CA Single Sign On Secure Proxy Server (SiteMinder)AXIOMATICS POLICY SERVERCA Single Sign On SOA Security Manager (SiteMinder)CA Single Sign-On
We're trying to invoke from Policy Server (PS) CA IDM's web service TEWS with CA SSO variable web services configured on the PS side.
However we get below error in policy server trace logs:
[Active expression 'GetActiveAttr;smjavaapi;JavaActiveExpression;com.netegrity.scriptevaluation.scripta ctiveexpression.ActiveVariable EASelfRegistration' failed with error 'Referenced variable "EASelfRegistration" that failed to resolve'][Leave function CSmActiveExprLibrary::GetActiveValue][
We have checked the connectivity, it looks fine.
Web services variable call over TLS 1.2 is failing.
PS Version: R12.6.2 with FIPS ONLY, TLS 1.2 PS OS: Linux 2.6.32-696.10.2.el6.x86_64
CA IdM R12.6 SP8 cr02 with TEWS web service on Wildfly 8.x server
Java version in PS system: jdk1.8.0_102 Java version in Wildfly (JBoss 8.x) system with webservice TEWS for IdM: jdk1.8.0_92
1*) Enabled Trace log by setting as below Go to file ps/conf/properties/LoggerConfig.properties. Set as below.
# LogLevel can be one of LOG_LEVEL_NONE, LOG_LEVEL_ERROR, LOG_LEVEL_INFO, LOG_LEVEL_TRACE LogLevel=LOG_LEVEL_TRACE
# If LogFileName is set Log output will go to the file named LogFileName=/tmp/webservicetrace.log
Ran the use case to get Wireshark trace and webservicetrace.log for working TLS1.0 and non-working TLS 1.2.. Examined the Wireshark trace and log file /tmp/webservicetrace.log for both the transactions; for working TLS 1.0 and non-working TLS 1.2.
Fix (DE350675) was created for SmActiveExpr.jar (on the PS side) for TLS 1.2 communication between PS and Wildfly 8.x based web service.
For further details on how web service variables work, please refer to this document link: https://docops.ca.com/ca-single-sign-on/12-6-01/en/configuring/policy-server-configuration/variables/web-service-variables