CA Performance Management SAML integration log in failures post upgrade

Document ID : KB000103025
Last Modified Date : 21/06/2018
Show Technical Document Details
Issue:
After a CA Performance Center upgrade from users authenticated via SAML integration for SSO are unable to log in.
Environment:
All supported CA Performance Management releases
Cause:
The following errors from the /opt/CA/PerformanceCenter/SSO/logs/SSOService.log indicate the cause of the problem.

INFO  | qtp1469267193-37         | 2018-06-21 13:32:20,931 | org.apache.cxf.service.factory.ReflectionServiceFactoryBean      
| Creating Service {http://netqos.com/SingleSignOnWS}SingleSignOnWSSoapService from class com.netqos.singlesignonws.SingleSignOnWSSoap
ERROR | qtp1469267193-37         | 2018-06-21 13:32:20,969 | common.saml2.CredentialHelperUtility                             
| Could not find file: /opt/CA/PerformanceCenter/sso/webapps/sso/keystore

During the upgrade the keystore file was removed breaking the integration with SAML.

At this time the keystore file referenced in the saml.properties file is not preserved by the upgrade. This is done for the SSL keystore referenced in ssl.ini files.

In this instance with the keystore located in the /opt/CA/PerformanceCenter/sso/webapps/sso/keystore directory it was overwritten when that directory was laid down during the installation.
 
Resolution:
1: Ensure the keystore file for the SAML configuration is located in either:
1A: A Non-CA Performance Center directory on the server
1B: The same directory as the saml.properties file which is left alone during upgrades:  /opt/CA/PerformanceCenter/sso/webapps/sso/configuration

2: Defect DE371073 has been submitted to ensure the keystore file referenced in the saml.properties file is preserved regardless of it's location. This will be fixed in a future release.
Additional Information:
If possible always ensure key files like keystore files with imported certifications are backed up to a safe location prior to upgrades for recovery purposes.