search cancel

Federation transaction not working : SmJavaAPI: Error finding class ActiveExpressionContext


Article ID: 7111


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


When trying to use federation, we get the following error in the browser :

HTTP Status 403 - Request Forbidden. Transaction ID: 1711457b-3dd3a976-79fd404a-d7a111f5-c15c7df1-f810 failed.


Checking the Policy Server traces we see :

[LogMessage:ERROR:[sm-JavaApi-00290] SmJavaAPI: Error finding class ActiveExpressionContext]

[LogMessage:ERROR:[sm-Tunnel-00160] Failed to initialize tunnel service library 'smjavaapi'. SmJavaAPI: Unable to initialize JNI references] 


The JVM is creating a dump:

 V [] resource_allocate_bytes(unsigned int, AllocFailStrategy::AllocFailEnum)+0x1a

V [] JVM_GetStackAccessControlContext+0xfc

C [] Java_java_security_AccessController_getStackAccessControlContext+0x24 


01dca000-02651000 r-xp 00000000 fd:00 6135898 /u01/app/java/jdk1.7.0_79/jre/lib/i386/server/

02651000-026b6000 rw-p 00886000 fd:00 6135898 /u01/app/java/jdk1.7.0_79/jre/lib/i386/server/

04688000-04693000 r-xp 00000000 fd:00 5842876 /u01/app/java/jdk1.7.0_71/jre/lib/i386/

04693000-04694000 rw-p 0000b000 fd:00 5842876 /u01/app/java/jdk1.7.0_71/jre/lib/i386/



Policy Server 12.52 SP1 CR00 on RHEL 6.6 64-bit


This issue is caused by having 2 different JDK configured in the Policy Server configuration of :


in environment variables PATH and LD_LIBRARY_PATH

in files ca_ps_env.ksh and JVMOptions.txt





This problem is resolved by using only one JDK/JRE (in the example, the version 1.7.0_79) and patching it with the Java Cryptography Extension (JCE).