SiteMinder admin can not import certificate/key pair in later version 12.8.4 admin UI, getting error "Failed creating object of class Certificate."
This seems only happening when Database is used as policy store choice. This was working in 12.8sp3 or earlier.
When tried smkeytool, it fails as well. However, when policy store is LDAP, the cert/key pair (.p12 file) can be imported successfully from admin ui.
E:\CA\siteminder\bin>smkeytool.bat -addPrivKey -alias servercert -keycertfile Cert.p12 -password xxxx
Please specify default key used for signing by associating it with "defaultenterpriseprivatekey" alias in the Certificate Data Store before adding a new key:
E:\CA\siteminder\bin>smkeytool.bat -addPrivKey -alias defaultenterpriseprivatekey -keycertfile Cert.p12 -password xxxx
An exception occurred while adding private key and certificate to the Certificate Data Store. Exception Message: Failed creating object of class Certificate.
An error occurred while performing the requested -addPrivKey operation. Error Message: com.netegrity.smkeydatabase.db.SmCertificateDataStoreException: An exception occurred while
adding private key and certificate to the Certificate Data Store. Exception Message: Failed creating object of class Certificate.
E:\CA\siteminder\bin>smkeytool.bat -addPrivKey -alias defaultenterpriseprivatekey -certfile ServerCert.crt -keyfile server.key -password xxxx
An exception occurred while adding private key and certificate to the Certificate Data Store. Exception Message: Failed creating object of class Certificate.
An error occurred while performing the requested -addPrivKey operation. Error Message: com.netegrity.smkeydatabase.db.SmCertificateDataStoreException: Error occurred while adding private key and certificate details to the Certificate Data Store. An exception occurred while adding private key and certificate to the Certificate Data Store. Exception Message: Failed creating object of class Certificate..
At the same time, Policy server smtracedefault.log shows:
[05/19/2022][22:43:54.058][22:43:54][6188][5460][CSmDbODBC.cpp:1472][CSmDbConnectionODBC::CheckForError][][][][][][][][][][][][22001][-1][[CA SSO][ODBC Oracle Wire Protocol driver]String data, right truncated. Error in parameter 6.][][][][][][][SQL Error.][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[05/19/2022][22:43:54.058][22:43:54][6188][5460][CSmDbODBC.cpp:1973][CSmDbConnectionODBC::DoExecute][][][][][][][][][][][][][-1][][][][][][][][Leave function CSmDbConnectionODBC::DoExecute][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[05/19/2022][22:43:54.058][22:43:54][6188][5460][CSmDbODBC.cpp:362][CSmDbConnectionODBC::MapResult][][][][][][][][][][][][-1][][[CA SSO][ODBC Oracle Wire Protocol driver]String data, right truncated. Error in parameter 6.][][][][][][][ODBC Error: State = 22001 Internal Code = 0 - s - MappedResult:-4007][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[05/19/2022][22:43:54.058][22:43:54][6188][5460][XPSIO.cpp:1735][CXPSIO::CreateObject][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR: Previous error occurred on object "CA.CDS::Certificate@########-####-####-####-############"][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[05/19/2022][22:43:54.058][22:43:54][6188][5460][XPSPolicyData.cpp:1421][CXPSPolicyData::CommitOrTestRollback][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR: XPS Transaction COMMIT has failed.][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[05/19/2022][22:43:54.073][22:43:54][6188][5460][CSmDbConnection.cpp:241][CSmDbConnection::ReleaseReference][][][][][][][][][][][][][][][][][][][][][Release connection reference. ReferenceCount = '10'][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[05/19/2022][22:43:54.073][22:43:54][6188][5460][CSmDbConnection.cpp:200][CSmDbConnection::MakeInactive][][][][][][][][][][][][][][][][][][][][][Inactivate connection.][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[05/19/2022][22:43:54.073][22:43:54][6188][5460][CSmDbUtilities.cpp:806][CSmDbMonitoredClass::SetState][][][][][][][][][][][][][][][][][][][][][Connection Pstore_DSN: Changing object state 'Active' to state 'Available'.][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[05/19/2022][22:43:54.073][22:43:54][6188][5460][CSmDbConnection.cpp:241][CSmDbConnection::ReleaseReference][][][][][][][][][][][][][][][][][][][][][Release connection reference. ReferenceCount = '9'][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[05/19/2022][22:43:54.073][22:43:54][6188][5460][CSmDbConnection.cpp:241][CSmDbConnection::ReleaseReference][][][][][][][][][][][][][][][][][][][][][Release connection reference. ReferenceCount = '8'][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[05/19/2022][22:43:54.073][22:43:54][6188][5460][CSmDbConnection.cpp:241][CSmDbConnection::ReleaseReference][][][][][][][][][][][][][][][][][][][][][Release connection reference. ReferenceCount = '7'][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[05/19/2022][22:43:54.073][22:43:54][6188][5460][CSmDbConnection.cpp:241][CSmDbConnection::ReleaseReference][][][][][][][][][][][][][][][][][][][][][Release connection reference. ReferenceCount = '6'][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[05/19/2022][22:43:54.073][22:43:54][6188][5460][CSmDbConnection.cpp:241][CSmDbConnection::ReleaseReference][][][][][][][][][][][][][][][][][][][][][Release connection reference. ReferenceCount = '5'][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[05/19/2022][22:43:54.073][22:43:54][6188][5460][CSmDbConnection.cpp:241][CSmDbConnection::ReleaseReference][][][][][][][][][][][][][][][][][][][][][Release connection reference. ReferenceCount = '4'][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[05/19/2022][22:43:54.073][22:43:54][6188][5460][CSmDbConnection.cpp:241][CSmDbConnection::ReleaseReference][][][][][][][][][][][][][][][][][][][][][Release connection reference. ReferenceCount = '3'][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[05/19/2022][22:43:54.073][22:43:54][6188][5460][CSmDbConnection.cpp:241][CSmDbConnection::ReleaseReference][][][][][][][][][][][][][][][][][][][][][Release connection reference. ReferenceCount = '2'][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[05/19/2022][22:43:54.073][22:43:54][6188][5460][XPSPolicyData.cpp:581][CXPSPolicyData::CreateOrUpdateImpl][][][][][][][][][][][][][][][][][][][][][LogMessage:WARN: Assert failed: Commit()][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
Release : 12.8
Component : SITEMINDER WAM UI
Sometimes the limitation from the RDBMS database has 4000 character limit or lower, Policy server is unable to commit the cert/key pair data to policy store.
But after verification, the VARCHAR2 is already set to 4000. Increasing it did not help.
12.8 SP4 later policy server upgraded 3rd party Datadirect odbc driver, regardless on Linux or Windows platform, as long as Database is used as store, hence it will require an additional entry during data source creation.
"EnableNcharSupport=0"
There could be other issues manifested when this setting is not present, such as:
Command "XPSImport smpolicy.xml -npass" failure
or
The detailed configuration step is documented at section Create an Oracle Data Source on Windows, step 9.
Select Windows ODBC Data Sources in use for policy store, Click the Advanced tab and enter the following in the Extended Options field:
EnableNcharSupport=0
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/installing/install-a-policy-server/configure-odbc-databases-as-policy-session-key-and-audit-stores/configure-odbc-databases-as-audit-store/store-audit-logs-in-oracle.html
Recycle policy server and admin ui.