Calling CA IDM Web Services from CA SSO variables

book

Article ID: 75110

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We're trying to invoke from Policy Server (PS) CA IDM's web service TEWS with CA SSO variable web services configured on the PS side.

However we get below error in policy server trace logs:

[Active expression 'GetActiveAttr;smjavaapi;JavaActiveExpression;com.netegrity.scriptevaluation.scripta ctiveexpression.ActiveVariable EASelfRegistration' failed with error 'Referenced variable "EASelfRegistration" that failed to resolve'][][][][][][][Leave function CSmActiveExprLibrary::GetActiveValue][

We have checked the connectivity, it looks fine.

Cause

Web services variable call over TLS 1.2 is failing.

Environment

PS Version: R12.6.2 with FIPS ONLY, TLS 1.2 
PS OS: Linux 2.6.32-696.10.2.el6.x86_64 

CA IdM R12.6 SP8 cr02 with TEWS web service on Wildfly 8.x server

Java version in PS system: jdk1.8.0_102
Java version in Wildfly (JBoss 8.x) system with webservice TEWS for IdM: jdk1.8.0_92
 

Resolution

1*) Enabled Trace log by setting as below 
Go to file ps/conf/properties/LoggerConfig.properties. Set as below.

# LogLevel can be one of LOG_LEVEL_NONE, LOG_LEVEL_ERROR, LOG_LEVEL_INFO, LOG_LEVEL_TRACE 
LogLevel=LOG_LEVEL_TRACE 

# If LogFileName is set Log output will go to the file named 
LogFileName=/tmp/webservicetrace.log 

Ran the use case to get Wireshark trace and webservicetrace.log for working TLS1.0 and non-working TLS 1.2..
Examined the Wireshark trace and log file /tmp/webservicetrace.log for both the transactions; for working TLS 1.0 and non-working TLS 1.2.

Fix (DE350675) was created for SmActiveExpr.jar (on the PS side) for TLS 1.2 communication between PS and Wildfly 8.x based web service.

Additional Information

For further details on how web service variables work, please refer to this document link:
https://docops.ca.com/ca-single-sign-on/12-6-01/en/configuring/policy-server-configuration/variables/web-service-variables