12.52 Apache regular Web Agent generates a SMSESSION cookie, when passing it to 12.8 SDK Agent (4. x agent configuration), SDK Agent can not decode it.
However, the same SDK Agent can generate its cookie and decode it. accepttpcookie set to yes can not be used since there is no ACO on the 4x Agent side.
Both Agents are connected to the same Policy Server. The SDK Agent is connected to Policy Server with initialization success.
The only error seen is:
Decode SSO Token.........................: -1 (FAILURE)
When java debug is turned on:
16:45:48.834 [main] SMTRACE: SmAgentApiManagementImpl, decrypt, Input = EipPJHaMNgTeEmVV0....UYx8ndHMc
16:45:48.837 [main] SMERROR: LegacyAgentApiAdapter, decodeSSOToken, Failed: Reason: -1
com.ca.siteminder.sdk.agentapi.management.SmAgentApiManagementException: Failed to decrypt an SSO token.
at com.ca.siteminder.sdk.agentapi.management.b.a(smagentapi_obfsc:834)
at com.ca.siteminder.sdk.agentapi.e.a(smagentapi_obfsc:656)
at com.ca.siteminder.sdk.agentapi.a.decodeSSOToken(smagentapi_obfsc:1762)
at netegrity.siteminder.javaagent.AgentAPI.decodeSSOToken(smagentapi_obfsc:1586)
at JavaTestClient.main(JavaTestClient.java:357)
Decode SSO Token.........................: -1 (FAILURE)
SDK 12.8
Out-of-the-box 12.8 SDK kit does not have proper Pure Java Agent API examples.
First of all, 12.52 Web Agent, SDK Agent, and Policy Server should be running on the same FIPS mode.
Default JavaTestClient.java packaged was NOT using Pure Java Compiler, it was using JNI Agent API.
On top of that, with Pure Java Compiler, there are a few additional jars required for this to be fully functional.
Two changes to be made:
1. java-build.sh
javac -classpath ../../properties:../../java/smagentapi.jar:../../java/smjavasdk2.jar:../../java/smcrypto.jar:../../java/bc-fips-1.0.1.jar JavaTestClient.java
2. java-run.sh
....
java $JVMMODE -Djava.library.path=../../bin64 -classpath .:../../properties:../../java/smjavasdk2.jar:../../java/smagentapi.jar:../../java/smcrypto.jar:../../java/bc-fips-1.0.1.jar JavaTestClient
With the above changes, the Java Agent should be able to decode the regular Web Agent SMSESSION.
To log additional tracing information to debug problems when using the Pure Java Agent API, add the following parameter to the JVM (1):
com.ca.siteminder.sdk.agentapi.enableDebug=true
Example:
java -Dcom.ca.siteminder.sdk.agentapi.enableDebug=true myClass
Note: This parameter is not applicable for the JNI-based Agent API.