Could not get certificate from DB and federation applications failing after upgrade in Policy Server
search cancel

Could not get certificate from DB and federation applications failing after upgrade in Policy Server

book

Article ID: 410311

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign-On

Issue/Introduction

After the upgrade of the Policy Server, the SAML assertions are being rejected with the error:

Assertion Rejected. Exception:Transaction with ID: <value> failed. java.lang.Exception: Could not get certificate from DB (IssuerName: CN=<value>) - Error - unable to connect to the keystore.  The KeyDB object was not created.

Cause

The CDS (Certificate Data Store) was corrupted somehow during the upgrade.

Test to confirm with smkeytool.

# smkeytool.sh -listCerts
Failed to create a Certificate Data Store instance.  Check installation.
Could not register an existing Certificate Data Store: Error - unable to connect to the keystore. The KeyDB object was not created.

Resolution

Restoring the Policy Store from backup and re-applying the schema of the current version resolved the issue.

Powered by Wolken Software