Custom Authentication Scheme log not getting generated and login Issue
search cancel

Custom Authentication Scheme log not getting generated and login Issue

book

Article ID: 135960

calendar_today

Updated On:

Products

CA Single Sign-On SITEMINDER

Issue/Introduction


When running a Policy Server and a custom Authentication Scheme fails, the Policy Server reports:

AuthReject <user> [12/Jul/2019:08:21:23 -0400] "127.0.0.1 <server >" "server.example.com GET /" [] [0] [] []

More, the custom Authentication Scheme doesn't generate log file anymore.

This occurs after the Policy Server has been upgraded.

 

Cause


The Policy Server reports the following java stack:

July 15, 2019 6:47:53.106 AM[727297504:E] Exception Stack Trace:
            java.lang.ExceptionInInitializerError
            at io.jsonwebtoken.SignatureAlgorithm.<clinit>(SignatureAlgorithm.java:92)
            at com.<module>.siteminder.app.JWTFilter.generateToken(JWTFilter.java:79)
            at com.<module>.siteminder.app.JWTFilter.handle(JWTFilter.java:32)
            at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682)

Caused by: io.jsonwebtoken.lang.InstantiationException: Unable to instantiate class [org.bouncycastle.jce.provider.BouncyCastleProvider]
            at io.jsonwebtoken.lang.Classes.newInstance(Classes.java:148)
            at io.jsonwebtoken.lang.RuntimeEnvironment.enableBouncyCastleIfPossible(RuntimeEnvironment.java:51)
            at io.jsonwebtoken.lang.RuntimeEnvironment.<clinit>(RuntimeEnvironment.java:60)

Caused by: java.lang.SecurityException: class "org.bouncycastle.asn1.DERObjectIdentifier"'s signer information does not match signer information of other classes in the same package
            at java.lang.ClassLoader.checkCerts(ClassLoader.java:898)
            at java.lang.ClassLoader.preDefineClass(ClassLoader.java:668)

The error "signer information does not match signer information of other classes in the same package" means that classes belonging to the same package are loaded from different jar files, and each has a different signature (1).

 

Resolution

 

  1. Install the SDK package version as the same version as the Policy Server version;
  2. Ensure all jars are signed with the same certificate, or remove the certificates from the manifests of the jar files (1);
  3. Recompile the code.

 

Additional Information

Powered by Wolken Software