 1: Infrastructure and Load Balancer setup
If the error occurs intermittently in a clustered environment, verify the following:

• Session Persistence: Ensure the Load Balancer is configured to route the same session to the same IP node.
• Time Sync: Ensure clocks are synchronized across all nodes and infrastructure components.
• PingAccess: If using PingAccess, ensure the application is configured as "Web + API" rather than just "Web."

Scenario 2: Errors during session timeout
If the error appears after a period of inactivity (e.g., 10 minutes) instead of redirecting to the login page:

Ensure the LogOffUri parameter set on the Agent Configuration Object (ACO) in SSO matches the Logout redirect URL configured in the Identity Portal Admin UI (Identity Portal Setup > General Configuration > SSO). These values must be identical. Refer to: Single Sign-On Authentication using Symantec SiteMinder

Scenario 3: SSO Integration and REST protection
If the error persists after SSO integration, verify the SiteMinder AdminUI settings:

• Realm Protection: Edit the Realm protecting Identity Portal. Ensure `/sigma/rest/resources` is set to "Protected" and that both GET and POST rules are included.
• ACO IgnoreExt: In the Agent Configuration Object (ACO) protecting the portal, set the IgnoreExt attribute to: ".class,.fcc,.scc,.sfcc,.ccc,.ntc,.css,.js,.woff,.woff2,.svg,.ttf,.eot,.json"
  Note: Ensure there are no trailing spaces in these configuration strings, as they can cause intermittent failures.