500 error when using Secure Token Server (STS) with OpenJDK 17
search cancel

500 error when using Secure Token Server (STS) with OpenJDK 17

book

Article ID: 381951

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

When you have multiple STS (Secure Token Servers) configured in Access Gateway and are configured to use OpenJDK 17, one works and one or more of the STS's returns a 500 error.

Environment

Access Gateway 12.8.08.x
Java: OpenJDK 17

Cause

This is a known issue with OpenJDK 17 and Access Gateway 12.8.08.x

This issue may also occur with OpenJDK 11.

Resolution

  1. Stop Access Gateways services before making changes.
  2. Copy following jar files from secure-proxy\Tomcat\endorsed folder to each STS Application WEB-INF\lib folders.
    <SPS_install_home>\secure-proxy\Tomcat\webapps\<STS_app_name>\WEB-INF\lib


    jakarta.activation.jar
    jakarta.xml.bind-api.jar
    jakarta.xml.ws-api-2.3.2.jar

    (Note: Do not remove above files from Tomcat\endorsed folder, just copy and place in each STS application WEB-INF\lib folders)

  3. After making above changes start Access Gateways services and hit ws-username endpoint on both STS Apps.