search cancel

Secure Proxy Server fails to startup


Article ID: 32436


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



SPS is failing to start after configuring it with a dedicated user, instead of the root user.



When SPS is configured with a dedicated user, will be executed with this user, instead of root. During startup, file is created under ${PROXY_HOME}/CA/secure-proxy/tmp directory. Hence, it requires this user to have write permission to this directory.


Following is observed when SPS is started with root account, while it was configured with a dedicated user:

[[email protected] proxy-engine]# ./sps-ctl start 
httpd (pid 7814) already running 
Successfully Started Apache.. 
Attempting to start Secure Proxy Engine.. 
Sending output to /opt/CA/secure-proxy/proxy-engine/logs/nohup.out.20151002_020336 
/opt/CA/secure-proxy/proxy-engine/ line 184: /opt/CA/secure-proxy/proxy-engine/tmp/ Permission denied 
/opt/CA/secure-proxy/proxy-engine/ line 184: /opt/CA/secure-proxy/proxy-engine/logs/nohup.out.20151002_020336: Permission denied 
Successfully Started Proxy Engine.. 
(Proxy Engine initialization may take a few extra seconds).



On UNIX, make sure the following is updated in the httpd.conf file:

User <dedicated_user>

LoadModule env_module modules/



Also, update /tmp and /logs folders owner to this dedicated user.


If you have configured SPS to be Federation Gateway, Federation Web Services Application is deployed inside the Tomcat web server. Hence, please ensure that the ${PROXY_HOME}/CA/secure-proxy/Tomcat/webapps/affwebservices folder owner is updated to this dedicated user with at least 755 permissions, else you will run into HTTP error 404 with the following exception logged in the nohup log:



Oct 26, 2015 7:07:00 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [jsp] in context with path [/affwebservices] threw exception [java.lang.IllegalStateException: No output folder] with root cause
java.lang.IllegalStateException: No output folder
So, please change the tmp and logs folders owner to nobody, maintaining the permissions to secure-proxy files and folders as 755 and try start up SPS again.


Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus