ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

API Gateway Policy Manager 10.1 fails to connect with LDAP users

book

Article ID: 222103

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

The customer has upgraded from Gateway  9.x or 10 to Gateway 10.1.  The Policy manager is now unable to connect to Gateway using LDAP users; however, users are able to connect using  non-ldap users.

We are unable to use the CA Gateway service as well as LDAP based authentication which also fails.

The ssg log shows the following exception :

Stack Trace:
 java.lang.IllegalAccessError: class jdk.internal.reflect.MethodAccessorImpl loaded by javassist.Loader @3035b9e6 cannot access jdk/internal/reflect superclass jdk.internal.reflect.MagicAccessorImpl 
 at java.base/java.lang.ClassLoader.defineClass1(Native Method) 
 at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1017) 
 at javassist.Loader.findClass(Loader.java:420) 

Environment

Version affected: Policy Manager Gateway 10.1

Environment: Linux/MAC/Win

Java versions tested: 8 and 11

IDP LDAPS tested: Oracle, openLDAP, Apache Directory

--

Resolution

This particular problem is considered to be a defect that is filed with our development team.

Workaround: by checking "Use Client Certificate Authentication" in the LDAP Identity provider configuration, allow the connection to work fine.

We suspect Java 11 expects client certificate which is a default SSL key in this case for any successful handshake.