CA Performance Management SAML integration log in failures post upgrade

book

Article ID: 103025

calendar_today

Updated On:

Products

CA Infrastructure Management CA Infrastructure Management CA Performance Management - Usage and Administration CA Performance Management - Data Polling

Issue/Introduction

After a CA Performance Center upgrade from users authenticated via SAML integration for SSO are unable to log in.

Cause

The following errors from the /opt/CA/PerformanceCenter/SSO/logs/SSOService.log indicate the cause of the problem.

INFO  | qtp1469267193-37         | 2018-06-21 13:32:20,931 | org.apache.cxf.service.factory.ReflectionServiceFactoryBean      
| Creating Service {http://netqos.com/SingleSignOnWS}SingleSignOnWSSoapService from class com.netqos.singlesignonws.SingleSignOnWSSoap
ERROR | qtp1469267193-37         | 2018-06-21 13:32:20,969 | common.saml2.CredentialHelperUtility                             
| Could not find file: /opt/CA/PerformanceCenter/sso/webapps/sso/keystore

During the upgrade the keystore file was removed breaking the integration with SAML.

At this time the keystore file referenced in the saml.properties file is not preserved by the upgrade. This is done for the SSL keystore referenced in ssl.ini files.

In this instance with the keystore located in the /opt/CA/PerformanceCenter/sso/webapps/sso/keystore directory it was overwritten when that directory was laid down during the installation.
 

Environment

All supported CA Performance Management releases

Resolution

1: Ensure the keystore file for the SAML configuration is located in either:
1A: A Non-CA Performance Center directory on the server
1B: The same directory as the saml.properties file which is left alone during upgrades:  /opt/CA/PerformanceCenter/sso/webapps/sso/configuration

2: Defect DE371073 has been submitted to ensure the keystore file referenced in the saml.properties file is preserved regardless of it's location. This will be fixed in a future release.

Additional Information

If possible always ensure key files like keystore files with imported certifications are backed up to a safe location prior to upgrades for recovery purposes.