Issue
When trying to use federation, we get the following error in the browser :
HTTP Status 403 - Request Forbidden. Transaction ID: 1711457b-3dd3a976-79fd404a-d7a111f5-c15c7df1-f810 failed.
Checking the Policy Server traces we see :
[LogMessage:ERROR:[sm-JavaApi-00290] SmJavaAPI: Error finding class ActiveExpressionContext]
[LogMessage:ERROR:[sm-Tunnel-00160] Failed to initialize tunnel service library 'smjavaapi'. SmJavaAPI: Unable to initialize JNI references]
The JVM is creating a dump:
V [libjvm.so+0x701d5a] resource_allocate_bytes(unsigned int, AllocFailStrategy::AllocFailEnum)+0x1a
V [libjvm.so+0x51209c] JVM_GetStackAccessControlContext+0xfc
C [libjava.so+0x9984] Java_java_security_AccessController_getStackAccessControlContext+0x24
...
01dca000-02651000 r-xp 00000000 fd:00 6135898 /u01/app/java/jdk1.7.0_79/jre/lib/i386/server/libjvm.so
02651000-026b6000 rw-p 00886000 fd:00 6135898 /u01/app/java/jdk1.7.0_79/jre/lib/i386/server/libjvm.so
04688000-04693000 r-xp 00000000 fd:00 5842876 /u01/app/java/jdk1.7.0_71/jre/lib/i386/libverify.so
04693000-04694000 rw-p 0000b000 fd:00 5842876 /u01/app/java/jdk1.7.0_71/jre/lib/i386/libverify.so
Environment
Policy Server 12.52 SP1 CR00 on RHEL 6.6 64-bit
Cause
This issue is caused by having 2 different JDK configured in the Policy Server configuration of :
in environment variables PATH and LD_LIBRARY_PATH
in files ca_ps_env.ksh and JVMOptions.txt
/u01/app/java/jdk1.7.0_79/jre
/u01/app/java/jdk1.7.0_71/jre
Resolution
This problem is resolved by using only one JDK/JRE (in the example, the version 1.7.0_79) and patching it with the Java Cryptography Extension (JCE).