Websphere TAI agent initialization failed after WAS application server patching
Article ID: 248753
Updated On:
Products
Issue/Introduction
SiteMinder application server agent (TAI or ASA TAI) errors out after patching the WebSphere version from 9.0.5.11 to 9.0.5.12:
SystemOut.log:
************ Start Display Current Environment ************
WebSphere Platform 9.0.5.12 [ND 9.0.5.12 f5122219.04] [JAVA8 8.0.7.11 xxxxxxxxxxx-20220601_01] running with process name xxxxxxxxxxxxxxxxx and process id 13328
Full server name is xxxxxxxxxxxxxxxxxxxxxx
Host Operating System is Linux, version 3.10.0-1160.36.2.el7.x86_64
Java version = 1.8.0_331, Java Runtime Version = 8.0.7.11 - xxxxxxxxxxx-20220601_01(SR7 FP11), Java Compiler = j9jit29, Java VM name = IBM J9 VM
was.install.root = <install-Dir>/WebSphere/AppServer
user.install.root = <install-Dir>/WebSphere/AppServer/profiles/server01
Java Home = <install-Dir>/WebSphere/AppServer/java/8.0/jre
ws.ext.dirs = <install-Dir>/WebSphere/AppServer/java/8.0/lib:<install-Dir>/WebSphere/AppServer/profiles/server01/classes:/<install-Dir>/WebSphere/AppServer/classes:/<install-Dir>/WebSphere/AppServer/lib:/<install-Dir>/WebSphere/AppServer/installedChannels:/<install-Dir>/WebSphere/AppServer/lib/ext:/<install-Dir>/WebSphere/AppServer/web/help:/<install-Dir>/WebSphere/AppServer/deploytool/itp/plugins/com.ibm.etools.ejbdeploy/runtime
Classpath = /<install-Dir>/WebSphere/AppServer/profiles/server01/properties:/<install-Dir>/WebSphere/AppServer/properties:/<install-Dir>/WebSphere/AppServer/lib/startup.jar:/<install-Dir>/WebSphere/AppServer/lib/bootstrap.jar:/<install-Dir>/WebSphere/AppServer/lib/lmproxy.jar:/<install-Dir>/WebSphere/AppServer/lib/urlprotocols.jar:/<install-Dir>/WebSphere/AppServer/deploytool/itp/batchboot.jar:/<install-Dir>/WebSphere/AppServer/deploytool/itp/batch2.jar:/<install-Dir>/WebSphere/AppServer/java/8.0/lib/tools.jar:/<install-Dir>/appfiles/lim/:/<install-Dir>/appfiles/limpub/
Java Library path = <install-Dir>WebSphere/AppServer/lib/native/linux/x86_64/:/<install-Dir>/WebSphere/AppServer/java/8.0/jre/lib/amd64/compressedrefs:/<install-Dir>/WebSphere/AppServer/java/8.0/jre/lib/amd64:/<install-Dir>/WebSphere/AppServer/bin:/<install-Dir>/WebSphere/AppServer/nulldllsdir:/usr/lib64:/usr/lib:
Orb Version = IBM Java ORB build orb80-20220208.00
Max file descriptor count = 1024000************* End Display Current Environment *************
[8/16/22 16:18:46:974 CDT] 00000001 TrustAssociat E SECJ0384E: Trust Association Init Error. The Trust Association interceptor implementation com.netegrity.siteminder.websphere.auth.SmTrustAssociationInterceptor initialization failed. The error status/exception is java.lang.NoSuchMethodError: org/bouncycastle/crypto/CryptoServicesRegistrar.isInApprovedOnlyMode()Z (loaded from file:/<install-Dir>/WebSphere/AppServer/installedConnectors/wmq.jmsra.rar/bcprov-jdk15on.jar by org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader@5a241c3e[com.ibm.ws.runtime.mqjms:9.1.0.11(id=330)]) called from class org.bouncycastle.jcajce.provider.ProvSecureHash$MD5 (loaded from file:/<install-Dir>/WebSphere/AppServer/lib/ext/bc-fips-1.0.1.jar by com.ibm.ws.bootstrap.ExtClassLoader@aa33daa5).
at org.bouncycastle.jcajce.provider.ProvSecureHash$MD5.configure(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
at com.ca.sso.smcrypto.bcfipsimpl.SmCryptoBCFIPSProvider.<clinit>(SmCryptoBCFIPSProvider.java:57)
at com.ca.sso.smcrypto.provider.SmCryptoProviderFactory.getInstance(SmCryptoProviderFactory.java:37)
at com.ca.sso.smcrypto.SmCryptoFacade.<clinit>(SmCryptoFacade.java:35)
at com.ca.siteminder.sdk.agentapi.tli.n.<clinit>(smagentapi_obfsc:64)
at com.ca.siteminder.sdk.agentapi.connection.i.a(smagentapi_obfsc:169)
at com.ca.siteminder.sdk.agentapi.connection.h.aK(smagentapi_obfsc:369)
at com.ca.siteminder.sdk.agentapi.connection.h.h(smagentapi_obfsc:304)
at com.ca.siteminder.sdk.agentapi.connection.h.aq(smagentapi_obfsc:235)
at com.ca.siteminder.sdk.agentapi.connection.c.aq(smagentapi_obfsc:646)
at com.ca.siteminder.sdk.agentapi.connection.a.a(smagentapi_obfsc:159)
at com.ca.siteminder.sdk.agentapi.connection.a.b(smagentapi_obfsc:71)
at com.ca.siteminder.sdk.agentapi.e.a(smagentapi_obfsc:129)
at netegrity.siteminder.javaagent.AgentAPI.c(smagentapi_obfsc:954)
at netegrity.siteminder.javaagent.AgentAPI.getConfig(smagentapi_obfsc:1276)
at com.netegrity.siteminder.agentcommon.framework.o.c(Unknown Source)
at com.netegrity.siteminder.agentcommon.framework.l.d(Unknown Source)
at com.netegrity.siteminder.agentcommon.framework.l.a(Unknown Source)
at com.netegrity.siteminder.agentcommon.framework.k.a(Unknown Source)
at com.netegrity.siteminder.asaframework.common.SmAgentHelper.<init>(Unknown Source)
at com.netegrity.siteminder.websphere.auth.SmTrustAssociationInterceptor.initialize(Unknown Source)
at com.ibm.ws.security.web.TrustAssociationManager.loadInterceptor(TrustAssociationManager.java:497)
at com.ibm.ws.security.web.TrustAssociationManager.initialize(TrustAssociationManager.java:386)
Environment
ASA Agent 12.8SP02 for WebSphere 9.0.5.12;
[16 Aug 2022 16:18:46,766] [main] [INFO] SM_WSB_00005 - SiteMinder Product Details: PRODUCT_UPDATE=00, PRODUCT_NAME=SiteMinder Application Server Agent for IBM WebSphere, PRODUCT_LABEL=02, PRODUCT_VERSION=12.8 .
Cause
There are mandatory configuration steps required to Use this version of ASA Agent (1).
Resolution
Perform the following extra configurations after the installation and configuration of ASA Agent (1):
- Set com.ibm.ws.security.spnego.isEnabled to no. For information, see the IBM documentation.
- Rename the following jars at websphere_installation_location\AppServer\installedConnectors\wmq.jmsra.rar:
bcprov-jdk15on.jar
From: bcprov-jdk15on.jar
To : bcprov-jdk15on_jar_bkp
bcpkix-jdk15on.jar
From: bcpkix-jdk15on.jar
To: bcpkix-jdk15on_jar_bkp
Additional Information
Feedback
