We're running a SDK Custom Agent and when the Custom Agent tries to connect to
the Policy Server, the Policy Server reports error :
[1321870/140395184142080][Mon Aug 10 2020
17:02:51][CServer.cpp:2121][ERROR][sm-Tunnel-00010] Bad security
handshake attempt. Handshake error: 3154
[1321870/140395184142080][Mon Aug 10 2020
17:02:51][CServer.cpp:2132][ERROR][sm-Tunnel-00050] Handshake error:
Shared secret incorrect for this client
[1321870/140395184142080][Mon Aug 10 2020
17:02:51][CServer.cpp:2293][ERROR][sm-Server-01070] Failed handshake
with 127.0.0.1:39769
How can we fix this ?
The Custom Agent seems to have problem to handle data from the
smhost.conf :
SystemOut.log
2020-08-10 17:21:38,200 34 [TRACE] - - 1ms SiteMinderAdapter
SiteMinderAdapter[578].getSmHostConfig(): smhost_config =
'/opt/CA/sdkagent/conf/SmHost.conf'
2020-08-10 17:21:38,200 34 [TRACE] - - 1ms SiteMinderAdapter
SiteMinderAdapter[580].getSmHostConfig(): EXIT =
/opt/CA/sdkagent/conf/SmHost.conf
2020-08-10 17:21:38,203 34 [ERROR] - - 125ms SiteMinderAdapter
SiteMinderAdapter[218].createAgentApi(): GetConfig failed for
'/opt/CA/sdkagent/conf/SmHost.conf': FAILURE [-1]
2020-08-10 17:21:38,204 34 [TRACE] - - 0ms SiteMinderAdapter
SiteMinderAdapter[587].cleanup(): ENTER: ()
2020-08-10 17:21:38,208 34 [TRACE] - - 5ms SiteMinderAdapter
SiteMinderAdapter[596].cleanup(): EXIT = [void]
2020-08-10 17:21:38,209 34 [TRACE] - - 133ms SiteMinderAdapter
SiteMinderAdapter[220].createAgentApi(): EXCEPTION:
IOException(nullGetConfig failed for
'/opt/CA/sdkagent/conf/SmHost.conf': FAILURE [-1])
There a known issue in SDK 12.8 which is fixed in 12.8SP2 about
missing class used for shared secret and FIPS handling :
Defects Fixed in 12.8.02
SDK
01184735, 01212552 DE383871 smagentapi.jar from SDK does not include
the com.ca.siteminder.sdk.agentapi.Util
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/release-notes/service-packs/defects-fixed-in-12-8-02.html#concept.dita_3ed653d7ea138f8a8fc56e1c1cd65988d2e2c889_SDK
Policy Server 12.8SP0 on RedHat 7;
SDK 12.8SP0 on RedHat 7;
Upgrade the SDK to 12.8SP4 to fix this issue;