Policy server = r12.8.1 RHEL 7

Access Gateway = r12.8.1 RHEL 7

JDK = jdk1.8.0_201

We are testing our application authentication using the SiteMinder JWT auth scheme with the Postman client posting the JWT token to SiteMinder,

but we're getting a Java null pointer errors.

[10/16/2020][09:52:43][140636808271616][][SmAuthUser.cpp:760][][][][][][][][][][][][][LogMessage:INFO:[sm-Server-03580] java.lang.NullPointerException
        at java.util.Date.getMillisOf(Date.java:958)
        at java.util.Date.before(Date.java:917)
        at com.ca.sm.jwtauth.SMJWTResolver.validateJwtContext(SMJWTResolver.java:35)
        at com.ca.sm.jwtauth.SmJWTAuthScheme.disambiguateUser(SmJWTAuthScheme.java:174)
        at com.ca.sm.jwtauth.SmJWTAuthScheme.authenticate(SmJWTAuthScheme.java:86)
        at com.netegrity.policyserver.smapi.SmAuthenticationContext.authenticate(SmAuthenticationContext.java:289)

Release : 12.8

Component : SITEMINDER -SDK

When SiteMinder receives JWT token, it requires claim (exp date) to be set within JWT token, which is missing from original client submit.

NullPointerException is encountered when getting the date stamp value.

For version earlier than 12.8.03, customer can resolve it by setting the (exp date) for the JWT token during submit.

Or upgrade to fixed version 12.8.03 or later.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/release-notes/service-packs/defects-fixed-in-12-8-03.html

The following defects are fixed in SiteMinder 12.8.03:

1294105 DE404613 JWT authentication fails if the token does not contain token expiry time