Comments for CoreBlox Blog http://www.coreblox.com/blog A blog from Identity & Access Management consulting experts Fri, 03 Feb 2012 22:18:27 +0000 hourly 1 Comment on How SiteMinder Interacts with LDAP by Todd http://www.coreblox.com/blog/2009/06/how-siteminder-interacts-with-ldap/comment-page-1/#comment-66978 Todd Fri, 03 Feb 2012 22:18:27 +0000 http://www.coreblox.com/blog/?p=527#comment-66978 If the attribute is multi-valued in the underlying directory, it will be shown with a ^ separating the values as Darren says above. The application itself would need to parse out the individual values. If the attribute is multi-valued in the underlying directory, it will be shown with a ^ separating the values as Darren says above. The application itself would need to parse out the individual values.

]]> Comment on How SiteMinder Interacts with LDAP by Mark P http://www.coreblox.com/blog/2009/06/how-siteminder-interacts-with-ldap/comment-page-1/#comment-66967 Mark P Fri, 03 Feb 2012 19:41:09 +0000 http://www.coreblox.com/blog/?p=527#comment-66967 How can I extract the individual Group names (CN) for a Given user. I keep getting a "^" in the Group list and the format is not really valid. How can I extract the individual Group names (CN) for a Given user. I keep getting a “^” in the Group list and the format is not really valid.

]]> Comment on SiteMinder R12: Error: No Registration on File by Sudhir http://www.coreblox.com/blog/2010/06/siteminder-r12-error-no-registration-on-file/comment-page-1/#comment-65357 Sudhir Wed, 18 Jan 2012 21:17:04 +0000 http://www.coreblox.com/blog/?p=980#comment-65357 Hi - I am facing a wierd problem. I installed policy server which is pointing to an LDAP policy store. I was able to successfully test the connection to the policy store from the policy server. I also registered the siteminder super user using the XPSRegClient utility on the policy server host. Then I installed wamui on another server. Now, when I try to login to the admin ui, I get the error Invalid username password combination even though I provide the correct credentials. I tried reinstalling the components several times but no luck. Can you help? Thanks in advance - Sudhir. Hi –

I am facing a wierd problem. I installed policy server which is pointing to an LDAP policy store. I was able to successfully test the connection to the policy store from the policy server. I also registered the siteminder super user using the XPSRegClient utility on the policy server host. Then I installed wamui on another server. Now, when I try to login to the admin ui, I get the error Invalid username password combination even though I provide the correct credentials.

I tried reinstalling the components several times but no luck. Can you help?

Thanks in advance – Sudhir.

]]> Comment on Quick guide to installing SiteMinder WAM R12 SP2 by Dee http://www.coreblox.com/blog/2010/01/quick-guide-to-installing-siteminder-wam-r12-sp2/comment-page-1/#comment-65231 Dee Tue, 17 Jan 2012 18:18:46 +0000 http://www.coreblox.com/blog/?p=807#comment-65231 However, we have been hit by another performance issue now. Openign SiteMinder UI or OID-ODSM console is taking enormous time. It seems CA Siteminder guys have got a new CR009 for R12SP3. So i am going to install that patch and then see if the performance issue gets resolved.. Forgot to mention "Thanks Todd" ... However,

we have been hit by another performance issue now. Openign SiteMinder UI or OID-ODSM console is taking enormous time. It seems CA Siteminder guys have got a new CR009 for R12SP3. So i am going to install that patch and then see if the performance issue gets resolved..

