ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Failing connectivity to Session Server ODBC database in Policy Server

book

Article ID: 213775

calendar_today

Updated On:

Products

CA Single Sign On Federation (SiteMinder) SITEMINDER

Issue/Introduction

 

When running a Policy Server, this one can't connect to the ODBC
Oracle 12c Session Store and report the error :

    [19597/139941391099680][Fri Mar 12 2021 14:23:22][SmSSProvider.cpp:259]
    [ERROR][sm-Server-07001] Exception: Unexpected local error code -1063 while making database call.
    Error code -1063

    [19597/139940292347648][Fri Mar 12 2021 14:23:22][CSmDbUtilities.cpp:465]
    [ERROR][sm-Odbc-00060] Failed to connect to datasource 'Session Data Source'.

Policy Server system_odbc.ini is configured with :

    EncryptionLevel=3
    EncryptionTypes=AES256
    DataIntegrityLevel=3
    DataIntegrityTypes=SHA256

as per Driver instructions (1)(2)(3)(4).

 

Cause

 

12.8SP2 Policy Server has Datadirect driver 08.01 :

 /opt/CA/siteminder/odbc/lib : strings NSora28.so | grep 8.0

 08.01.0081 (B0125, U0091)

and from 12.8SP3, the driver is on 08.02. According Datadirect release
note, the encryption is supported only from 08.02 driver version (5). 

 

Environment

 

  Policy Server 12.8SP2 on RedHat 6;
  Session Store on Oracle 12c;

 

Resolution

 

Upgrade Policy Server to 12.8SP3 and above to solve the issue.

 

Additional Information

 

(1)

   Encryption Level

(2)

   Encryption Types

(3)

   Data Integrity Level

(4)

   Data Integrity Types

(5)

    Version 8.0.2

      The Oracle driver has been enhanced to support the following new data
      integrity algorithms for Oracle 12c and higher: SHA256, SHA384,
      SHA512. To use these algorithms, specify their values using the Data
      Integrity Types connection option and enable data integrity checks
      with the Data Integrity Level connection option.