Reducing "SessionServer GetSession failed. Error code : 2" errors
search cancel

Reducing "SessionServer GetSession failed. Error code : 2" errors

book

Article ID: 54676

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER CA Single Sign On Agents (SiteMinder)

Issue/Introduction

 

When running Policy Server version 6 SP5, a lot of errors are seen in the smps.log:

CSmSessionServer::GetSession() - Provider::GetSession() failed. Error code : 2

When the error is present, the user is redirected to the credential even though the session has not timed out.

 

Resolution

 

The above error means "Session not found in the Session Store". If the session is not found in the session store then the policy server will not be able to validate the session and therefore the user will be redirected for credentials.

Configure the session to be persistent; the persistent session is updated in the session store when you hit a protected resource (table ss_sessionspec; column LastTouch).

The Web Agent can process requests from the cache instead of then the Policy Server. This could lead to unexpected timeouts; the session has reached the maximum idle time and therefore it could be deleted from the Session Server.

To avoid this situation, enable the "Validation Period" under the properties of the Persistent Realm, this will force the agent to validate against the Policy Server when it has exceeded the threshold defined by "Validation Period".

NOTE: the "Validation Period" should be less than the IDLE timeout of the realm.

Session validation calls perform two functions:

  • Informing the Policy Server that a user is still active.
  • Checking that the user's session is still valid.

Minimum requirements:

  • SiteMinder Policy Server version 6 SP5 CR03.
  • SiteMinder Web Agent version 6 QMR5 CR02.

For more reference please check SiteMinder Policy Server Design Guide, Chapter 30 "Realm Dialog Reference".