search cancel

JRS 7.1.1 logs javax.crypto.BadPaddingException when report request sent by IDM

book

Article ID: 238722

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

2022-03-05 19:18:56,468 ERROR Encryptor,http-nio-8080-exec-4:155 - General Security Exception
2022-03-05 19:18:56,469 ERROR CABIUtil,http-nio-8080-exec-4:69 - com.ca.bicoe.cajasperserver.common.util.CABIExceptionForRunTime: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
 at com.ca.bicoe.cajasperserver.preauth.sso.ext.auth.Encryptor.decrypt(Encryptor.java:156)
 at com.ca.bicoe.cajasperserver.preauth.sso.ext.auth.EncryptorService.decryptcabi(EncryptorService.java:94)
 at com.ca.bicoe.cajasperserver.preauth.sso.ext.filter.TokenService.validatePreAuthTokenHistory(TokenService.java:199)
 at com.ca.bicoe.cajasperserver.preauth.sso.ext.filter.TokenService.validateTokenTimeStamp(TokenService.java:156)
 at com.ca.bicoe.cajasperserver.preauth.sso.ext.filter.TokenService.processToken(TokenService.java:99)

..........

Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
 at com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:975)
 at com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1056)
 at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)
 at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
 at javax.crypto.Cipher.doFinal(Cipher.java:2168)
 at com.ca.bicoe.cajasperserver.preauth.sso.ext.auth.Encryptor.decrypt(Encryptor.java:148)

Environment

Release : 14.4

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

14.4 vApp
One node running WIldfly
Provisioning on different node

Production not working env:
14.4 vApp 2 nodes running wildfly
2 nodes running Provisioning.
All other IM working without issue on this production, Just the Jasper report snapshots. 
Load Balancer F5

Resolution

This message is being returned by Jasper in some cases.  Not controlled by IGA.  Not able to suppress the messages. You could set logging to fatal to remove most messages but this is not recommended for logging and troubleshooting is needed. 

Recommendation on setting a schedule to review, backup, and delete the logs once a week or every couple weeks to avoid creation of larger log files as in this case they run many reports a day.