The importance of Severpath and it's relation to semaphore creation.
search cancel

The importance of Severpath and it's relation to semaphore creation.


Article ID: 54573


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



This document details the importance of the Siteminder server path, how it is used during the webagent boot process and how duplicate inodes can create problems.
This only applies to webagents running on a Linux \ UNIX operating system.



The importance of Serverpath and it's relation to semaphore creation.

Overview of the process

A system call on the Siteminder webagent is used to generate a unique token when the agent starts.
On unix system this token is derived from the inode value of the webagents serverpath (as specified in your webagent.conf), this token is used to create both shared memory segments and semaphores during the webagents startup and must be unique for each serverpath.

When the webagent starts we can see the key been used to create the semaphores and shared memory segments:

<Please see attached file for image>

Figure 1

As this key is derived from the inode value of the server path it's not only important that each serverpath specified in the webagent.conf is unique but also the inode value for that serverpath is unique too.

How duplicate inodes exist

On the unix file system each file or folder is assigned a unique inode value. Although this value is unique to a particular file system if multiple file systems are mounted, and serverpaths exist on different file systems there is a risk that two server paths could have an identical inode value and thus generate identical tokens causing the webagent to fail.

Finding the duplicate inodes

This simple procedure can be used to find all your duplicate inodes:

  1. Note down all your serverpaths in webagent.conf.
  2. Login to the server.
  3. CD to the serverpaths parent directory (One level above the serverpath).
  4. use ls -I to display the inode values.
  5. write down the inode value for the serverpath folder (see diageam below).

    <Please see attached file for image>

    Figure 2

  6. Continue from step 3 until you have documented all your inode values.
  7. Now you have documented all your inode values check your list for any duplicate inodes values.

Fixing the duplicate inodes

Once you have found your duplicate inodes use the following procedure on one of the conflicting serverpaths.

  1. Stop the web server
  2. Create a new serverpath directory under the same parent directory as the conflicting serverpath.
  3. Copy your data from the old to new serverpath.
  4. Rename the old serverpath to something unique (eg serverpath_old)
  5. Rename the new serverpath to the name of the old serverpath (verify this using webagent.conf).
  6. Check that the LLAWP process is down (use pgrep LLAWP to check).
  7. Reboot the server or use ipcrm to cleanup any unused semaphores.
  8. Start the webserver.


1558711792872000054573_sktwi1f5rjvs16sfj.gif get_app
1558711789968000054573_sktwi1f5rjvs16sfi.gif get_app