Issue
We have configured CA Access Gateway(SPS) R12.52 at frontend and CA Virtual Appliance(Vapp) R14.2 where IAM is running at the backend.
We have created the proxy rules to forward/redirect the request from CA Access Gateway(SPS) to CA Virtual Appliance(Vapp).
When we try to access the backend resource via the proxy server, we get the below error message:
Request URI : /iam/im/identityenv/
Error Type : SPS Exception
Error Code : Noodle_GenericException
Message : Indicates error at noodle stage. More detailed in SPS logs.
After enabling SSL logging as described below, the below errors were reported in the Access Gateway server.log:
https://communities.ca.com/community/ca-security/ca-single-sign-on/blog/2017/03/07/howto-enable-tracing-in-agent-gateway-fka-secure-proxy-server
server.log
==========
***Created and initialized encryption cipher
CipherAlg: AES/CBC/NoPadding
CipherKey: 5006874403d853329c10d63f1bef395ba33ad9af6a82f562b13f2e30b60bdc0a
***Created and initialized Mac
MacAlg: HmacSHA1
MacKey: 6916bfaea29beac9cd866a13f8c9e6dd0264eed4
Mac length used: 20
***SEND Alert Fatal, Internal Error
***ENCRYPT: Plaintext (2): [
0000: 02 50 [.P ]
]
***ENCRYPT: Ciphertext (2): [
0000: 02 50 [.P ]
]
How can we resolve this issue?
Environment
CA Access Gateway(SPS) R12.52 Build 142 on Windows 2008 R2
Resolution
Applying JCE patches resolved the issue.
JCE patches required -- The current Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction patches are required to use the Java cryptographic algorithms. To locate the JCE package for your operating platform, see the Oracle website.
Apply the patches to the following files on your system:
local_policy.jar
US_export_policy.jar
These files are in the following directories:
Windows:jre_home\lib\security
UNIX:jre_home/lib/security
jre_home specifies the location of the Java Runtime Environment installation.
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/installing/install-ca-siteminder-sps
KD : KB000117246