Using Spectrum OneClick SSL with LDAP, the SSL frequently does not communicate back and drops

book

Article ID: 51966

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

Using Spectrum OneClick SSL with LDAP, the SSL frequently does not communicate back and drops

The following error may be seen in the $SPECROOT/tomcat/logs/stdout.log file (Windows) or catalina.out file (Linux).

 

Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection
during handshake
                at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:742)
                at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketIm
pl.java:1030)
                at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)
                at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
                at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
                at
java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
                at
com.sun.jndi.ldap.Connection.writeRequest(Connection.java:390)
                at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334)
                at
com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:192)
                at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2637)
                at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
                at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
                at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)
                at
com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFa
ctory.java:35)
                at
javax.naming.spi.NamingManager.getURLObject(NamingManager.java:584)
                at
javax.naming.spi.NamingManager.processURL(NamingManager.java:364)
                at
javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:344)
                at
javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:316)
                at
com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:93)
                ... 41 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly


Couldn't authenticate user against directory

Cause

The connection was dropped after LDAP and during SSL.

There are multiple LDAP servers that are referring-so a certificate gets done with one server and OnceClick host, but then another server gets involved when LDAP references over, and that server does not have the matched up SS certificates, so the connection gets dropped.

Environment

Release: Any
Component:

Resolution

To prevent referring off to another LDAP server, at the end of the tomcat/webapps/spectrum/META-INF/context.xml file , change referrals="follow" /> to
referrals="ignore" /> 

Another alternative is to leave referrals on and ensure that all authentication servers that may be followed have the certificate matched up and added in