search cancel

Issue decoding SMSession Token in Cognos with Siteminder SDK Agent


Article ID: 8744


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


We're running Cognos application server, and this one has an embedded

SDK C Agent. But when this SDK C Agent receives an SMSESSION cookie

from a front end IIS Web Agent, it cannot decode properly the Session

data at it reports error :


CAM-AAA-0165 The SiteMinder agent API function call to 'Sm_AgentApi_DecodeSSOToken()' 

failed with error code 'SM_AGENTAPI_FAILURE


CAM-AAA-0161 Unable to decode SSO token


Why is this happening and how can we solve it ?



Policy Server runs in FIPS Only Mode, and it has version 12.51




[4615/4151736016][Tue Nov 21 2017 17:29:43][CServer.cpp:4017][INFO][sm-Server-04450] 

Policy Server employing only FIPS-140 cryptographic algorithms.


In that case, the Environment Variable CA_SM_PS_FIPS140 needs to be

set to to Only for the SDK C Agent to be able to decode session data.





SDK Agent 12.5x, 12.6, 12.7Windows or Linux/UnixNote: This KB may apply to many other versions of Web Agent, Policy Server, SDK Agent, and Cognos.


You need to have the SDK Agent running in the same FIPS Mode as the Web Agent and Policy Server. Since the Web Agent is running in FIPS_ONLY, the SDK Agent will need an Environment Variable to know what FIPS Mode it should be in.


Set an Environment Variable for you OS with

Name: CA_SM_PS_FIPS140

Value: ONLY





export CA_SM_PS_FIPS140=ONLY



<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AK9CAAW" alt="Untitled.png" width="412" height="476">

Additional Information

From 12.51 Documentation, if the Policy Server runs FIPS only, you 

need to set an environment variable on the SDK C Agent side : 


Running C Sample Program with a 4.x Agent Requires Setting an Environment Variable 156186 


Setting the environment variable for FIPs only is required for 

running the SmAgentAPI 'C' Samples for the 4x Agent connection to 

work. Make sure that this environment variable is set as follows: 


export CA_SM_PS_FIPS140=ONLY. 




1558700727570000008744_sktwi1f5rjvs16p63.png get_app