Calling CA IDM Web Services from CA SSO variables

Document ID : KB000075110
Last Modified Date : 02/04/2018
Show Technical Document Details
Issue:
We're trying to invoke from Policy Server (PS) CA IDM's web service TEWS with CA SSO variable web services configured on the PS side.

However we get below error in policy server trace logs:

[Active expression 'GetActiveAttr;smjavaapi;JavaActiveExpression;com.netegrity.scriptevaluation.scripta ctiveexpression.ActiveVariable EASelfRegistration' failed with error 'Referenced variable "EASelfRegistration" that failed to resolve'][][][][][][][Leave function CSmActiveExprLibrary::GetActiveValue][

We have checked the connectivity, it looks fine.
Environment:
PS Version: R12.6.2 with FIPS ONLY, TLS 1.2 
PS OS: Linux 2.6.32-696.10.2.el6.x86_64 

CA IdM R12.6 SP8 cr02 with TEWS web service on Wildfly 8.x server

Java version in PS system: jdk1.8.0_102
Java version in Wildfly (JBoss 8.x) system with webservice TEWS for IdM: jdk1.8.0_92
 
Cause:
Web services variable call over TLS 1.2 is failing.
Resolution:
1*) Enabled Trace log by setting as below 
Go to file ps/conf/properties/LoggerConfig.properties. Set as below.

# LogLevel can be one of LOG_LEVEL_NONE, LOG_LEVEL_ERROR, LOG_LEVEL_INFO, LOG_LEVEL_TRACE 
LogLevel=LOG_LEVEL_TRACE 

# If LogFileName is set Log output will go to the file named 
LogFileName=/tmp/webservicetrace.log 

Ran the use case to get Wireshark trace and webservicetrace.log for working TLS1.0 and non-working TLS 1.2..
Examined the Wireshark trace and log file /tmp/webservicetrace.log for both the transactions; for working TLS 1.0 and non-working TLS 1.2.

Fix (DE350675) was created for SmActiveExpr.jar (on the PS side) for TLS 1.2 communication between PS and Wildfly 8.x based web service.
Additional Information:
For further details on how web service variables work, please refer to this document link:
https://docops.ca.com/ca-single-sign-on/12-6-01/en/configuring/policy-server-configuration/variables/web-service-variables