A2A client Java sample Example.java reports null password
search cancel

A2A client Java sample Example.java reports null password

book

Article ID: 214729

calendar_today

Updated On: 06-27-2025

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

We compiled and are trying to run the Java Example class on an Linux/AIX server. The output shows that the server returned code 400, suggesting that the call into PAM to retrieve the password succeeded, but the password shows as "null", similar to the following:

> ./run_java_sample.sh mypamaccountalias
Status Code: 400
UsedId:      mypamaccount
Password:    null

 

The same sample code works fine on another server, for which we defined an A2A mapping for the same target account, and the correct password is retrieved.

Environment

PAM 4.2.1 and below

Cause

The Java version used on the Linux/AIX server was incompatible with the A2A client libraries., cspmclient.jar and cwjcafips.jar. Specifically the cwjcafips.jar file is signed with SHA1 and didn't pass signed JAR validation.

Resolution

Download and install:

A2A v4.2.2 (4.12.3.62), which now signs the cwjcafips.jar with a SHA-256 certificate.

If your application allows it, use the JRE that the PAM A2A client installs. The Java executable would be $CSPM_CLIENT_HOME/cspmclient_thirdparty/java/bin/java.

 

Additional Information

Another possible workaround could be to edit the installed java's lib\security\java.security, find the parameter "jdk.jar.disabledAlgorithms" and remove SHA1 (typically "SHA1 denyAfter 2019-01-01") from the disabled algorithms list.