Policy server crashes after rule with response redirect

Document ID : KB000046842
Last Modified Date : 14/02/2018
Show Technical Document Details

Problem: 

I have a domain, realm, rule for onAuthAttempt, and a response with WebAgent-OnReject-Redirect attribute as: 
<$expr=""/siteminderagent/forms/smpwservices.fcc?&SMAUTHREASON=100&USERNAME=" + %sm_userloginname" $>
 

We set up Auth/Az Mappings - Active Directory as the "Authentication Directory" and the CA Directory as the "Authorization Directory". 

When the rule is processed, the policy server crashes and generates a core dump.

Environment:  

Policy Server 12.52 SP1 CR5 build 2113

Linux 

Cause:

In this use case, the issue occurs because the user who tries to access the resource does not exist in the authorization directory.  If you do not use Auth/Az Mapping, this problem will occur if the user you are using to access the resource does not exist in the user directory specified in the policy.  It appears the code is assuming there will be a user context when there isn't since the user does not exist. It then goes to dereference a null pointer because of that.

 

Resolution:

This is a known defect and is tracked through Defect DE202266.

If you are experiencing the same issue, please open a ticket with Single Sign-on support and request for pkgapp tool to process the core dump.  Support and engineering will need to verify if the issue is the same.