Running CA Access Gateway (SPS), when a user accesses a resource protected with OpenID Connect, at the first request the user is redirected, as explained in the documentation, to the authentication page that protects / Affwebservices / secure / secureRedirect.

After POSTing the authentication data, the browser receives the return code 500, saying that the transaction cannot be handled.

The CA Access Gateway (SPS) federation traces reports those lines:

FWSTrace.log 

[05/23/2018][08:54:55][7228][1900][][FWSConfigurationManager.java][initializeResourceDirectory][Cannot set resource path used to display error messages; Likely caused by uninitialized NETE_WA_ROOT environment variable] 

[05/23/2018][09:13:29][7228][5572][][AuthorizationService.java][processAuthentication][Not using secure authentication URL.] 

[05/23/2018][09:13:29][7228][5572][][SecureRedirect.java][doGet][Transaction with ID: 610c7b97-d9ab1f07-19230f43-76119b33-7e7a2c6e-0c  failed. Reason: SERE_GET_EXCEPTION] 

[05/23/2018][09:13:29][7228][5572][][SecureRedirect.java][doGet][Exception caught in class com.netegrity.affiliateminder.webservices.SecureRedirect, method  doGet: com.netegrity.siteminder.agentcommon.utils.k: Failed to decrypt.] 

• Make sure that the CA Access Gateway (SPS) JDK has the JCE patches set (1);
• Make sure that "Use Secure Authentication URL" is checked in the Authorization Provider configuration;
• Make sure that the Environment variable NETE_WA_ROOT is set properly before starting the CA Access Gateway (SPS).

1. Install Access Gateway