Forgot to mention “Thanks Todd” …

]]> Comment on Quick guide to installing SiteMinder WAM R12 SP2 by Dee http://www.coreblox.com/blog/2010/01/quick-guide-to-installing-siteminder-wam-r12-sp2/comment-page-1/#comment-65230 Dee Tue, 17 Jan 2012 18:16:36 +0000 http://www.coreblox.com/blog/?p=807#comment-65230 Hi, We have got a solution for this error. BY default SiteMInder searches for XPS data only for 20 seconds. We had 29900 data entries for xpsNumber and hence we had to increase the default timing in sm.registry by 10 mins (600s). The "SearchTimeout" entry which is not present in the default sm.register was updated as below : HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LdapPolicyStore=20495 AdminDN= cn=orcladmin; REG_SZ AdminPW= {RC2}4BJMPQgYO5BdMBO/lfBA652fTopG4LXK; REG_SZ AppSdk= 0; REG_DWORD CertDbPath= ; REG_SZ Enabled= 0x1; REG_DWORD PSRootDN= dc=dcbok; REG_SZ Server= 172.16.82.71:3060; REG_SZ Use SSL= 0; REG_DWORD Version= 5.0; REG_SZ SearchTimeout= 600; REG_DWORD Hi,

We have got a solution for this error.

BY default SiteMInder searches for XPS data only for 20 seconds. We had 29900 data entries for xpsNumber and hence we had to increase the default timing in sm.registry by 10 mins (600s).

The “SearchTimeout” entry which is not present in the default sm.register was updated as below :

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LdapPolicyStore=20495
AdminDN= cn=orcladmin; REG_SZ
AdminPW= {RC2}4BJMPQgYO5BdMBO/lfBA652fTopG4LXK; REG_SZ
AppSdk= 0; REG_DWORD
CertDbPath= ; REG_SZ
Enabled= 0×1; REG_DWORD
PSRootDN= dc=dcbok; REG_SZ
Server= 172.16.82.71:3060; REG_SZ
Use SSL= 0; REG_DWORD
Version= 5.0; REG_SZ
SearchTimeout= 600; REG_DWORD

]]> Comment on How SiteMinder Interacts with LDAP by Raghavendra Balgi http://www.coreblox.com/blog/2009/06/how-siteminder-interacts-with-ldap/comment-page-1/#comment-65196 Raghavendra Balgi Tue, 17 Jan 2012 10:54:45 +0000 http://www.coreblox.com/blog/?p=527#comment-65196 Great article. To know how to get something to work is wonderful, but to know how it works under the hood is gratifying! Great article. To know how to get something to work is wonderful, but to know how it works under the hood is gratifying!

