CA Secure Proxy Server requires Java Runtime Environment used by agent to support unlimited key strength in the Java Cryptography Extension package.
Configure the JVM to Use the JSafeJCE Security Provider
To enable encryption, configure the JVM that is running the CA SiteMinder® SPS so it uses the JSafeJCE Security Provider.
Follow these steps:
security.provider.2=com.rsa.jsafe.provider.JsafeJCE
com.rsa.cryptoj.fips140initialmode=NON_FIPS140_MODE
8. Save the changes.
9. Restart CA SPS service.
The following example shows the List of Providers section of the java.security file after you configure the JVM:
security.provider.1=sun.security.provider.Sun
security.provider.2=com.rsa.jsafe.provider.JsafeJCE
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.9=sun.security.smartcardio.SunPCSC
security.provider.10=sun.security.mscapi.SunMSCAPI
com.rsa.cryptoj.fips140initialmode=NON_FIPS140_MODE
If you are still getting the following error in STS log:
ERROR [sts=Office365] [txn=] [com.netegrity.tm.contenthelper.api.ContentHelperService] JsafeJCE is not installed as a security provider - this is an unsupported configuration.
Perform the following:
Update SmSpsProxyEngine.properties file (resides under SPS_home\proxy-engine\conf file directory), include the ‘%NETE_SPS_ROOT%\agentframework\java\cryptoj.jar’ in the –classpath
OR
Copy cryptoj.jar file from <SPS>\agentframework\java to <JDK>\jre\lib\ext file directory.
Restart CA SPS service.