Issue:
I'm trying to register the Agent for JBoss to the Policy Server, and the registration fails giving the following output :
[root@linux-U171282 bin]# ./smreghost.sh -i myps.test.com -u siteminder -p mypassword -hn myagent -hc myagent -cf COMPAT -o
Exception in thread "main" java.lang.ExceptionInInitializerError
at javax.crypto.JceSecurity.loadPolicies(JceSecurity.java:318)
at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:263)
at javax.crypto.JceSecurity.access$000(JceSecurity.java:48)
at javax.crypto.JceSecurity$1.run(JceSecurity.java:81)
at java.security.AccessController.doPrivileged(Native Method)
at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:78)
at javax.crypto.Cipher.getInstance(Cipher.java:653)
at com.ca.siteminder.sdk.agentapi.crypto.ap.f(DashoA10*..:1203)
at com.ca.siteminder.sdk.agentapi.crypto.ar.<init>(DashoA10*..:72)
at com.ca.siteminder.sdk.agentapi.crypto.ap.a(DashoA10*..:203)
at com.ca.siteminder.sdk.agentapi.connection.a3.<clinit>(DashoA10*..:86)
at com.ca.siteminder.sdk.agentapi.w.a(DashoA10*..:128)
at com.ca.siteminder.sdk.agentapi.SmRegHost.a(DashoA10*..:577)
at com.ca.siteminder.sdk.agentapi.SmRegHost.register(DashoA10*..:395)
at com.ca.siteminder.sdk.agentapi.SmRegHost.main(DashoA10*..:323)
Caused by: java.lang.SecurityException: Framework jar verification can not be initialized
at javax.crypto.JarVerifier.<clinit>(JarVerifier.java:189)
... 15 more
Caused by: java.lang.SecurityException: Unsupported algorithm, MD5, selected for FIPS140 mode: FIPS140
How can I solve this problem ?
Environment:
Agent for JBoss 12.52SP1CR06 with JDK 1.8.0_60 64bit;
Cause:
In order to use the MD5 algorithm, you should configure the JDK to disable the FIPS140 encryption.
Resolution:
Edit the /opt/jdk1.8.0_60/jre/lib/security/java.security file to have the following configuration. Be sure the last line with com.rsa.cryptoj is set.
security.provider.1=com.ibm.crypto.provider.IBMJCE
security.provider.2=com.rsa.jsafe.provider.JsafeJCE
security.provider.3=sun.security.provider.Sun
security.provider.4=sun.security.rsa.SunRsaSign
security.provider.5=sun.security.ec.SunEC
security.provider.6=com.sun.net.ssl.internal.ssl.Provider
security.provider.7=com.sun.crypto.provider.SunJCE
security.provider.8=sun.security.jgss.SunProvider
security.provider.9=com.sun.security.sasl.Provider
security.provider.10=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.11=sun.security.smartcardio.SunPCSC
com.rsa.cryptoj.fips140initialmode=NON_FIPS140_MODE
KB : TEC1756665