ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

The configuration of Administrative Authentication with an SSL enabled user directory fails on siteminder UI version 12.8.02 and above.

book

Article ID: 186534

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

The configuration of Administrative Authentication with an SSL enabled user directory fails with the following error in admin ui:

An error occurred while updating the list of trusted CA certificates. Please ensure the trusted certificate you are using is valid. If the problem persists, check the error logs for additional details.

Have already tried import new directory Root CA certificate using command:
keytool -import -trustcacerts -alias <alias> -keystore "siteminder/adminui/standalone/configuration/trustStore.jks" -file <RootCA.cer>

Also verified cert is inside trustStore.jks by using command:
keytool -list -v -keystore ./trustStore.jks -storepass <password>

Cause

This is an identified regression defect between release versions affecting 12.8sp2 or later.

Environment

Release : 12.8.03

Component : SITEMINDER WAM UI

Resolution

To resolve the issue, perform the following steps:
1. Navigate to the following location:
Windows: administrationUI_installation_home/bin/
UNIX: administrationUI_installation_home/bin/

2. Open the following file:
Windows: standalone.conf.bat file
UNIX: standalone.conf file

3. Add the following lines at the end of the file:
Windows:
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStorePassword=changeit"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStorePassword=changeit"
set "JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true"

UNIX:
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStorePassword=changeit"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStorePassword=changeit"
JAVA_OPTS="$JAVA_OPTS -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true"

4. Save the changes.
5. Restart Administrative UI.

Additional Information

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8-03/release-notes/known-issues/known-issues-for-policy-server.html

https://knowledge.broadcom.com/external/article/136378/the-root-ca-for-our-company-active-direc.html

https://knowledge.broadcom.com/external/article/57273/the-root-ca-for-our-company-active-direc.html