Layer7 API Management

Hi All,

I am trying to integrate CA Siteminder R12.52 with CA Layer7. I am getting below error :--

2015-06-21T16:08:42.359+0530 SEVERE  117 com.l7tech.server.SoapMessageProcessingServlet: Could not initialize class com.ca.siteminder.SiteMinderLowLevelAgent

java.lang.NoClassDefFoundError: Could not initialize class com.ca.siteminder.SiteMinderLowLevelAgent

        at com.l7tech.server.siteminder.SiteMinderConfigurationManagerImpl.getSiteMinderLowLevelAgent(Unknown Source)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:606)

        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)

        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)

        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)

        at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)

        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)

        at com.sun.proxy.$Proxy108.getSiteMinderLowLevelAgent(Unknown Source)

        at com.l7tech.external.assertions.siteminder.server.AbstractServerSiteMinderAssertion.initSmAgentFromContext(Unknown Source)

        at com.l7tech.external.assertions.siteminder.server.ServerSiteMinderCheckProtectedAssertion.doCheckRequest(Unknown Source)

        at com.l7tech.server.policy.assertion.AbstractMessageTargetableServerAssertion.checkRequest(Unknown Source)

        at com.l7tech.server.policy.assertion.composite.ServerCompositeAssertion.iterateChildren(Unknown Source)

        at com.l7tech.server.policy.assertion.composite.ServerAllAssertion.checkRequest(Unknown Source)

        at com.l7tech.server.policy.assertion.composite.ServerCompositeAssertion.iterateChildren(Unknown Source)

        at com.l7tech.server.policy.assertion.composite.ServerAllAssertion.checkRequest(Unknown Source)

        at com.l7tech.server.policy.ServerPolicy.checkRequest(Unknown Source)

        at com.l7tech.server.policy.x.call(Unknown Source)

        at com.l7tech.server.policy.x.call(Unknown Source)

        at com.l7tech.common.log.HybridDiagnosticContext.doInContext(Unknown Source)

        at com.l7tech.server.policy.ServerPolicyHandle.checkRequest(Unknown Source)

        at com.l7tech.server.ob.b(Unknown Source)

        at com.l7tech.server.ob.a(Unknown Source)

        at com.l7tech.server.ob.access$700(Unknown Source)

        at com.l7tech.server.MessageProcessor.a(Unknown Source)

        at com.l7tech.server.MessageProcessor.processMessageNoAudit(Unknown Source)

        at com.l7tech.server.SoapMessageProcessingServlet.serviceNoAudit(Unknown Source)

        at com.l7tech.server.SoapMessageProcessingServlet.access$000(Unknown Source)

        at com.l7tech.server.bc.call(Unknown Source)

        at com.l7tech.server.audit.AuditContextFactory.doWithNewAuditContext(Unknown Source)

        at com.l7tech.server.SoapMessageProcessingServlet.service(Unknown Source)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:770)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)

        at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)

        at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:342)

        at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)

        at com.l7tech.server.transport.http.HttpNamespaceFilter.doFilter(Unknown Source)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at com.l7tech.server.WsdlFilter.doFilter(Unknown Source)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at com.l7tech.server.transport.http.ConnectionIdFilter.doFilter(Unknown Source)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at com.l7tech.server.transport.http.InputTimeoutFilter.doFilter(Unknown Source)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at com.l7tech.server.log.HybridDiagnosticContextServletFilter.doFilter(Unknown Source)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:181)

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

        at com.l7tech.server.tomcat.ResponseKillerValve.invoke(Unknown Source)

        at com.l7tech.server.tomcat.ConnectionIdValve.invoke(Unknown Source)

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:295)

        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)

        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)

        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:396)

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

        at java.lang.Thread.run(Thread.java:745)

Please suggest.

Thanks in advance,

Ankush

Hi Stephen,

I have installed below softwares :--

ssg-8.2.00-5.noarch.rpm ( with internal db )

ssg-sm12-8.2.00-5.i386.rpm ( for siteminder R12 )

It is separate installation, Siteminder version is : R12.52 .

I did siteminder configuration on from Tasks -> Manage Siteminder Configuration. Test connection is passing successfully and trustedhost for layer7 also got created in Siteminder.

Siteminder is loading up during boot process.

