The following error is written each time the Identity Manager UI accesses the database: 14:09:41,469 ERROR [com.netegrity.crypto.AESCBCPKCS5PaddingHandler] java.io.IOException: Error finalising cipher org.bouncycastle.crypto.internal.DataLengthException: last block incomplete in decryption 14:09:41,485 ERROR [com.netegrity.crypto.AESCBCPKCS5PaddingHandler] Exception caught while decrypting.

There is no functional impact except for the constant flow of error messages reported to the server log for each time there is a query to the user store.

Applies to IM integrated with SSO/Siteminder

Identity Manager 14.4 Standalone

Check the IM_DIR_CONNECTION table in the IM object store for the environment's user store connection.

The rows for the user store should have a NULL value for the password because when IM is integrated with SSO/Siteminder there should be no user directory password stored in the IM object store.

In the case above there was an encrypted password value in the row, probably a holdover or configuration mistake from an upgrade or migration.

Resolved in 14.4 CP1

-----

If using version before 14.4 CP1,

Check the IM_DIR_CONNECTION table in the IM object store for the environment's user store connection.

The rows for the user store should have a NULL value for the password.

In the case above there was an encrypted password value in the row.

The resolution was to clear that password from the row.

When IM is integrated with SSO/Siteminder there should be no user directory password stored in the IM object store.