A2A client and Java returns "null" when fetching the password
search cancel

A2A client and Java returns "null" when fetching the password

book

Article ID: 387663

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Running a simple java program which fetches the credentials for an alias using the method a java method. The return status is "400" (OK) and the corresponding method returns the username for the alias.

However, the method to return the password returns "null" instead of the password.

Environment

CA PAM all versions up to 4.2.1 at least

Oracle java version 17.X

Cause

This is caused by the jar files for the PAM A2A clients being signed with a SHA1 algorithm

By default, later versions of java will consider jar signed with insecure versions of the algorithms as unsigned, causing this type of issue

Resolution

It is possible to allow for jar files signed with weaker algorithms by modifying the following setting

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024

or altogether deleting it in the security/java.security file under your java installation

Sustaining Engineering is working on resigning the jar files and an updated PAM Client will be made available in future releases

Additional Information