Error during creation of a Federation Partnership in AdminUI

Document ID : KB000116294
Last Modified Date : 28/09/2018
Show Technical Document Details
Question:
During the setup of a partnership between our local SiteMinder as SP, and a remote IdP, we are getting an error message in AdminUI when clicking on Finish: "Error modifying new partnership" ("Erreur lors de la modification du nouveau partenariat" as we see in french).

On the Policy Server logs, we do see the following warning message: "Caller is attempting to get ACS links from an entity that is not an SPBase or a SAML1xConsumerRemote"

On AdminUI server.log: 
2018-29-11 12:53:31,893 ERROR [com.ca.federation.adminui.backingbean.federation.PartnershipListBean] (http-myserver.com%2F10.10.10.10-8443-6) **ERROR** com.ca.fedxps.api.remote.FedXPSException during UI operation. 
com.ca.fedxps.api.remote.FedXPSException: Failed to change partnership status to Defined 


On Policy Server traces we also see:
[9980/13188][Tue Nov 29 2018 12:53:31][PartnershipSvcBase.cpp:1242][PartnershipSvcBase::createAgent][ERROR][sm-xobfed-00770] createAgent failed. 
[9980/13188][Tue Nov 29 2018 12:53:31][IdPPartSvc.cpp:293][IdPPartSvc::setDefined][ERROR][sm-xobfed-00270] The backing agent could not be created 
[9980/13188][Tue Nov 29 2018 12:53:31][PartnershipService.cpp:2287][PartnershipService][ERROR][sm-xobfed-02330] PartnershipService failed.  Operation: 2 


Why is this happening? How can we solve this issue?
 
Environment:
Policy Server R12.52 SP1
AdminUI R12.52 SP1
Answer:
When the Federation default objects are missing in the Policy Store, this behavior and error messages can be observed, as to set the partnership it needs to get information from these. It can happen that when the Policy Store was configured, all the default objects were loaded except the fedpolicy-12.5.xml ones. Adding them will solve the issue.

This step can be performed without any harm as the XPSImport tool will not do any modification if the objects are already in the store. They will be added or replaced only in case they are missing or damaged.

As per documentation:
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/installing/install-a-policy-server/configure-ldap-directory-server-policy-session-and-key-stores/configure-an-ldap-directory-server-as-a-policy-store/configure-microsoft-active-directory-lds-as-a-policy-store#ConfigureMicrosoftActiveDirectoryLDSasaPolicyStore-ImporttheDefaultPolicyStoreObjects
 
  • To import federation functionality, run the following command:

    XPSImport fedpolicy-12.5.xml -npass