ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
The configuration of Administrative Authentication with an SSL enabled user directory fails on siteminder UI version 12.8.02 and above.
Article ID: 186534
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On Agents (SiteMinder)
CA Single Sign On Federation (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
SITEMINDER
Issue/Introduction
The configuration of Administrative Authentication with an SSL enabled user directory fails with the following error in admin ui:
An error occurred while updating the list of trusted CA certificates. Please ensure the trusted certificate you are using is valid. If the problem persists, check the error logs for additional details.Have already tried import new directory Root CA certificate using command:
keytool -import -trustcacerts -alias <alias> -keystore "siteminder/adminui/standalone/configuration/trustStore.jks" -file <RootCA.cer>
Also verified cert is inside trustStore.jks by using command:
keytool -list -v -keystore ./trustStore.jks -storepass <password>
Cause
This is an identified regression defect between release versions affecting 12.8sp2 or later.
Environment
Release : 12.8.03
Component : SITEMINDER WAM UI
Resolution
To resolve the issue, perform the following steps:
1. Navigate to the following location:
Windows: administrationUI_installation_home/bin/
UNIX: administrationUI_installation_home/bin/
2. Open the following file:
Windows: standalone.conf.bat file
UNIX: standalone.conf file
3. Add the following lines at the end of the file:
Windows:
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStorePassword=changeit"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStorePassword=changeit"
set "JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true"
UNIX:
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStorePassword=changeit"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStorePassword=changeit"
JAVA_OPTS="$JAVA_OPTS -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true"
4. Save the changes.
5. Restart Administrative UI.
1. Navigate to the following location:
Windows: administrationUI_installation_home/bin/
UNIX: administrationUI_installation_home/bin/
2. Open the following file:
Windows: standalone.conf.bat file
UNIX: standalone.conf file
3. Add the following lines at the end of the file:
Windows:
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStorePassword=changeit"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStorePassword=changeit"
set "JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true"
UNIX:
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStorePassword=changeit"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStorePassword=changeit"
JAVA_OPTS="$JAVA_OPTS -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true"
4. Save the changes.
5. Restart Administrative UI.
Additional Information
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8-03/release-notes/known-issues/known-issues-for-policy-server.html
https://knowledge.broadcom.com/external/article/136378/the-root-ca-for-our-company-active-direc.html
https://knowledge.broadcom.com/external/article/57273/the-root-ca-for-our-company-active-direc.html
https://knowledge.broadcom.com/external/article/136378/the-root-ca-for-our-company-active-direc.html
https://knowledge.broadcom.com/external/article/57273/the-root-ca-for-our-company-active-direc.html
Feedback
Yes
No
Powered by
