search cancel

Dependency of Bouncy Castle FIPS release 1.0.1 with SiteMinder API 12.80.x

book

Article ID: 190094

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction


We're running a SDK Custom Agent 12.8 and this one has dependency to

Bouncy Castle FIPS release 1.0.1. As such, we can't run that SDK Agent
with WebLogic 12.2 (12c) which runs Bouncy Castle from another version
and causes problem.

How can we fix this ?

Environment


Policy Server 12.8SP3 on RedHat 7

Cause


At first glance, indeed, the latest Policy Server 12.8SP3 runs Bouncy

Castle Java FIPS 1.0.1.

Policy Server 12.8SP3 has :

   ./bin/thirdparty/bc-fips-1.0.1.jar

and SDK 12.8SP3 has :

   ./java/bc-fips-1.0.1.jar

More, it seems that WebLogic Server doesn't deliver the Bouncy Castle
jar to eliminate the dependencies as we can read here : 

Error "java.lang.NoClassDefFoundError:
org/bouncycastle/asn1/DEREncodable " Found After Applying Weblogic PSU
July 2018 (Doc ID 2442820.1)

  As of the April 2018 PSU, WebLogic Server has removed the Bouncy
  Castle jar file anymore in order to eliminate the CIE dependency on
  Bouncy Castle. If users are still using this jar within their own
  application, they need to ensure that they have their own Bouncy
  Castle jar file bundled with the application using it.

  After the July 2018 PSU or later is installed, the
  bcprov-jdk16-1.45.jar is under WLS location will be zero bytes and
  will only contain the README.txt file. If any class from this jar
  file is still referenced by your application, a NoClassDefFoundError
  will be thrown. Bundling the Bouncy Castle jar file into the
  application will ensure that the Bouncy Castle classes are loaded
  for your application's use before WebLogic Server's version of the
  Bouncy Castle jar file. This will avoid any issue which was
  introduced by the zero-sized jar file.

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=198988726436740&parent=EXTERNAL_SEARCH&sourceId=PROBLEM&id=2442820.1&_afrWindowMode=0&_adf.ctrl-state=h2bdlt0op_4

Resolution


The solution is to make all applications to use Bouncy Castle Java

FIPS 1.0.1.