This documentation supports the 24.2 and consecutive patch versions of BMC Helix Single Sign-On.To view an earlier version, select the version from the Product version menu.

Troubleshooting common errors and issues

The following table describes errors and issues that you may encounter with BMC Helix Single Sign-On. 

Related topics

Troubleshooting

Configuring-settings-for-the-BMC-Helix-SSO-server

Issue

Description

Workaround

Problem with handshake while using an HTTPS connection

The certificate on the BMC Helix SSO is a self-signed certificate or is signed by a trustworthy CA.


  1. Check that the BMC Helix SSO server certificate is valid.
  2. If you have a self-signed certificate, make sure that you have imported it to the Java truststore.

BMC Helix SSO server does not start

Configuration issue during start up

Check the catalina.log (located in CATALINA_HOME/logs) for any issues related to the BMC Helix SSO web application.

Check the rsso.log file (located in CATALINA_HOME/logs) for exceptions related to the database connectivity (for example, the JDBC URL or the database user login and password).

Check the rsso.log file for the exceptions related to the marshalling of the configuration data.
Note: Marshalling refers to automatic creation of the Java objects from the XML source using the JAXB approach.

Server exception (stack trace) includes a reference to the com.bmc.arsys.api.session

Configuration issue with Remedy Mid Tier authenticator

Verify the BMC Remedy Mid Tier authenticator configuration file to define the 

BMC Helix SSO

 authentication plugin. 

623 AR Error

BMC Helix SSO AREA plugin configuration issue

Check the following:

General AREA configuration

Configuration of the plugin server (RSSO-related info is commented)

Corresponding property points to the BMC Helix SSO base URL in the rsso.cfg file.

In HA mode, the server throws an exception. The stack trace includes a reference to com.bmc.rsso.sdk.token.CookieTokenManager.

BMC Helix SSO agent cannot connect to the BMC Helix SSO server to obtain a piece of configuration.

Verify the load balancer settings about the HTTP redirection (3xx status after agent request is unwanted).

Correct the BMC Helix SSO server URL in the agent connection.

When using SAML-based IdP, a server exception with the text, "Failed to validate … condition," is displayed in the stacktrace.

Note: Stracktrace refers to the diagnostic information in the log file that indicates which Java stack was used when the exception was raised.

The times on the BMC Helix SSO server and IdP server are out of sync.

Synchronize the time across the servers.

When using LDAP-based IdP, the following error is recorded in the BMC Helix SSO logs:

SEVERE [LDAP: error code 4 - Sizelimit Exceeded] 

The maximum number of entries that the LDAP server can process in one call is less than the number of user entries the BMC Helix SSO server requests in a single call.

To extend the default limit of 2000 of entries, increase the Page Size value for LDAP authentication. For more information about how to do this, see Configuring-LDAP-authentication.

BMC Helix SSO logs do not include diagnostic information.

Log records with the levels of TRACE and DEBUG are filtered by the Logging level setting.

Check the logging level in the BMC Helix SSO Admin Console.Check the log configuration file (RSSOInstallFolder/WEB-INF/classes/ log4j.properties).

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*