**ERROR** java.io.IOException commiting keystore change for alias

book

Article ID: 241566

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder)

Issue/Introduction

Customer is unable to import the cert /key pair and getting below error in Admin UI logs.

2022-05-12 12:22:25,676 [ERROR] com.ca.siteminder.rpc.rpc.ClientDispatcher [] - fault ServerException([sm-xpsxps-00540] : Previous error occurred on object "CA.CDS::[email protected]" : ) object.create 'Certificate'
2022-05-12 12:22:25,704 [ERROR] com.ca.fedpki.api.remote.FedPkiKeyStore [] - **ERROR** java.io.IOException commiting keystore change for alias <Certificate Alias>
java.io.IOException: Exception occurred while adding a certificate to the Certificate Data Store. Exception Message: Failed creating object of class Certificate.
        at com.ca.siteminder.security.SMKeyDatabaseStore.store(Unknown Source) ~[fedsecurity.jar:?]
        at com.ca.fedpki.api.remote.FedPkiKeyStore.engineStore(Unknown Source) ~[fedremoteapi.jar:?]
        at java.security.KeyStore.store(KeyStore.java:1406) ~[?:1.8.0_212]
        at com.ca.federation.adminui.backingbean.keystore.KeyStoreImportBean.finish(KeyStoreImportBean.java:297) ~[fedmgr.jar:?]
        at sun.reflec

 

Cause

Because of the limitation from the RDBMS database to have 4000 character limit , Policy server is unable to commit the cert/key pair data to policy store.

There is no limitation with LDAP policy store and the same cert/key pair works fine with LDAP policy stores.

Environment

Release : All Policy server versions

Component : SITEMINDER -POLICY SERVER

Policy store : RDBMS

Resolution

Resolution steps

This is not a SiteMinder issue and but rather this is RDMBS limitation of 4000 characters. This has been updated in the below product documentation.

Customer need to increase the RDBMS character length a per the documentation of their DB to import the certificate /key pair in the policy store.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/release-notes/product-limitations/policy-server-product-limitations.html#concept.dita_5474047bbd6c7878dbac85ed12af0e375b07e1d6_PolicyServerLimitations