Intermittently redirect to login page when a user with a non-persistent session accesses a page that is protected with persistent realm in SiteMinder Policy Server.

Document ID : KB000053953
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

We are seeing a bunch of the following errors in our smps.log:

CSmSessionServer::GetSession() - Provider::GetSession() failed. Error code : 2

We are also seeing an intermittent behavior where users who already have a SiteMinder session (but not a persistent session) hit a realm that is protected by persistent sessions and are redirected to the login page.

Note that we have multiple policy servers handling our traffic, and they all show this error in the logs.

I'm running SiteMinder Policy Server 6 SP5 on Solaris and Oracle RAC as Session Store.

Solution:

When a user hits a persistent realm a session is created in the Session Store.

In order to create a persistent session in the policy server 2 operation must be done into the database:

  1. Insert the session in the session store database.
  2. Validate the session in the session store database using a select statement.

This is an atomic operation, in other words first insert the session and then validate it, but it can take place in 2 different policy servers since you are using load balancing and therefore the first operation can take place in one database and the second operation in the other database.

The issue is because a rapid insert takes place in one database and immediate query is done from the other database. As result the session is not found in the Session Store and the user is not validated resulting in a redirect for credentials.

This issue is particular of High Availability Solution like Oracle RAC or MS SQL Server Replication, but in any case your Database Administrator must ensure that all the databases in the Session Store will have the same information.

Note:

  • Oracle RAC has a delay between the oracle instances up to 7 seconds by default. For more reference please check KB article: Do I need to set any Oracle parameter when I use Siteminder Policy Server with Session Server and Oracle RAC? available at support.ca.com.
  • There are several reasons for "Error code : 2" in Session Server this is only one scenario.