after Spectrum upgrade from 10.4.1 to 21.2.1 EEM authentication failed

Products

CA Spectrum

Issue/Introduction

Env: Spectrum upgraded from 10.4.1 to 21.2.1 on Red Hat Linux 7.8

EEM 12.5 on windows 2016

Issue:

After upgrading the Spectrum to new version the server that is using EEM authentication was unable to allow login to any user and only local authentication is working.

Cause

Incompatibility of Spectrum 21.2.1 with EEM 12.5

From the catalina.out you can see the following errors

2021-08-25 13:50:54,660 [http-nio-8080-exec-2] ERROR Network - RunBatMethod - exception occurred calling Iclient runBatMethod
com.ca.itechnology.iclient.IclException: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]
at com.ca.itechnology.iclient.IclUtil.httpRequest(IclUtil.java:1544)
at com.ca.itechnology.iclient.IclMethod.runBatMethod(IclMethod.java:212)

..

Caused by: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]

...

2021-08-25 13:50:54,753 [http-nio-8080-exec-2] ERROR com.ca.eiam.poz.PozFactory - authorityLogin - exception in iclient authorityLoginError
com.ca.itechnology.iclient.IclException: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]
at com.ca.itechnology.iclient.IclUtil.httpRequest(IclUtil.java:1544)
at com.ca.itechnology.iclient.IclMethod.runBatMethod(IclMethod.java:212)

...

Caused by: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]

...

[2021-08-25 14:04:38.922] [EEMSSOImplementation::getContext] Creating a new EEM Context Object for JSESSIONID: A01DDD9A6AAA7E61C46C0F0668F8561C
2021-08-25 14:04:38,935 [http-nio-8080-exec-11] ERROR Network - AuthorityLogin - exception occurred calling Iclient AuthorityLoginEx
com.ca.itechnology.iclient.IclException: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]
at com.ca.itechnology.iclient.IclUtil.httpRequest(IclUtil.java:1544)
at com.ca.itechnology.iclient.IclMethod.runBatMethod(IclMethod.java:212)
at com.ca.itechnology.iclient.Iclient.runBatMethod(Iclient.java:580)
at com.ca.itechnology.iclient.Iclient.runMethod(Iclient.java:496)

...

The TLS v1.2 support between EEM and third party Directory was introduced with EEM 12.6

see https://techdocs.broadcom.com/us/en/ca-enterprise-software/other/Embedded-Entitlements-Manager/12-6/release-notes/new-features.html

where you can read:

CA EEM now supports communication with internal CA Directory and third party directories in TLS v1.2 mode.

So to support TLS 1.2 it is required EEM 12.6

Environment

Release : 21.2

Component :

Resolution

As per Integration Compatibility, Spectrum 21.2.1 was certified with EEM 12.6.CR2 see https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/spectrum/21-2/release-information/integration-compatibility.html

Install the EEM version 12.6 or above and enable the integration again.