After upgrading the Spectrum to 21.2.x the OneClick server that is using EEM authentication was unable to allow login to any user and only local authentication is working.

EEM 12.5 on windows 2016

Incompatibility of Spectrum 21.2.x with EEM 12.5 

From the catalina.out you can see the following errors

$SPECROOT/tomcat/logs/catalina.out (stdout.log if Windows)
-----------------------------------------------------------------------------------
2021-08-25 13:50:54,660 [http-nio-8080-exec-2] ERROR Network  - RunBatMethod - exception occurred calling Iclient runBatMethod
com.ca.itechnology.iclient.IclException: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]
 at com.ca.itechnology.iclient.IclUtil.httpRequest(IclUtil.java:1544)
 at com.ca.itechnology.iclient.IclMethod.runBatMethod(IclMethod.java:212)

..

Caused by: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]

...

2021-08-25 13:50:54,753 [http-nio-8080-exec-2] ERROR com.ca.eiam.poz.PozFactory  - authorityLogin - exception in iclient authorityLoginError
com.ca.itechnology.iclient.IclException: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]
 at com.ca.itechnology.iclient.IclUtil.httpRequest(IclUtil.java:1544)
 at com.ca.itechnology.iclient.IclMethod.runBatMethod(IclMethod.java:212)

...

Caused by: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]

...

[2021-08-25 14:04:38.922] [EEMSSOImplementation::getContext] Creating a new EEM Context Object for JSESSIONID: A01DDD9A6AAA7E61C46C0F0668F8561C
2021-08-25 14:04:38,935 [http-nio-8080-exec-11] ERROR Network  - AuthorityLogin - exception occurred calling Iclient AuthorityLoginEx
com.ca.itechnology.iclient.IclException: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]
 at com.ca.itechnology.iclient.IclUtil.httpRequest(IclUtil.java:1544)
 at com.ca.itechnology.iclient.IclMethod.runBatMethod(IclMethod.java:212)
 at com.ca.itechnology.iclient.Iclient.runBatMethod(Iclient.java:580)
 at com.ca.itechnology.iclient.Iclient.runMethod(Iclient.java:496)

...

Release : 21.2

Component : Spectrum Integrations

Spectrum upgraded from 10.4.1 to 21.2.1 on Red Hat Linux 7.8

As per Integration Compatibility, Spectrum 21.2.1 was certified with EEM 12.6.CR2

see: https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/spectrum/21-2/release-information/integration-compatibility.html

Upgrade EEM to version 12.6 or above and enable the integration again.

TLS v1.2 support between EEM and third party Directory was introduced with EEM 12.6. OneClick in 21.2 requires TLS1.2 for
   the connection to EEM, however, EEM12.5 and older only accepted TLS1.0 connections.

see https://techdocs.broadcom.com/us/en/ca-enterprise-software/other/Embedded-Entitlements-Manager/12-6/release-notes/new-features.html

where you can read: