SSO Token Not Validated in Cluster Configuration

Document ID : KB000046343
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue:

Gateway is able to validate SSO tokens only on one node of a cluster.

The ssg_0_0.log contains:

'Unable to decode the token - invalid SSO token!'

Environment:

Gateway Integrated with Siteminder to validate SSO tokens 

Cause:

If you are using FIPS, cluster machines need a configuration change to specify that FIPS is being used

Resolution:

1) Add the following line before the line “CAPKIHOME=${CAROOT}/CAPKI” in the /opt/SecureSpan/Gateway/runtime/etc/profile.d/siteminder-env.sh file
CA_SM_PS_FIPS140=ONLY

2) Modify the following line in the file to export CA_SM_PS_FIPS140 environment variable
export CAROOT LD_LIBRARY_PATH CAPKIHOME CA_SM_PS_FIPS140

3) Restart the Gateway process: service ssg restart