Issue creating SAML Service Provider

Document ID : KB000074960
Last Modified Date : 28/03/2018
Show Technical Document Details
Introduction:
Unable to create SAML Service Provider Object in Administrative UI and receive error "Failed to create the backing Agent." 

In SMPS log: 

[29811/47576845911808][Wed Dec 06 2017 14:51:12][BackingObjects.cpp:192][SaveBackingAgent][ERROR][sm-xobfss-00040] Failed to create the backing Agent. 
[29811/47576845911808][Wed Dec 06 2017 14:51:12][SAMLSP.cpp:182][PreAction][ERROR][sm-xobfss-00250] Failed to create the backing Agent for the SAML Service Provider CA.SM::SAMLv2SP@21-0005fef0-4a30-1a28-8b6b-5f8dac1d452b(vsp). 
[29811/47576845911808][Wed Dec 06 2017 14:51:12][XPSPolicyData.cpp:992][PreAction][WARN][Assert] Assert failed: Base -> PreAction(Action) 

In Server.log: 

2017-12-06 14:51:12,416 ERROR [com.ca.siteminder.rpc.rpc.ClientDispatcher] (Thread-999 (HornetQ-client-global-threads-619391994)) fault ServerException(sm-xobfss-00040:Failed to create the backing Agent.) object.create 'SAMLv2SP' 
2017-12-06 14:51:12,419 ERROR [com.ca.siteminder.framework.xps.XPSManagedObject] (Thread-999 (HornetQ-client-global-threads-619391994)) Failed to create managed object 

In smtrace log: 
[12/06/2017][14:51:12.415][29811][47576845911808][({ €E+][LogMessage:ERROR: Failed to create the backing Agent.][][][][SaveBackingAgent][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][] 
[12/06/2017][14:51:12.415][29811][47576845911808][Øm €E+][LogMessage:ERROR: Failed to create the backing Agent for the SAML Service Provider CA.SM::SAMLv2SP@21-0005fef0-4a30-1a28-8b6b-5f8dac1d452b(vsp).][][][][PreAction][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][] 
[12/06/2017][14:51:12.415][29811][47576845911808][8i €E+][LogMessage:WARN: Assert failed: Base -> PreAction(Action)][][][][PreAction][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][] 


Reviewing the policy store LDIF reveals multiple corruption errors such as: 
xpsObject:3421 cannot find the associated XPS Extension object:31-6dc899c1-2680-4660-ad34-da7ca07438d2 

In this use case, there was an attempt to originally to try to import the objects from another environment, but later more objects were manually created with Administartive UI. 

 
Question:
How to create SAML Service Provider Object in Administrative UI when you get an error such as this: "Failed to create the backing Agent."?
Environment:
RHEL 7.2 x86_64 
Policy Server 12.6 sp02 
Policy Store IBM Directory Server 6.3.1 
WebAgent 12.52 sp01 cr04 
WebAgent Option Pack 12.52 sp01 cr0

 
Answer:
A CA SSO Administrator familiar with XPS corruption and XPSExplorer usage needs to clean up the corrupt objects using XPSExplorer. Actions taken as below, as an example, for this use case.

There is a junk leftover agent named samlsp:vsp preventing creating the SAMLv2SP with name “vsp”. The agent should be deleted with JExplorer or XPSExplorer; XPSExplorer is a better choice.
 
dn: smAgentOID4=01-00093add-9ef2-1a1f-90eb-5fa5ac1df72a,ou=PolicySvr4,ou=SiteMinder,ou=Netegrity,dc=siteminder
objectclass: smAgent5
objectclass: top
smAgentOID4: 01-00093add-9ef2-1a1f-90eb-5fa5ac1df72a
cn: samlsp:vsp
smAgentTypeOID4: 10-fbe22c2f-ce96-4465-a8f3-45219bdd5232
description: * Please do not edit this *
smRealmHintID4: 0
 
Using XPSExplorer, you also need to manually delete 2 XPS stubs together with the smAgent5
 
dn: xpsNumber=0000005129,ou=XPS,ou=policysvr4,ou=siteminder,ou=netegrity,dc=siteminder
objectclass: top
objectclass: xpsObject
xpsNumber: 0000005129
xpsCategory: 2
xpsClass: 3
xpsGUID: 01-00093add-9ef2-1a1f-90eb-5fa5ac1df72a
xpsSortKey: 2-0000005129
xpsUpdateBy: un56
xpsUpdateMethod: 5
ibm-entryuuid: c8b4c640-69df-1037-8399-9293ba430f2d
 
dn: xpsXID=CA.SM::Agent@01-00093add-9ef2-1a1f-90eb-5fa5ac1df72a,ou=XPS,ou=policysvr4,ou=siteminder,ou=netegrity,dc=siteminder
objectclass: top
objectclass: xpsXIDKey
xpsXID: CA.SM::Agent@01-00093add-9ef2-1a1f-90eb-5fa5ac1df72a
xpsIndexedObject: xpsNumber=0000005129,ou=XPS,ou=policysvr4,ou=siteminder,ou=netegrity,dc=siteminder
ibm-entryuuid: c8b4c640-69df-1037-839a-9293ba430f2d
 
When a corruption occurs, orphaned objects sometimes get left behind in the policy store. These objects usually do not show in the Administrative UI as they are missing either the XPS stub or the original SM base object. These two associated objects must be available for the object to appear in the UI, in addition to other associated objects (such as children or parent objects).