ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Importing certificate to SPkey store not working in ArcotAFM application for SAML integration

book

Article ID: 241728

calendar_today

Updated On:

Products

CA Strong Authentication CA Advanced Authentication

Issue/Introduction

Importing certificate to SPkey store not working. This is the error message we see in arcotafm.log

2022-05-13 12:23:20,694 [https-openssl-apr-8443-exec-5] DEBUG saml.util.CredentialCreator(29)  -> Loading key store file from the location : /samlcerts/SP.truststore
2022-05-13 12:23:20,694 [https-openssl-apr-8443-exec-5] DEBUG saml.util.ResourceLoader(26)  -> Loaded resource /samlcerts/SP.truststore from local classpath
2022-05-13 12:23:20,694 [https-openssl-apr-8443-exec-5] ERROR saml.util.ArcotSAMLutil(110)  -> Certificate could not be loaded from Service Provider trust store configured : Invalid keystore format
2022-05-13 12:23:20,710 [https-openssl-apr-8443-exec-5] ERROR integrations.frontend.LifeCycleStateData(704)  -> 707024080: SAML Utility initialization failed.: java.lang.ExceptionInInitializerError (ProcessSAMLRequestTask) |665f69a6640587faec1a7f49c3c3651f97958fda

Environment

Release : 9.1

Component : Strong Authentication

CA Adapter

Resolution

From the log file we observed the error "Invalid keystore format" and upon listing the contents of the Trusstore using Keytool command we noticed that the Keystore format was showing as PKCS12, It need to be "jks" format. The issue happened because AdoptOpenJDK version 17 was used to generate the Keystore and it defaulted to PKCS12. 

Downgrading the Java version to 1.8 and recreating the Truststore resolved the certificate error issue.