Configuration Guide › CA SiteMinder Integration › Troubleshooting › No User Context in CA IdentityMinder

No User Context in CA IdentityMinder

Symptom:

No User Context in CA IdentityMinder.

If a user tries to access CA IdentityMinder without a SMSESSION cookie, CA IdentityMinder cannot authenticate the user. In this case, you can expect to see can emptyCA IdentityMinder UI.

If you have Workflow enabled for your environment, expect to see a failure much like this.

Solution:

A few things can cause this, but it is usually one of the following:

• You have directly accessed CA IdentityMinder.
• The SiteMinder agent at the proxy is disabled (that is, nothing is protected – The SMSESSION Cookie is not being created).
• The SiteMinder Domain for the CA IdentityMinder environment is misconfigured .

The first two causes are pretty straight forward. Make sure that you route through the web server with the fully functional web agent enabled. If however you are going through the web server and the agent is enabled, then you need to modify the Domain.

Follow these steps:

1. Log in to the SiteMinder Administrative UI.
2. Locate your CA IdentityMinder Domain and click through the layers to modify it. Click the Realm Tab and then the first realm in the list.
3. The default location of the forward slash is under the realm. Delete it.
4. Click into the Rule under this Realm.

   The default effective resource for the rule is an asterisk "*".

5. Add the forward slash "/" in front of the asterisk.

   You have moved the forward slash from the realm to the rule. The protection is the same, but SiteMinder treats it differently.

   You can successfully log in to CA IdentityMinder through SiteMinder. To validate proper protection, review your SiteMinder agent logs.