A2A client Java sample Example.java reports null password
Article ID: 214729
Updated On: 06-27-2025
Products
Issue/Introduction
We compiled and are trying to run the Java Example class on an Linux/AIX server. The output shows that the server returned code 400, suggesting that the call into PAM to retrieve the password succeeded, but the password shows as "null", similar to the following:
> ./run_java_sample.sh mypamaccountalias
Status Code: 400
UsedId: mypamaccount
Password: null
The same sample code works fine on another server, for which we defined an A2A mapping for the same target account, and the correct password is retrieved.
Environment
PAM 4.2.1 and below
Cause
The Java version used on the Linux/AIX server was incompatible with the A2A client libraries., cspmclient.jar and cwjcafips.jar. Specifically the cwjcafips.jar file is signed with SHA1 and didn't pass signed JAR validation.
Resolution
Download and install:
A2A v4.2.2 (4.12.3.62), which now signs the cwjcafips.jar with a SHA-256 certificate.
If your application allows it, use the JRE that the PAM A2A client installs. The Java executable would be $CSPM_CLIENT_HOME/cspmclient_thirdparty/java/bin/java.
Additional Information
Another possible workaround could be to edit the installed java's lib\security\java.security, find the parameter "jdk.jar.disabledAlgorithms" and remove SHA1 (typically "SHA1 denyAfter 2019-01-01") from the disabled algorithms list.
Feedback
