ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CA Performance Management SAML integration log in failures post upgrade


Article ID: 103025


Updated On:


CA Infrastructure Management CA Infrastructure Management CA Performance Management - Usage and Administration


After a CA Performance Center upgrade from users authenticated via SAML integration for SSO are unable to log in.


The following errors from the /opt/CA/PerformanceCenter/SSO/logs/SSOService.log indicate the cause of the problem.

INFO  | qtp1469267193-37         | 2018-06-21 13:32:20,931 | org.apache.cxf.service.factory.ReflectionServiceFactoryBean      
| Creating Service {}SingleSignOnWSSoapService from class com.netqos.singlesignonws.SingleSignOnWSSoap
ERROR | qtp1469267193-37         | 2018-06-21 13:32:20,969 | common.saml2.CredentialHelperUtility                             
| Could not find file: /opt/CA/PerformanceCenter/sso/webapps/sso/keystore

During the upgrade the keystore file was removed breaking the integration with SAML.

At this time the keystore file referenced in the file is not preserved by the upgrade. This is done for the SSL keystore referenced in ssl.ini files.

In this instance with the keystore located in the /opt/CA/PerformanceCenter/sso/webapps/sso/keystore directory it was overwritten when that directory was laid down during the installation.


All supported CA Performance Management releases


1: Ensure the keystore file for the SAML configuration is located in either:
1A: A Non-CA Performance Center directory on the server
1B: The same directory as the file which is left alone during upgrades:  /opt/CA/PerformanceCenter/sso/webapps/sso/configuration

2: Defect DE371073 has been submitted to ensure the keystore file referenced in the file is preserved regardless of it's location. This will be fixed in a future release.

Additional Information

If possible always ensure key files like keystore files with imported certifications are backed up to a safe location prior to upgrades for recovery purposes.