Federation Manager Admin UI Server Error

Document ID : KB000024612
Last Modified Date : 14/02/2018
Show Technical Document Details

Problem:

When hitting the URL:

http://fedmgr_server:ui_port/ca/federation/adminui

the following error is seen in the browser:

Server error; The server was not able to process your request.

Data gathered for troubleshooting:

Server.log - This Admin UI log file is located in the directory federation_mgr_home/logs/ui.

Logs showed the following:

[27/Apr/2009:16:47:08-517] - ServletContext                                     
'/opt/CA/secure-proxy/Tomcat/webapps/ca/federation/adminui/' initialized.       
[27/Apr/2009:16:47:08-518] - Serialization provider: class                     
org.apache.shared_impl.util.serial.DefaultSerialFactory                 
[27/Apr/2009:16:47:08-519] - Inside contextInitialized()                        
[27/Apr/2009:16:47:08-566] - configPath:                                        
/opt/CA/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf                 
[27/Apr/2009:16:47:08-884] - initDef:                                           
netegrity.siteminder.javaagent.InitDef@159054d                                  
[27/Apr/2009:16:47:08-886] - Failed to connect to policy server. Status: -1     
[27/Apr/2009:16:47:08-952] - [ERROR] Agent for virtual host : default did not   
initialized properly                                                            
[27/Apr/2009:16:47:08-953] - omitheaders_without_smsession: sending all         
headers     

Resolution:

There were no FedMgr tables in the Oracle DB. This was because they were trying to share a DB instance between SiteMinder and Federation Manager but this does not work. First we had to create a dedicated Oracle DB instance then we reinstalled Federation Manager pointing to the new DB.

Some info on the Oracle DB with Federation Manager:

The list of table names can be found in the database after the product is installed.

You can use the following query to get all the objects that belongs to a specific user:

Select * from all_objects                                                     
Where owner like SMUSER;     

You have to replace SMUSER with the database user who owns the schema. Keep in mind that the above query will give you only the objects in the database, it will not give you the name of objects not created due to lack of privileges.

Privileges should be granted based on objects being created. For instance if the application creates tables, triggers and procedures then the user will need the following privileges:

- Create table
- Create procedure
- And so on

Once the objects have been created; and if the application is not creating objects on the fly then privileges can be removed.

The following Oracle roles are ok for all the SiteMinder Setups:

- Connect
- Resource

Note that the Connect role is needed otherwise the user will not be able to connect to the database.