When running a Policy Server 12.8SP2, what's the reason the file
log4j.jar is not present anymore in the Policy Server 12.8SP2, as it
was present in Policy Server 12.7SP2?
Comparing Policy Server 12.8SP2 with 12.7SP2, these results can be
[ps.training.com] root :: 09:44:47 : /opt/CA/siteminder $ Version
[Version - Version 12.7.0200.1609]
[ps.training.com] root :: 15:48:36 : /opt/CA/siteminder $ find . -name "*log4j.jar*"
[ps128sp2.training.com] root :: 09:30:03 : /opt/CA/siteminder $ Version
[Version - Version 12.8.0200.1992]
[ps128sp2.training.com] root :: 15:49:28 : /opt/CA/siteminder $ find . -name "*log4j.jar*"
[ps128sp2.training.com] root :: 15:49:30 : /opt/CA/siteminder $
Policy Server 12.8SP2 on RedHat 6;
Log4j 1.x has been EOLed quite some time back (August 2015) (1).
SiteMinder has started moving to use SLF4J using Log4j2 as
implementation for its Java components logging framework from 12.8
From Log4j 2 FAQs it looks like both Log4j 1.x and 2.x libraries can't
be on the same classpath (2).
Log4j 2 provides compatibility with Log4j 1.x via Log4j 1.x
bridge. For more information refer to Apache documentation (3)(4).
For the majority of the components SiteMinder 12.8 uses now SLF4J:
as logging façade with underlying logging framework as Log4j 2. For a
smaller number of components SiteMinder uses Log4j 2 directly:
Consult the FAQ diagram details on what jars to be used for different
logging frameworks (5).
Be aware of the log4j vulnerability and its resolution (6).