search cancel

Error : Could not initialize class sun.security.ec.SunEC in SAML Fed

book

Article ID: 229576

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Federation (SiteMinder)

Issue/Introduction

 

When running a Policy Server, when user tries to login through a
Custom Authentication Scheme, that the login process fails and the
Policy Server reports error :

    [1371084/140243659372288][Mon Nov 15 2021 17:10:39][SmAuthServer.cpp:364][INFO]
    [sm-Server-02760] Initialized authentication scheme mySamlAuthScheme

    [1371084/140243659372288][Mon Nov 15 2021 17:10:39][SmAuthSamlJNI.cpp:532][ERROR]
    [sm-FedServer-00520] Error caught JNI Exception: SamlValidator (Pass 1):
    Caught unknown exception or error: java.lang.NoClassDefFoundError:
    Could not initialize class sun.security.ec.SunEC - Stacktrace: java.lang.NoClassDefFoundError:

    at com.netegrity.smkeydatabase.api.XMLSignatureApacheTxmImpl.<clinit>
    (XMLSignatureApacheTxmImpl.java:109)

 

Cause

 

The error seen :

  java.lang.InternalError
 at sun.security.ec.SunEC.initialize(Native Method)
 at sun.security.ec.SunEC.access$000(SunEC.java:49)
 at sun.security.ec.SunEC$1.run(SunEC.java:61)
 at sun.security.ec.SunEC$1.run(SunEC.java:58)
 at java.security.AccessController.doPrivileged(Native Method)

is related to a known issue on Redhat 6 openjdk package as per this
bug (1)(2).
        
smps.log :

  [1371084/140243596433152][Mon Nov 15 2021 17:10:28][SmJVMSupport.cpp:278][INFO]
  [sm-JavaApi-01030] SmJVMSupport: Using the following JRE: /usr/lib/jvm/jre-1.8.0-openjdk.x86_64

  [1371084/140243627902720][Mon Nov 15 2021 17:10:36][SmAuthServer.cpp:335][INFO]
  [sm-Server-02750] Loaded authentication scheme myOtherCustomAuthScheme.
  myCustomAuthScheme authentication scheme
  
  [1371084/140243627902720][Mon Nov 15 2021 17:10:38][AssertionGenerator.java][ERROR]
  [sm-FedServer-00090] AssertionHandler process() throws exception: njava.lang.InternalError
  
          at sun.security.ec.SunEC.initialize(Native Method)
          at sun.security.ec.SunEC.access$000(SunEC.java:49)
          at sun.security.ec.SunEC$1.run(SunEC.java:61)
          at sun.security.ec.SunEC$1.run(SunEC.java:58)
          at java.security.AccessController.doPrivileged(Native Method)
          [...]
          at com.ca.sso.smcrypto.bcfipsimpl.SmCryptoBCFIPSProvider.<clinit>(SmCryptoBCFIPSProvider.java:56)
          at com.ca.sso.smcrypto.provider.SmCryptoProviderFactory.getInstance(SmCryptoProviderFactory.java:37)
          at com.ca.sso.smcrypto.SmCryptoFacade.<clinit>(SmCryptoFacade.java:35)

  [1371084/140243659372288][Mon Nov 15 2021 17:10:39][SmAuthServer.cpp:364][INFO]
  [sm-Server-02760] Initialized authentication scheme mySamlAuthScheme
  
  [1371084/140243659372288][Mon Nov 15 2021 17:10:39][SmAuthSamlJNI.cpp:532][ERROR]
  [sm-FedServer-00520] Error caught JNI Exception: SamlValidator (Pass 1): Caught unknown exception or error:
  java.lang.NoClassDefFoundError: Could not initialize class sun.security.ec.SunEC -
  Stacktrace: java.lang.NoClassDefFoundError: Could not initialize class sun.security.ec.SunEC
  
          at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
          at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
          at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
          [...]
          at com.ca.sso.smcert.bc.BCCertImpl.<clinit>(BCCertImpl.java:62)
          at com.ca.sso.smcert.SMCertFactory.<clinit>(SMCertFactory.java:42)

  [1371084/140243659372288][Mon Nov 15 2021 17:10:40][SmAuthSamlJNI.cpp:532][ERROR]
  [sm-FedServer-00520] Error caught JNI Exception: SamlValidator (Pass 1):
  Caught unknown exception or error: java.lang.NoClassDefFoundError: Could not initialize class
  com.netegrity.smkeydatabase.api.XMLSignatureApacheTxmImpl - Stacktrace: java.lang.NoClassDefFoundError:
  Could not initialize class com.netegrity.smkeydatabase.api.XMLSignatureApacheTxmImpl
  
          at com.netegrity.ps.auth.saml.Saml2ValidatorTxm.smAuthenticate(Saml2ValidatorTxm.java:434)
          at com.netegrity.ps.auth.saml.SamlValidator.smAuthenticate(Unknown Source)

 

Resolution

 

- Make the OS package up to date and insure that openjdk package
  provided by RedHat is a least 1.8.0.91-5.b14;

 

Additional Information

 

(1)

    Bug 1332867 - Unexpected java.lang.InternalError in sun.security.ec.SunEC when Security.removeProvider("SunPKCS11-Solaris");

      Actual results:
      Exception in thread "main" java.lang.InternalError
     at sun.security.ec.SunEC.initialize(Native Method)
     at sun.security.ec.SunEC.access$000(SunEC.java:49)
     at sun.security.ec.SunEC$1.run(SunEC.java:61)
     at sun.security.ec.SunEC$1.run(SunEC.java:58)
     at java.security.AccessController.doPrivileged(Native Method)

      [...]

      I confirm it's a duplicate of bug 1332456

    https://bugzilla.redhat.com/show_bug.cgi?id=1332867

(2)

    Bug 1332456 - Build java-1.8.0-openjdk-1.8.0.91-2.b14.fc23 breaks tomcat startup for FreeIPA when nss is not upgraded as well

      Fixed In Version: java-1.8.0-openjdk-1.8.0.91-5.b14.fc23 java-1.8.0-openjdk-1.8.0.91-5.b14.fc24

    https://bugzilla.redhat.com/show_bug.cgi?id=1332456