So one of the more challanging issues with Siteminder Web Agents on UNIX / LINUX is the way that shared objects are handled. I call the three general ways this can cause issues the Three P’s:

  1. Patch
  2. Path
  3. Permissions


whenever a webagent is patched you run the risk of mucking up the shared objects. Always backup everything before you start, never manually copy things in, and making sure that your environment scripts are correct is the easiest way to avoid this.


Historically, the .so libraries have been stored in the WebAgentHome/lib directory, but things have been moving to /bin for some time. bringing up the LLAWP webagent process with error -LLAWP: error while loading shared libraries: cannot open shared object file: No such file or directory.

Making sure that the PATH, LD_LIBRARY_PATH, and other environment settings are set correctly for the user, the users profile, and various start scripts is well documented on the CA support site and is always a good first place to start.


Definitely the hardest thing to troubleshoot–changes to the file system ownership is generally the root cause–someone doing chown -g dave or something so that the group permissions get all messed up can cause error while loading shared libraries: cannot open shared object file: No such file or directory type errors at startup which do not make much sense and are hard to find.

Make sure stuff like:

LLAWP /path/to/webagent.conf -APACHEversion



work is a good place to start.  Comparing closely with a working server is likely the only way to find these–be sure to pay attention to sym link permission.



~Getting Stuck as a Super Power~

There is a fantastic blog that reviews the common ways in which people get stuck.


Reviewing the list with your team will likely quickly identify who is getting stuck where just by the comments!




Siteminder Configuration View Script

Like a lot of Siteminder Admins, I spend a lot of time looking at the WebAgent.conf + SmHost.conf using standard quick UNIX command line commands:

  • ps -ef | grep LL
  • copy the path to the running WebAgent.conf
  • cat /copied/path/to/WebAgent.conf
  • copy the path the the SmHost.conf from WebAgent.conf HostConfigFile line
  • cat /copied/path/to/SmHost.conf

I want to do this using a simple function key–so I need to pipe it all through something reasonable.

so I start with this:

server (user):/home/user>ps -ef | grep LL | grep -v grep
user 8383     1  0  2016 ?        01:00:27 LLAWP /path/to/the/conf/WebAgent.conf -APACHE22

And then I get this:

ps -ef | grep LL | grep -v grep | awk ‘{print $9}’

which gives me the /path/to/the/conf/WebAgent.conf file & adding cat to that is simple:

cat `ps -ef | grep LL | grep -v grep | awk ‘{print $9}’`

and you can feed this to a grep to get the SmHost file location:

cat `ps -ef | grep LL | grep -v grep | awk ‘{print $9}’` | grep Host  HostConfigFile=”/path/to/installed/webagent/config/SmHost.conf”

which is getting fairly complicated

cat `ps -ef | grep LL | grep -v grep | awk ‘{print $9}’` | grep Host  HostConfigFile=”/path/to/installed/webagent/config/SmHost.conf”| grep Host | awk ‘{gsub(“HostConfigFile=”, “”);print}’






  1. Have a “Master” List
  2. Have a “Top 3”
  3. Break it Down & Be Specific
  4. Be Intentional With Unfinished Tasks
  5. Plan to Plan
  6. Consider an “If/Then” List


There is a great article on Using Evernote to create a Bullet Journal thre is a lot of focus on the Four Parts of the Bullet Journal

1. Index
2. Future
3. Monthly
4. Daily

As well as a good over view of the bullet notation

• = task
X = complete task
> = migrated
< = scheduled
O = event
– = notes


and the bullet signifiers

! = Inspiration
* = Priority
eye = Research

I also really like this food journal

05-03-16 10-01


All meetings should have notes sent out afterwards. Notes should include tasks with names. There should be some mention of a success criteria for tasks. It is important that notes are readable, use color to keep things interesting.



I am using Bullet Journal for most of my note taking technique.


All meetings must have an agenda.


Los Angeles Identity & Access Management User Group

04-26-16 09-57

I gave a talk on Monitoring the IAM stack at the LA IAM UG–the Presentation is online for review.

The meeting was well attended & the conversation after my talk was definitely the most informative part of the day.