Federation fails when Federation Manager is deployed in WebSphere Application Server and using Secure Sockets Layer (6322995)
User federation between an identity provider and a service provider fails when Federation Manager is deployed in WebSphere Application Server and using Secure Sockets Layer (SSL).
WORKAROUND: You must find the Java Development Kit (JDK) 1.4 or above and modify WebSphere's server.xml file as described below. server.xml is located in websphere-base/WebSphere/AppServer/config/cells/cell-name/nodes/node-name/servers/server-instance/. The cell-name/node-name/server-instance variables identify the name of the cell/node/server in which Federation Manager is deployed. For example, /opt/WebSphere/AppServer/config/cells/moonriver/nodes/moonriver/servers/server1/server.xml.
-
Add Sun Microsystems' library to the classpath by adding the following to the jvmEntries element:
<classpath>JAVA_HOME/jre/lib/jsse.jar</classpath>
Note –The jsse.jar used here must be from the same version of the JDK that WebSphere is using.
-
Add the protocol handler package to the genericJvmArguments property of jvmEntries element by adding the following:
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
It will look like this:
<jvmEntries xmi:id="JavaVirtualMachine_1" verboseModeClass="false" verboseModeGarbageCollection="false" verboseModeJNI="false" runHProf="false" hprofArguments="" debugMode="false" debugArgs="-Djava.compiler=NONE -Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=7777" genericJvmArguments="-Djava.protocol.handler.pkgs= com.sun.net.ssl.internal.www.protocol"> <classpath>/usr/j2se/jre/lib/jsse.jar</classpath> </jvmEntries>
-
Copy the stronger US_export_policy.jar and local_policy.jar files to the /jdk/jre/lib/security directory if the SSL handshake requires.
-
Restart WebSphere.
- © 2010, Oracle Corporation and/or its affiliates