IWA + Federation Configuration Issues

book

Article ID: 7614

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We are facing issues while Federating via IWA from the IDP to an external SP

The issue occurs only with persistent sessions.

 

 

smps.log:

[2496/4800][Mon Sep 26 2016 11:12:56][IsAuthorized.cpp:70][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : UserNameIDValue.SP.21-7aac6f7f-ecab-4862-91ba-04632dbde4ed

[2496/4800][Mon Sep 26 2016 11:12:56][SmSessionServer.cpp:785][ERROR][sm-Server-06007] failed. Error code : 2

[2496/4800][Mon Sep 26 2016 11:12:56][IsAuthorized.cpp:70][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : UserNameIDFormat.SP.21-7aac6f7f-ecab-4862-91ba-04632dbde4ed

[2496/4800][Mon Sep 26 2016 11:12:56][SmSessionServer.cpp:785][ERROR][sm-Server-06007] failed. Error code : 2

[2496/4800][Mon Sep 26 2016 11:12:56][IsAuthorized.cpp:70][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : SessionIndex.SP.21-7aac6f7f-ecab-4862-91ba-04632dbde4ed

[2496/4800][Mon Sep 26 2016 11:12:56][SmSessionServer.cpp:785][ERROR][sm-Server-06007] failed. Error code : 2

[2496/4800][Mon Sep 26 2016 11:12:56][IsAuthorized.cpp:70][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : StateSLO.SP.21-7aac6f7f-ecab-4862-91ba-04632dbde4ed

 

[2496/4800][Mon Sep 26 2016 11:12:56][AssertionGenerator.java][ERROR][sm-FedServer-00130] postProcess() returns fatal error. Can not save the SLO information into session store.

Cause

You face this error because you've enable the "Windows User Security Context", and you're Web Server probably don't meet the requirements.

Environment

Policy server version is 12.52SP02CR01SPS 12.52SP1

Resolution

Turning off the option "Use Authenticated user's security context" in the AD User Directory definition resolves the issue

Additional Information

Configuration Overview

Windows User Security Context Requirements