Getting fips error starting Access Gateway after upgraded from 12.7.2 to 12.8.4

book

Article ID: 206145

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

Customer upgraded their CA Access Gateway(SPS) from 12.7.2 to 12.8.4 but when customer trying to start the Access Gateway Service it does not initialized and observed the below error message in ' Server.log '. 

[06/Jan/2021:14:52:10-481] [ERROR] - Caused by: java.lang.ExceptionInInitializerError
[06/Jan/2021:14:52:10-481] [ERROR] -    at com.ca.sso.smcert.bc.BCUtilities.getSecureRandom(BCUtilities.java:482)
[06/Jan/2021:14:52:10-481] [ERROR] -    at com.ca.sso.smcert.bc.BCCertImpl.getSecureRandom(BCCertImpl.java:571)
[06/Jan/2021:14:52:10-482] [ERROR] -    at com.ca.sso.smcert.SMCertFactory.getSecureRandom(SMCertFactory.java:423)
[06/Jan/2021:14:52:10-482] [ERROR] -    at com.netegrity.util.TokenGenerator.<init>(Unknown Source)
[06/Jan/2021:14:52:10-482] [ERROR] -    at com.netegrity.util.TokenGenerator.getInstance(Unknown Source)
[06/Jan/2021:14:52:10-482] [ERROR] -    at com.netegrity.proxy.session.SimpleURLSessionScheme.<init>(Unknown Source)
[06/Jan/2021:14:52:10-482] [ERROR] -    ... 16 more
[06/Jan/2021:14:52:10-482] [ERROR] - Caused by: java.lang.IllegalArgumentException: Invalid FIPS mode [ ] Provided
[06/Jan/2021:14:52:10-482] [ERROR] -    at com.ca.sso.FipsMode.<clinit>(FipsMode.java:39)

 

Cause

[06/Jan/2021:14:52:10-482] [ERROR] - Caused by: java.lang.IllegalArgumentException: Invalid FIPS mode [ ] Provided
[06/Jan/2021:14:52:10-482] [ERROR] -    at com.ca.sso.FipsMode.<clinit>(FipsMode.java:39)

FIPS mode might be missing in "ca_sps_env.bat" environment variable file.

 

Environment

Release : Any Supported SSO Version.

Component : SITEMINDER -Secure Proxy Server

Resolution

Check the environment variable file under  "<SPS Home>\CA\secure-proxy\ca_sps_env.bat"

Make sure you have the below: 

For example:  

set APACHE_SERVICE_NAME=CA Access Gateway Proxy
set SPS_JAVA_HOME=C:\Program Files\Java\jdk1.8.0_131
set NETE_SPS_ROOT=C:\Program Files\CA\secure-proxy
set CA_SM_PS_FIPS140=COMPAT
set PATH=%NETE_SPS_ROOT%\agentframework\bin;%PATH%
if "%CA_SM_PS_FIPS140%" =="ONLY" set OPENSSL_FIPS=1
set CA_SPS_CP_RESOURCES=%NETE_SPS_ROOT%\resources

We have observed in some cases the value is blank which causes the issue so add the FIPS mode based on the requirement and restart the service.