]]> Comment on Quick guide to installing SiteMinder WAM R12 SP2 by Dee http://www.coreblox.com/blog/2010/01/quick-guide-to-installing-siteminder-wam-r12-sp2/comment-page-1/#comment-65145 Dee Tue, 17 Jan 2012 00:01:51 +0000 http://www.coreblox.com/blog/?p=807#comment-65145 Hi Todd, Thanks. Do we have any command for re-indexing ? As i had reindexed all the XPS related attributes via catalog and could see in the LDAP browser that all these attributes are indexed. However, after restarting the OID and SiteMinder services again i faced the same issue as below: ------------ [2380/21][Mon Jan 16 2012 23:26:28][CA.XPS:LDAP0018][INFO] LDAP Provider Version: orcldirectoryversion = OID 11.1.1.5.0 [2380/21][Mon Jan 16 2012 23:26:28][CA.XPS:LDAP0018][INFO] LDAP Provider Version: supportedldapversion = 2 [2380/21][Mon Jan 16 2012 23:26:28][CA.XPS:LDAP0018][INFO] LDAP Provider Version: supportedldapversion = 3 [2380/21][Mon Jan 16 2012 23:26:28][CA.XPS:XPSIO039][INFO] Database Transactions are OFF. [2380/21][Mon Jan 16 2012 23:26:29][CA.XPS:XPSIO007][INFO] 2 Parameter(s) loaded from Policy Store, 2 total. [2380/24][Mon Jan 16 2012 23:26:31][SmPolicyServer.cpp:1895][INFO] Starting key management thread [2380/28][Mon Jan 16 2012 23:26:31][SmPolicyServer.cpp:1512][INFO] Key management thread started. [2380/25][Mon Jan 16 2012 23:26:43][SmPolicyServer.cpp:1459][INFO] Starting journal management thread [2380/29][Mon Jan 16 2012 23:26:43][SmPolicyServer.cpp:1408][INFO] Journaling thread started, will delete commands older than 60 minutes [2380/21][Mon Jan 16 2012 23:26:49][smldaputils.cpp:880][INFO] Failing back LDAP store type #0 to server '172.16.82.71:3060'. [2380/21][Mon Jan 16 2012 23:27:09][CA.XPS:LDAP0014][ERROR] Error occurred during "SearchExt" for "(xpsNumber=*)", text: Timed out [2380/21][Mon Jan 16 2012 23:27:09][CA.XPS:XPSIO008][INFO] 0 object(s) loaded from the Policy Store. [2380/21][Mon Jan 16 2012 23:27:09][CA.XPS:XPSIO026][INFO] Policy Store ID is "73942492-97a5-1004-bf2e-84f9fe800000". [2380/21][Mon Jan 16 2012 23:27:09][CA.XPS:AUDIT012][INFO] XPS Auditing is enabled. [2380/21][Mon Jan 16 2012 23:27:18][CA.XPS:EDIT0056][INFO] No validation warnings will be logged (controlled by CA.XPS::$LogValidationWarnings). [2380/20][Mon Jan 16 2012 23:27:30][SmObjStore.cpp:303][INFO] Key Update Management is not enabled [2380/20][Mon Jan 16 2012 23:27:30][SmObjStore.cpp:345][INFO] Key distribution has been initiated by Policy Server [2380/31][Mon Jan 16 2012 23:32:39][smldaputils.cpp:880][INFO] Failing back LDAP store type #0 to server '172.16.82.71:3060'. [2380/31][Mon Jan 16 2012 23:32:59][CA.XPS:LDAP0014][ERROR] Error occurred during "SearchExt" for "(&(xpsNumber=*)(!(xpsCategory=1))(modifytimestamp>=0))", text: Timed out --------------------------- This is the result after cheking whether all the XPS related attributes are indexed or not in OID. Although i am unaware of any re Indexing commands in OID (If Any). Pls suggest if there is any breakthrough to this. As the SiteMinder comes up, it completely freezes OID and SiteMinder UI as well. Thanks in advance. Hi Todd,

Thanks. Do we have any command for re-indexing ?
As i had reindexed all the XPS related attributes via catalog and could see in the LDAP browser that all these attributes are indexed. However, after restarting the OID and SiteMinder services again i faced the same issue as below:

