Problem
Sun Microsystems' Logical Domains (LDOMS) 1.1 returns a host ID value of 00000000 to SiteMinder. SiteMinder uses this value to create the IDs of policy server objects. When SiteMinder uses the value of 00000000 to create the object ID of the administrator, the resulting object ID is invalid, and the newly-created administrator fails to log in to the server.
Solution
Contact Sun Microsystems for a patch that corrects the host ID value returned to SiteMinder.
Star Issue: 17982871-1
The following Oracle issues exist:
When you are using an Oracle policy store and you make changes to policy store objects in the Administrative UI, the changes are effective immediately; however, they may not be visible in the Administrative UI for up to 5 minutes.
The SiteMinder Query Timeout is not supported when the Policy Server is connected to an Oracle user directory. You may encounter this limitation when the Oracle response time is very slow.
The following Policy Server issues exist:
Symptom:
(Linux) The Policy Server may fail to start because the system_odbc.ini file is dynamically updated.
Solution:
After the Policy Server installation, save the file as Read-Only.
Symptom:
If your Policy Server and policy store are operating in mixed-mode during an upgrade to r12.5, the following error message appears after the Policy Server starts:
[CA.XPS:LDAP0014][ERROR] Error occurred during "Modify" for xpsParameter=CA.XPS::$PolicyStoreID,ou=XPS,ou=policysvr4,ou=siteminder,ou=netegrity,dc=PSRoot ,text: Object class violation
[CA.XPS:XPSIO024][ERROR] Save Policy Store ID failed.
Solution:
This message is expected behavior and does not affect the SiteMinder environment.
This message occurs because the r6.x policy store is not upgraded. Part of the upgrade process includes importing the policy store data definitions. The error appears in the SiteMinder Policy Server log because the data definitions are not available in the policy store.
STAR issue: 19759432–01 and 20134656–01
The following Solaris issues exist:
Users are unable to access protected resources when a SafeWord authentication scheme requires both fixed and token-based authenticators. The password screen only prompts users for one authenticator. Therefore, the user is unable to provide both types of credentials and cannot access the protected resource.
Symptom:
An issue occurs with the Java Cryptography Extension (JCE) and legacy federation (formerly Federation Security Services) encryption. This issue happens when an legacy federation Policy Server on Solaris is using certain versions of the JRE. When the Policy Server is acting as an IdP, SAML assertion encryption could possibly fail. If the Policy Server is acting as an SP, SAML assertion decryption could possibly fail.
Solution:
Modify the java.security file in jre_root/lib/security so that the sun.security.provider.Sun provider is registered as the first provider.
Note: Other supported platforms with different versions of Java could possibly exhibit this problem. Apply the same solution.
|
Copyright © 2012 CA Technologies.
All rights reserved.
|
|