No option to create SiteMinder Identity Asserter, Authentication Provider, Authorization Provider, or Adjudication Provider in WebLogic console.

MBean not deployed.

Check WLS_HOME/weblogicVERSION/server/lib/mbeantypes for the siteminder
smsecurityproviders.jar file

If the file is not present on server, try rerunning the SiteMinder Agent install.

The WebLogic Server Administration Console does not display the security realm and other nodes in the left navigation pane.

The user account that is accessing the WebLogic console has not been granted the WebLogic admin role, which allows users to perform WebLogic administrative functions.

Check the WebLogic console for related messages.

Verify that the admin role is returned for the admin user starting the WebLogic server.

No log file created for a SiteMinder Agent provider.

Incorrect file path.

Check that directories exist in file path for
logfilename parameter in the Agent configuration file and smagent.properties files. Pathnames should be absolute; file does not have to exist previous to start.

Correct
logfilename parameter.

Problem instantiating authentication provider: java.lang.NullPointerException.

SiteMinder jar file(s) or conf directory missing from classpath.

Check
-classpath switch that is echoed in WebLogic server console. Four CA jar files should be included, plus the /conf directory of ASA_HOME.

Set the CLASSPATH environment variable, or add the jar files to the SMASA_CLASSPATH variable in the startWebLogic script(s).

java.lang.
 Unsatisfied
 LinkError: java_agent_api

Java Agent API is not included in Java Library Path.

Verift that the Java Library Path echoed in the WebLogic server console. It should include the /bin directory of ASA_HOME.

Set library path variable to include the /bin directory.

Could not create an Agent Config Object.

SiteMinder Agent Provider could not determine its configuration

Check the Policy Server console for messages such as "Failed to create agent configuration for...".

In the Administrative UI, verify that the following objects exist:

• AgentConfigObject referenced in the Agent Configuration file
• HostConfigObject referenced in the Host Configuration file

The SiteMinder Agent displays the message: "SmUser Authentication Directory ID not found. No Groups will be returned".

The user directory that IMS or DMS is configured for is missing in the SiteMinder Agent domain.

In the Administrative UI, verify that the domain of the SiteMinder Agent contains the user directory that IMS or DMS is configured for in the Agent Configuration Object.

If the user directory is not in the Policy Server, add it to the SiteMinder Agent domain using the Administrative UI and restart the WebLogic Server.

Verify that you correctly followed the steps in SiteMinder User Directory Not Configured in CA Identity Manager Environment (Use DMS API).

1. Verify that smjavasdk2.jar is present in the:

• ASA_HOME/lib directory
• classpath.

2. In the Policy Server User Interface, verify the:

• value for the SmUserDirectory parameter in the Agent Configuration Object is correct.
• SiteMinder user directory has the appropriate administrator credentials in the "Credentials and Connection" tab of the SiteMinder User Directory dialog.

The WebLogic Server fails to start.

The CA classes are not available to the server

Check the WebLogic console or log for the following error:

com.netegrity.siteminder.agentcommon.utils.g:Could not parse Input Stream

Check the CLASSPATH environment variable in the startWebLogic file, or in the shell environment

Java Agent API is not included in Java Library Path.

Check the Java Library Path echoed in the WebLogic server console. It should include the /bin directory of ASA_HOME.

Set library path variable to include the /bin directory.

The WebLogic Server fails to start.

(continued)

WebLogic cannot find the Agent configuration file (WebAgent.conf) for the SiteMinder Agent

Check the WebLogic console or log for the following error:

Incorrect path to file Path_to_WebAgent.conf SiteMinder Authentication Provider Failure. Incorrect path to file

verify the Agent configuration file exists in the path specified in the error message.

If using relative paths, check the following:

• The smasa.home environment parameter is set correctly in the startWebLogic file, or
• the Agent configuration file is located in WEBLOGIC_HOME/user_projects/domains/YOUR_DOMAIN

The WebLogic Server fails to start.

(continued)

WebLogic cannot find the Agent configuration file for the Adjudication Provider

If you do not access the Details tab when you create the Adjudication Provider in the WebLogic console, the location of the Agent configuration file is not set in the config.xml file

In the config.xml file, check the entry for the SiteMinder Adjudication Provider for the following parameters:

<ext:site-minder-permission-decision>p\Precedence_Setting</ext:site-minder-permission-decision>

<ext:sm-adjudication-provider-config-file>Path_to_Agent_Config file</ext:sm-adjudication-provider-config-file>

If these parameters do not exist, the Adjudication Provider was not configured correctly.

Add the following parameters in the com.netegrity.weblogic.sspi.adjudicator.SiteMinderAdjudicationProvider element in the config.xml:

<ext:site-minder-permission-decision>p\Precedence_Setting</ext:site-minder-permission-decision>

<ext:sm-adjudication-provider-config-file>Path_to_Agent_Config file</ext:sm-adjudication-provider-config-file>

The SiteMinder Authorization Provider is denying authorization for starting the WebLogic Server

In the SiteMinder Authorization Provider log, check for a message that resembles the following:

"User: USER_DN is NOT AUTHORIZED for action "GET" on resource "wlsspiaz/svr/myserver/boot"

In the Administrative UI, create a policy that allows the WebLogic admin account to start the WebLogic server.

WebLogic Server failed to start. Message in the WebLogic console says that "user weblogic failed to boot the server"

You have configured the SiteMinder Authorization Provider incorrectly.

Follow the steps in the "Resolve problem" column.

If you have already configured the SiteMinder Authorization Provider:

1. Create a /* rule in the Authorization Provider realm.

2. Add this rule to the policy that contains all users of the user directory.

If you have not configured the SiteMinder Authorization Provider, verify that the group of user "weblogic" is being returned as "Administrators". You can configure groups to be returned by using SiteMinder responses.

WebLogic Server prompts for credentials again in error.

After you configure the SiteMinder Authentication, Authorization, and Adjudication providers, the WebLogic Server starts up successfully and the WebLogic console is accessible.

However, any changes you make to these provider components (that is, updating a component and clicking Apply) in the WebLogic console are not successful and the WebLogic Server prompts you for user credentials again. Also, the WebLogic Server denies permission for any updates you perform using the WebLogic console.

You did not select the Post action in the Authorization Provider realm's rule in the SiteMinder Agent domain.

The WebLogic Server's log files say:

"..post action is not authorized..."

That you configured the Authorization Provider realm's rule correctly in the SiteMinder Agent domain.

Using the Administrative UI:

1. Check Authorization Provider realm's rule in the SiteMinder Agent domain.

2. Make sure a /* rule is present with Get and Post actions selected.