Symantec Access Management

  • Private Community

  • 1.  Regarding password change using Post method

    Posted Apr 18, 2019 12:09 PM

    I have written below java code to change the password in siteminder.

     

    import org.apache.commons.httpclient.params.HostParams;
    import org.apache.commons.httpclient.params.HttpParams;
    import org.apache.http.HttpEntity;
    import org.apache.http.HttpResponse;
    import org.apache.http.NameValuePair;
    import org.apache.http.client.HttpClient;
    import org.apache.http.client.entity.UrlEncodedFormEntity;
    import org.apache.http.client.methods.HttpPost;
    import org.apache.http.impl.client.HttpClientBuilder;
    import org.apache.http.message.BasicNameValuePair;
    import org.apache.http.util.EntityUtils;
    import org.jfree.util.Log;

    import com.sun.net.ssl.SSLContext;

    import java.io.IOException;
    import java.io.UnsupportedEncodingException;
    import java.security.NoSuchAlgorithmException;
    import java.util.ArrayList;
    import java.util.List;

    public class SMPost {
    public static void main(String[] args) {
    HttpClient client = HttpClientBuilder.create().build();
    HttpPost post = new HttpPost("https://cscgppmrd003.amer.csc.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=34&SMAGENTNAME=amer_gp_cscgppmrd003_apache_agent&TARGET=https://gpl.tst.csc.com/webtest/&username=rsoni29&PASSWORD=G@ecis22g&NEWPASSWORD=G@ecis22a&CONFIRMATION=G@ecis22a");



    // Create some NameValuePair for HttpPost parameters
    ArrayList postParameters = new ArrayList<NameValuePair>();
    postParameters.add(new BasicNameValuePair("username", "rsoni29"));
    postParameters.add(new BasicNameValuePair("SMAUTHREASON", "34"));
    postParameters.add(new BasicNameValuePair("SMAGENTNAME", "https://gpl.tst.csc.com/webtest/"));
    postParameters.add(new BasicNameValuePair("TARGET", "https://gpl.tst.csc.com/webtest/"));
    postParameters.add(new BasicNameValuePair("PASSWORD", "G@ecis22g"));
    postParameters.add(new BasicNameValuePair("NEWPASSWORD", "G@ecis22b"));
    postParameters.add(new BasicNameValuePair("CONFIRMATION", "G@ecis22b"));
    //postParameters.add(new BasicNameValuePair("grant_type", "client_credentials"));
    post.setHeader("content-type", "application/x-www-form-urlencoded");
    post.setHeader("Chunked", "true");
    post.setHeader("grant_type", "client_credentials");
    //post.setHeader("Authorization", "No Auth");

    // socket.setEnabledProtocols(new String[]{"SSLv3", "TLSv1"});
    try {
    post.setEntity(new UrlEncodedFormEntity(postParameters, "UTF-8"));
    } catch (UnsupportedEncodingException e1) {
    // TODO Auto-generated catch block
    System.out.println("hi");

    e1.printStackTrace();
    }
    //post.setHeader("postman-token", "aa8e7259-1976-4d4e-13ec-f5851a411a41");
    try {


    System.out.println(post.getParams());
    System.out.println(post.getURI());
    System.out.println(post.getEntity());
    System.out.println(post.getAllHeaders().toString());
    HttpResponse response = client.execute(post);
    System.out.println(response);

    // Print out the response message
    System.out.println(EntityUtils.toString(response.getEntity()));
    } catch (IOException e) {
    e.printStackTrace();
    }
    }
    }

     

     

     

    ---------------------------------------------

     

    But getting below error:

     

    %% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
    main, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown
    main, WRITE: TLSv1.2 Alert, length = 2
    main, called closeSocket()
    main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:290)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259)
    at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:319)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)
    at SMPost.main(SMPost.java:61)
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
    ... 21 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
    ... 27 more

     

     

     

    -------------------

    i have already uploaded the siteminder certificate in my java key store and trusted store.



  • 2.  Re: Regarding password change using Post method

    Posted Apr 22, 2019 06:42 AM

    Hi,

     

    Did you load the server cert or the CA cert into your trust store?

    Are you using a custom java trust store or using the default "cacerts" file in jre/lib/security?

    What java version are you using?

    Is unlimited strength enabled?

     

    cert chain



  • 3.  Re: Regarding password change using Post method

    Posted Apr 22, 2019 07:22 AM

    Hi Zen,

     

    I am using default cacerts on java 1.8.181 version.

    I have policy jar already put in java security folders. Not sure if anything else is required to enable unlimited strength.

    Get Outlook for Android<https://aka.ms/ghei36>



  • 4.  Re: Regarding password change using Post method

    Posted Apr 22, 2019 10:42 AM

    Hi amulyanidhi,

     

    The unlimited policy jars should already be in this version of java. You should open up the jre/lib/security/java.security

     

    look for 

     

    crypto.policy=unlimited

     

    and remove the # commenting.

     

    Also just to make sure. Are you running from a windows system? If you install jdk in windows, it usually installs both jdk and jre in separate folders (not counting the jre folder inside jdk). That means there's 2 cacerts files. depending on which java executable is being used, the cacerts for that java is referenced. Try adding the certs in all of those cacerts files. Although the better advise is to confirm which java executable you are actually using.

     

    This is further amplified when you have multiple versions of java in the same box.

     

    regards,

    Zen