A2A client and Java returns "null" when fetching the password
Article ID: 387663
Updated On:
Products
Issue/Introduction
Running a simple java program which fetches the credentials for an alias using the method a java method. The return status is "400" (OK) and the corresponding method returns the username for the alias.
However, the method to return the password returns "null" instead of the password.
Environment
CA PAM all versions up to 4.2.1.
Oracle java version 17.X
Cause
This is caused by the jar files for the PAM A2A clients being signed with a SHA1 algorithm
By default, later versions of java will consider jar signed with insecure versions of the algorithms as unsigned, causing this type of issue
Resolution
It is possible to allow for jar files signed with weaker algorithms by modifying the following setting
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 or all together deleting it in the security/java.security file under your java installation.
This issue is fixed in PAM 4.2.2+ releases.
Additional Information
Feedback