2015-06-22T11:19:05.372+0530 INFO    1 com.l7tech.server.policy.module.CustomAssertionsScanner: Registered custom assertion com.l7tech.ca.sm12.ProtectedResource from module ca-sm12.jar

I am attaching screenshot of configuration done. Please let me know if I need to install any other rpm / package to supporty this functionality.

Thanks in advance,

Ankush

HI,

Can you please provide the steps for integrating Siteminder with Layer7.

I have a requirement of using openid for authN and OAuth for AuthZ in Layer7. I am planning to use the OTK within layer7 for AuthZ and openid authentication scheme in siteminder for layer7 siteminder webagent.

But i have doubt like, once user authenticated by openid provider, how the siteminder response/session will be used by oauth(OTK) for authorization.

Can anyone please advise.

Thanks in advance.

Thanks,

Manoranjan Pani

Ankush,

Please following the instructions in Appendix I: Installing the CA SiteMinder SDK of the Software installation Manual and download the siteminder-sdk_12.51_linux.tar.gz file -  https://na3.salesforce.com/sfc/#version?selectedDocumentId=06950000001fDR2

Sincerely,

Stephen Hughes

CA Technologies
Director, CA Support

Hi Stephen,

I installed the sdk successfully, but the result remains the same. Below is the soap response fault

<?xml version="1.0" encoding="UTF-8" ?>

- <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

- <soapenv:Body>

- <soapenv:Fault>

  <faultcode>soapenv:Server</faultcode>

  <faultstring>Error in assertion processing</faultstring>

  <faultactor>http://x.x.x.x:8000/</faultactor>

- <detail>

  <l7:policyResult status="netegrity.siteminder.javaagent.AgentAPI.enableJavaCompatibilityMode()V" xmlns:l7="http://www.layer7tech.com/ws/policy/fault" />

  </detail>

  </soapenv:Fault>

  </soapenv:Body>

  </soapenv:Envelope>

Does sdk needs mysql as database or it can work with layer7 internal db ?

Ankush,

It will work with both the embedded database or the MySQL database. What does the log show when this error occurs with the response?

Sincerely,

Stephen Hughes

  CA Technologies
Director, CA Support

Hi Stephen,

Error is same as earlier. Low level agent is unable to start. I have followed the instruction same as in manual.  Is there any to debug this scenario.

Pasting the logs below :--

INFO    88 com.l7tech.server.policy.assertion.ServerAuditDetailAssertion: -4: 0000014e21912951-1 6c754cb5-c97c-4dc5-89ca-2cfe352bc900 Policy for service #fd4c08fd174ac39e5e3a05b7bfb8fcd7, test 49  192.168.56.106 41689 http://192.168.56.106:8000/ 0

2015-06-23T23:43:02.846+0530 SEVERE  88 com.l7tech.server.SoapMessageProcessingServlet: netegrity.siteminder.javaagent.AgentAPI.enableJavaCompatibilityMode()V

java.lang.UnsatisfiedLinkError: netegrity.siteminder.javaagent.AgentAPI.enableJavaCompatibilityMode()V

        at netegrity.siteminder.javaagent.AgentAPI.enableJavaCompatibilityMode(Native Method)

        at com.ca.siteminder.SiteMinderLowLevelAgent.<clinit>(Unknown Source)

        at com.l7tech.server.siteminder.SiteMinderConfigurationManagerImpl.getSiteMinderLowLevelAgent(Unknown Source)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:606)

        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)

        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)

        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)

        at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)

        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)

        at com.sun.proxy.$Proxy108.getSiteMinderLowLevelAgent(Unknown Source)

        at com.l7tech.external.assertions.siteminder.server.AbstractServerSiteMinderAssertion.initSmAgentFromContext(Unknown Source)

        at com.l7tech.external.assertions.siteminder.server.ServerSiteMinderCheckProtectedAssertion.doCheckRequest(Unknown Source)

        at com.l7tech.server.policy.assertion.AbstractMessageTargetableServerAssertion.checkRequest(Unknown Source)

        at com.l7tech.server.policy.assertion.composite.ServerCompositeAssertion.iterateChildren(Unknown Source)

        at com.l7tech.server.policy.assertion.composite.ServerAllAssertion.checkRequest(Unknown Source)

