Unable to create token error in Adapter Shim SSL connection to Statemanager
search cancel

Unable to create token error in Adapter Shim SSL connection to Statemanager

book

Article ID: 122217

calendar_today

Updated On: 02-12-2024

Products

CA Rapid App Security CA Advanced Authentication CA API Gateway CA Strong Authentication CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort)

Issue/Introduction

In SiteMinder and Strong Authentication integration, Adapter Shim which resides in the Policy Server Creates/Reads/Updates the tokens using State Manager functions via SSL communication (if https is enabled) from Adapter Shim component.

How can we resolve the error 'Unable to create token' displayed by shimerror.fcc after updating SSL certificates in the environment?

Environment

Symantec Siteminder 12.8

Symantec Strong Authentication 9.1.x

Symantec Adapter 9.1.x

Resolution

Follow these steps to resolve the SSL communication issue between Adapter Shim and State Manager:

1. Ensure to import the required certificates into <JAVA_HOME>\jre\lib\security\cacerts where the Application server has deployed the CA Statemanager

2. Ensure that the parameter RequireSecureConnection in arcotsm.properties  file (in ARCOT_HOME\conf\afm) is set to True as shown below:
RequireSecureConnection=true

3. Ensure that the parameter ArcotSMBaseURL in adaptershim.ini file (on the Siteminder Policy Server location - <ARCOT_HOME>\conf) is set for HTTPS access as shown below:
ArcotSMBaseURL=https://Hosname:Port/arcotsm/servlet

4. Ensure that these certs are provided as shown below. ARCOT_HOME variable points to the install location on your system. 
ArcotSMTrustedRootPEM=ARCOT_HOME/adapterSiteMinder/certs/rootcacert.pem
ArcotSMClientSSLCert=ARCOT_HOME/adapterSiteMinder/certs/tsclientcert.pem
ArcotSMClientPrivateKey=ARCOT_HOME/adapterSiteMinder/certs/tsclientkey.pem


 

Additional Information

None