————
[2380/21][Mon Jan 16 2012 23:26:28][CA.XPS:LDAP0018][INFO] LDAP Provider Version: orcldirectoryversion = OID 11.1.1.5.0
[2380/21][Mon Jan 16 2012 23:26:28][CA.XPS:LDAP0018][INFO] LDAP Provider Version: supportedldapversion = 2
[2380/21][Mon Jan 16 2012 23:26:28][CA.XPS:LDAP0018][INFO] LDAP Provider Version: supportedldapversion = 3
[2380/21][Mon Jan 16 2012 23:26:28][CA.XPS:XPSIO039][INFO] Database Transactions are OFF.
[2380/21][Mon Jan 16 2012 23:26:29][CA.XPS:XPSIO007][INFO] 2 Parameter(s) loaded from Policy Store, 2 total.
[2380/24][Mon Jan 16 2012 23:26:31][SmPolicyServer.cpp:1895][INFO] Starting key management thread
[2380/28][Mon Jan 16 2012 23:26:31][SmPolicyServer.cpp:1512][INFO] Key management thread started.
[2380/25][Mon Jan 16 2012 23:26:43][SmPolicyServer.cpp:1459][INFO] Starting journal management thread
[2380/29][Mon Jan 16 2012 23:26:43][SmPolicyServer.cpp:1408][INFO] Journaling thread started, will delete commands older than 60 minutes
[2380/21][Mon Jan 16 2012 23:26:49][smldaputils.cpp:880][INFO] Failing back LDAP store type #0 to server ’172.16.82.71:3060′.
[2380/21][Mon Jan 16 2012 23:27:09][CA.XPS:LDAP0014][ERROR] Error occurred during “SearchExt” for “(xpsNumber=*)”, text: Timed out
[2380/21][Mon Jan 16 2012 23:27:09][CA.XPS:XPSIO008][INFO] 0 object(s) loaded from the Policy Store.
[2380/21][Mon Jan 16 2012 23:27:09][CA.XPS:XPSIO026][INFO] Policy Store ID is “73942492-97a5-1004-bf2e-84f9fe800000″.
[2380/21][Mon Jan 16 2012 23:27:09][CA.XPS:AUDIT012][INFO] XPS Auditing is enabled.
[2380/21][Mon Jan 16 2012 23:27:18][CA.XPS:EDIT0056][INFO] No validation warnings will be logged (controlled by CA.XPS::$LogValidationWarnings).
[2380/20][Mon Jan 16 2012 23:27:30][SmObjStore.cpp:303][INFO] Key Update Management is not enabled
[2380/20][Mon Jan 16 2012 23:27:30][SmObjStore.cpp:345][INFO] Key distribution has been initiated by Policy Server
[2380/31][Mon Jan 16 2012 23:32:39][smldaputils.cpp:880][INFO] Failing back LDAP store type #0 to server ’172.16.82.71:3060′.
[2380/31][Mon Jan 16 2012 23:32:59][CA.XPS:LDAP0014][ERROR] Error occurred during “SearchExt” for “(&(xpsNumber=*)(!(xpsCategory=1))(modifytimestamp>=0))”, text: Timed out
—————————
This is the result after cheking whether all the XPS related attributes are indexed or not in OID. Although i am unaware of any re Indexing commands in OID (If Any).
Pls suggest if there is any breakthrough to this. As the SiteMinder comes up, it completely freezes OID and SiteMinder UI as well.

Thanks in advance.

]]> Comment on Quick guide to installing SiteMinder WAM R12 SP2 by Todd http://www.coreblox.com/blog/2010/01/quick-guide-to-installing-siteminder-wam-r12-sp2/comment-page-1/#comment-65140 Todd Mon, 16 Jan 2012 23:27:19 +0000 http://www.coreblox.com/blog/?p=807#comment-65140 Yes. I would reindex the entries in the LDAP directory and then test the search outside of Siteminder through an LDAP client. Yes. I would reindex the entries in the LDAP directory and then test the search outside of Siteminder through an LDAP client.

]]> Comment on Quick guide to installing SiteMinder WAM R12 SP2 by Dee http://www.coreblox.com/blog/2010/01/quick-guide-to-installing-siteminder-wam-r12-sp2/comment-page-1/#comment-65133 Dee Mon, 16 Jan 2012 22:18:29 +0000 http://www.coreblox.com/blog/?p=807#comment-65133 Hi Todd, Anpother clarification: As in OID i can see that the following attributes are indexed: xpsNumber XPSCategory xpsTombstone xpsIndexedObject xpsParameter xpsKeyValue xpsValue xpsTombstone xpsSortKey and modifytimestamp However, should i go ahead and index them through Catalog again ? Hi Todd,

Anpother clarification: As in OID i can see that the following attributes are indexed:
xpsNumber
XPSCategory
xpsTombstone
xpsIndexedObject
xpsParameter
xpsKeyValue
xpsValue
xpsTombstone
xpsSortKey and
modifytimestamp

However, should i go ahead and index them through Catalog again ?

]]> Comment on Quick guide to installing SiteMinder WAM R12 SP2 by Dee http://www.coreblox.com/blog/2010/01/quick-guide-to-installing-siteminder-wam-r12-sp2/comment-page-1/#comment-65132 Dee Mon, 16 Jan 2012 22:16:12 +0000 http://www.coreblox.com/blog/?p=807#comment-65132 Thanks Todd for the update. We can see that these attributes are indexed OID. However, i didnot get which are the directories you have mentioned to be indexed.? Thanks Todd for the update.

We can see that these attributes are indexed OID. However, i didnot get which are the directories you have mentioned to be indexed.?

]]>