Lakshman Annamalai

Compatibility issue for CA IM 14.1 running on JBOSS EAP 6.4 integrated with CA SSO 12.7

Blog Post created by Lakshman Annamalai Employee on Oct 20, 2017

We faced compatibility issue while building CA IM 14.1 and CA SSO 12.7 integration environment for one of our clients.

 

We used JBOSS EAP 6.4 as application server for CA IM 14.1

While starting the CA IM service (integrated with CA SSO), we were getting below errors in IM logs.

 

Logs:
12:05:08,049 INFO [ims.Main] (ServerService Thread Pool -- 99) Copyright 2000 - 2013 CA. All Rights Reserved
12:05:08,053 INFO [ims.Main] (ServerService Thread Pool -- 99) ################################################
12:05:08,053 INFO [ims.Main] (ServerService Thread Pool -- 99) # IAM Framework 400.1.0.0.369
12:05:08,053 INFO [ims.Main] (ServerService Thread Pool -- 99) ################################################
12:05:08,053 INFO [ims.Main] (ServerService Thread Pool -- 99) ################################################
12:05:08,053 INFO [ims.Main] (ServerService Thread Pool -- 99) # CA Identity Manager 14.1.0.0.347
12:05:08,053 INFO [ims.Main] (ServerService Thread Pool -- 99) ################################################
12:05:08,053 INFO [ims.Main] (ServerService Thread Pool -- 99) ---- CA IAM FW Startup Sequence Initiated. ----
12:05:08,058 INFO [ims.Main] (ServerService Thread Pool -- 99) * Startup Step 1 : Attempting to start ServiceLocator.
12:05:12,370 ERROR [ims.Main] (ServerService Thread Pool -- 99) The IAM FW Startup was not successful
12:05:12,371 ERROR [ims.Main] (ServerService Thread Pool -- 99) java.lang.SecurityException: Toolkit not encapsulated by a jar.
                at com.rsa.cryptoj.f.ug.d(Unknown Source)
                at com.rsa.cryptoj.f.ug.b(Unknown Source)
                at com.rsa.cryptoj.f.nd.b(Unknown Source)
                at com.rsa.cryptoj.f.nd.c(Unknown Source)
                at com.rsa.jsafe.CryptoJ.setMode(Unknown Source)
                at com.netegrity.ims.bootstrap.Main.start(Main.java:202)

 

This error is not seen if we disable CA SSO integration (in ra.xml file), and CA IAM FW Startup Sequence gets completed successfully.

 

We created a support ticket for this, and what Support team said is:
“It seems to be caused by a mismatched crypto jar in CA SSO. CA IM R14.1 is using bc_001-fips-1.0.0.jar instead of cryptojFIPS.jar but I *think* CA SSO hasn't been updated to know that. I don't know where in CA SSO the jar should be. Anyway, I leave it to SE to work it out. A defect ticket has been raised DE322877.”

Outcomes