        at com.l7tech.server.policy.assertion.composite.ServerCompositeAssertion.iterateChildren(Unknown Source)

        at com.l7tech.server.policy.assertion.composite.ServerAllAssertion.checkRequest(Unknown Source)

        at com.l7tech.server.policy.ServerPolicy.checkRequest(Unknown Source)

        at com.l7tech.server.policy.x.call(Unknown Source)

        at com.l7tech.server.policy.x.call(Unknown Source)

        at com.l7tech.common.log.HybridDiagnosticContext.doInContext(Unknown Source)

        at com.l7tech.server.policy.ServerPolicyHandle.checkRequest(Unknown Source)

        at com.l7tech.server.ob.b(Unknown Source)

        at com.l7tech.server.ob.a(Unknown Source)

        at com.l7tech.server.ob.access$700(Unknown Source)

        at com.l7tech.server.MessageProcessor.a(Unknown Source)

        at com.l7tech.server.MessageProcessor.processMessageNoAudit(Unknown Source)

        at com.l7tech.server.SoapMessageProcessingServlet.serviceNoAudit(Unknown Source)

        at com.l7tech.server.SoapMessageProcessingServlet.access$000(Unknown Source)

        at com.l7tech.server.bc.call(Unknown Source)

        at com.l7tech.server.audit.AuditContextFactory.doWithNewAuditContext(Unknown Source)

        at com.l7tech.server.SoapMessageProcessingServlet.service(Unknown Source)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:770)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)

        at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)

        at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:342)

        at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)

        at com.l7tech.server.transport.http.HttpNamespaceFilter.doFilter(Unknown Source)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at com.l7tech.server.WsdlFilter.doFilter(Unknown Source)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at com.l7tech.server.transport.http.ConnectionIdFilter.doFilter(Unknown Source)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at com.l7tech.server.transport.http.InputTimeoutFilter.doFilter(Unknown Source)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at com.l7tech.server.log.HybridDiagnosticContextServletFilter.doFilter(Unknown Source)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:181)

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

        at com.l7tech.server.tomcat.ResponseKillerValve.invoke(Unknown Source)

        at com.l7tech.server.tomcat.ConnectionIdValve.invoke(Unknown Source)

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:295)

        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)

        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)

        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:396)

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

        at java.lang.Thread.run(Thread.java:745)

2015-06-23T23:43:03.219+0530 INFO    44 com.l7tech.server.EntityVersionChecker: Version checking took 1835ms

2015-06-23T23:45:46.859+0530 INFO    89 com.l7tech.server.admin: User logged out

2015-06-23T23:53:18.892+0530 SEVERE  65 org.jgroups.protocols.UDP: failed sending message to null (147 bytes)

java.lang.Exception: dest=/224.0.131.139:8777 (150 bytes)

        at org.jgroups.protocols.UDP._send(UDP.java:361)

        at org.jgroups.protocols.UDP.sendToAllMembers(UDP.java:302)

        at org.jgroups.protocols.TP.doSend(TP.java:1478)

        at org.jgroups.protocols.TP.send(TP.java:1468)

        at org.jgroups.protocols.TP.down(TP.java:1186)

        at org.jgroups.protocols.Discovery.down(Discovery.java:374)

        at org.jgroups.protocols.MERGE2.down(MERGE2.java:175)

        at org.jgroups.protocols.FD.down(FD.java:315)

        at org.jgroups.protocols.VERIFY_SUSPECT.down(VERIFY_SUSPECT.java:95)

        at org.jgroups.protocols.pbcast.NAKACK.send(NAKACK.java:803)

        at org.jgroups.protocols.pbcast.NAKACK.down(NAKACK.java:604)

        at org.jgroups.protocols.UNICAST.down(UNICAST.java:455)

        at org.jgroups.protocols.pbcast.STABLE$1.run(STABLE.java:644)

        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)

        at java.util.concurrent.FutureTask.run(FutureTask.java:262)

        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178)

        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292)

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

        at java.lang.Thread.run(Thread.java:745)

Caused by: java.io.IOException: Invalid argument

        at java.net.PlainDatagramSocketImpl.send(Native Method)

        at java.net.DatagramSocket.send(DatagramSocket.java:676)

        at org.jgroups.protocols.UDP._send(UDP.java:352)

Thanks in Advance,

Ankush