Symantec Access Management

Hello,

CA Access gateway throwing below error while acting as oidc provider:--

[32345/139998188513024][Sat Feb 02 2019 14:18:18][SecureRedirect.java][ERROR][sm-FedClient-02890] Transaction with ID: 21f533e7-90d27a10-e389d42a-c53513ca-c900544d-a08 failed. Reason: SERE_GET_EXCEPTION (, , )
[32345/139998188513024][Sat Feb 02 2019 14:18:18][SecureRedirect.java][ERROR][sm-FedClient-01660] Exception caught in class com.netegrity.affiliateminder.webservices.SecureRedirect, method doGet, message com.netegrity.siteminder.agentcommon.utils.k: Failed to decrypt.. (, )

While looking for "SERE_GET_EXCEPTION" it states that JCE should be configured. JCE is already configured for jdk1.8_131 64 bit. 

Post successful authentication & authorization user is being redirected to "Authentication Provider Base Url" with "/favicon.ico" being appended to it.

[02/02/2019][09:18:18][32345][139998190618368][2197e28a-d736267c-5026b2ae-1fabdd16-ad4595ca-fe5][CSmHttpPlugin::ProcessResource][Resolved URL: '/favicon.ico'.]

Please advise.

Thanks,

Ankush

Hi Ankush,

Please apologize to come late on this thread.

According to this KD, you need to have the JCE patches.

SecureRedirect webapp error
https://comm.support.ca.com/kb/secureredirect-webapp-error/KB000097690

For jdk1.8_131, you need to :

- For the other previous versions of JDK [lower than 1.8_151],

perform the following steps:

Locate the JCE package for your operating system from the Oracle website.

Download the unlimited JCE package for the Java version that is supported by CA Access Gateway.

Navigate to the jdk_home\jre\lib\security directory on your system and apply the patch to the following files:

local_policy.jar

US_export_policy.jar

Note: jdk_home specifies the location of the Java installation.

https://docops.ca.com/ca-single-sign-on/12-8/en/installing/install-ca-access-gateway

What are the cksum values for the local_policy.jar and
US_export_policy.jar ?

I hope this helps,

Best Regards,
Patrick