Hi all,
I'm working with a customer to configure proxy rules on the Access Gateway to forward request to a certain URI to the IDP initiate SSO server url.
This was tested in a lower environment and it worked fine. The main difference between the environments are:
1) The use of a CA cert instead of using a self signed cert
2) The use of a load balancer url instead of host name
When trying Access Gateway Load Balancer URL with uri, we are getting the following:
Error Details
Request URI
: /xxxxxxx
Error Type
: SPS Exception
Error Code
: Noodle_ConnectException
Message
: Indicates error at noodie stage. More detailed in SPS logs.
In the WebAgentTrace.log,
[execute][[Ljava.lang.Object; cannot be cast to [Ljava.lang.String;]
[Noodle::doGet][java.lang.ClassCastException: [Ljava.lang.Object; cannot be cast to [Ljava.lang.String; at com.netegrity.util.security.hostVerifier.AbstractHostVerifier.getSubjectAlts(Unknown Source)]
After doing some research, I came across other who had similar issue that was due to the JCE not being set to to support unlimited key strength.
I've attempted to update jce key strength per documentation:
Install CA Access Gateway - CA Single Sign-On - 12.8 - CA Technologies Documentation
We are using Java 1.8.0_171, so I've updated as follows:
For JDK 1.8_151 and later, perform the following steps:
- Navigate to the jdk_home/jre/lib/security directory and open the java.security file.
Uncomment the following line:
crypto.policy=unlimited
Save the file.
After restarting access gateway server, we are still seeing the same error (Noodle Exception).
I also tested the forward ability to another test url and it worked fine, so it seems to be a problem when trying to use IDP initiated SSO service url.
Any thoughts on anything additionally I can check?
Thanks,
Michael Pass