Bouncycastle error in FIPS enabled Identity Manager: ERROR [com.netegrity.crypto.AESCBCPKCS5PaddingHandler] java.io.IOException

book

Article ID: 145497

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

The following error is written each time the Identity Manager UI accesses the database: 14:09:41,469 ERROR [com.netegrity.crypto.AESCBCPKCS5PaddingHandler] java.io.IOException: Error finalising cipher org.bouncycastle.crypto.internal.DataLengthException: last block incomplete in decryption 14:09:41,485 ERROR [com.netegrity.crypto.AESCBCPKCS5PaddingHandler] Exception caught while decrypting.

There is no functional impact except for the constant flow of error messages reported to the server log for each time there is a query to the user store.

Cause

Check the IM_DIR_CONNECTION table in the IM object store for the environment's user store connection.

The rows for the user store should have a NULL value for the password because when IM is integrated with SSO/Siteminder there should be no user directory password stored in the IM object store.

In the case above there was an encrypted password value in the row, probably a holdover or configuration mistake from an upgrade or migration.

Environment

Applies to IM integrated with SSO/Siteminder.

Resolution



Check the IM_DIR_CONNECTION table in the IM object store for the environment's user store connection.

The rows for the user store should have a NULL value for the password.

In the case above there was an encrypted password value in the row.

The resolution was to clear that password from the row.

When IM is integrated with SSO/Siteminder there should be no user directory password stored in the IM object store.