after Spectrum upgrade from 10.4.1 to 21.2.1 EEM authentication failed

book

Article ID: 223017

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction


After upgrading the Spectrum to 21.2.x the OneClick server that is using EEM authentication was unable to allow login to any user and only local authentication is working.

EEM 12.5 on windows 2016

Cause


Incompatibility of Spectrum 21.2.x with EEM 12.5 


From the catalina.out you can see the following errors

$SPECROOT/tomcat/logs/catalina.out (stdout.log if Windows)
-----------------------------------------------------------------------------------
2021-08-25 13:50:54,660 [http-nio-8080-exec-2] ERROR Network  - RunBatMethod - exception occurred calling Iclient runBatMethod
com.ca.itechnology.iclient.IclException: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]
 at com.ca.itechnology.iclient.IclUtil.httpRequest(IclUtil.java:1544)
 at com.ca.itechnology.iclient.IclMethod.runBatMethod(IclMethod.java:212)

..

Caused by: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]

...

2021-08-25 13:50:54,753 [http-nio-8080-exec-2] ERROR com.ca.eiam.poz.PozFactory  - authorityLogin - exception in iclient authorityLoginError
com.ca.itechnology.iclient.IclException: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]
 at com.ca.itechnology.iclient.IclUtil.httpRequest(IclUtil.java:1544)
 at com.ca.itechnology.iclient.IclMethod.runBatMethod(IclMethod.java:212)

...

Caused by: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]

...

[2021-08-25 14:04:38.922] [EEMSSOImplementation::getContext] Creating a new EEM Context Object for JSESSIONID: A01DDD9A6AAA7E61C46C0F0668F8561C
2021-08-25 14:04:38,935 [http-nio-8080-exec-11] ERROR Network  - AuthorityLogin - exception occurred calling Iclient AuthorityLoginEx
com.ca.itechnology.iclient.IclException: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]
 at com.ca.itechnology.iclient.IclUtil.httpRequest(IclUtil.java:1544)
 at com.ca.itechnology.iclient.IclMethod.runBatMethod(IclMethod.java:212)
 at com.ca.itechnology.iclient.Iclient.runBatMethod(Iclient.java:580)
 at com.ca.itechnology.iclient.Iclient.runMethod(Iclient.java:496)

...

 
 

 

Environment

Release : 21.2

Component : Spectrum Integrations

Spectrum upgraded from 10.4.1 to 21.2.1 on Red Hat Linux 7.8

Resolution


As per Integration Compatibility, Spectrum 21.2.1 was certified with EEM 12.6.CR2

see: https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/spectrum/21-2/release-information/integration-compatibility.html

Upgrade EEM to version 12.6 or above and enable the integration again.

Additional Information


TLS v1.2 support between EEM and third party Directory was introduced with EEM 12.6. OneClick in 21.2 requires TLS1.2 for
   the connection to EEM, however, EEM12.5 and older only accepted TLS1.0 connections.

see https://techdocs.broadcom.com/us/en/ca-enterprise-software/other/Embedded-Entitlements-Manager/12-6/release-notes/new-features.html

where you can read:

CA EEM now supports communication with internal CA Directory and third party directories in TLS v1.2 mode.
 
So to support TLS 1.2  EEM 12.6 is required.