Symantec Access Management

I am trying to implement a simple response with an open format cookie from this guide and ran into an issue where any optional attributes that I enter all return as null.  The siteminder attributes seem to return with no issues, however, if I add an attribute 'email' or any other, the decoded cookie comes up email=null in the response. Has anyone ran into this or can reproduce the issue?

I am on the latest 12.52 SP1.  Running in full-fips mode with the unlimited strength java library.  I tried both 128 and 256 bit AES.

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec592603.aspx

Is anyone able to offer any guidance on this question?

Thank you

Hi @adjennin2,

Have you got this resolved ?

I tried this today but couldn't reproduce the issue.

Here is how I configured it :

*****************************************************************

Java Active Expression for Open Format Cookie :

MyOFCCookie=<@ lib="smjavaapi" func="JavaActiveExpression" param="com.ca.sm.expression.activeexpression.smopenformatcookie ;;2;600;3758C6D6205A02A9485C8B1E2C9311E640349BD4E216104A;3DES_EDE/CBC/PKCS5Padding;SM_USERLOGINNAME;mail" @>

Decrypted value of OFC :

Using Security Provider Class: com.sun.crypto.provider.SunJCE

Decrypted Data String: Version=1.0;SM_USERLOGINNAME=wonsa03;mail=wonsa03@ca.com;

*****************************************************************

Could you check if you have extra semi colon (;) added after your optional attributes ? like "mail;"

If it is, then I try suggest by removing it and see if that works.

Cheers,

Ujwol Shrestha

I'm aslo having some issues, how did you convert your encryption key to a byte Key array?

HI @Jean-Baptiste Jean-Jacques

Please have a look at this and let me know if you have any questions  : CA Single Sign-On (formerly known as CA SiteMinder®) - Configure Agent-Less Single Sign-On - YouTube 

Regards,

Ujwol