Integration between CA Access Gateway(SPS) and CA Vapp is Failing with Noodle_GenericException Error

Document ID : KB000117246
Last Modified Date : 10/10/2018
Show Technical Document Details
Issue:
We have configured CA Access Gateway(SPS) R12.52 at frontend and CA Virtual Appliance(Vapp) R14.2 where IAM is running at the backend. 

We have created the proxy rules to forward/redirect the request from CA Access Gateway(SPS) to CA Virtual Appliance(Vapp).

When we try to access the backend resource via the proxy server, we get the below error message:
 
Request URI : /iam/im/identityenv/ 
Error Type : SPS Exception 
Error Code : Noodle_GenericException 
Message : Indicates error at noodle stage. More detailed in SPS logs. 

After enabling SSL logging as described below, the below errors were reported in the Access Gateway server.log:

https://communities.ca.com/community/ca-security/ca-single-sign-on/blog/2017/03/07/howto-enable-tracing-in-agent-gateway-fka-secure-proxy-server

server.log 
========== 
***Created and initialized encryption cipher 
CipherAlg: AES/CBC/NoPadding 
CipherKey: 5006874403d853329c10d63f1bef395ba33ad9af6a82f562b13f2e30b60bdc0a 
***Created and initialized Mac 
MacAlg: HmacSHA1 
MacKey: 6916bfaea29beac9cd866a13f8c9e6dd0264eed4 
Mac length used: 20 
***SEND Alert Fatal, Internal Error 
***ENCRYPT: Plaintext (2): [ 
0000: 02 50 [.P ] 

***ENCRYPT: Ciphertext (2): [ 
0000: 02 50 [.P ] 


How can we resolve this issue?
Environment:
CA Access Gateway(SPS) R12.52 Build 142 on Windows 2008 R2 
Resolution:
Applying JCE patches resolved the issue. 

JCE patches required -- The current Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction patches are required to use the Java cryptographic algorithms. To locate the JCE package for your operating platform, see the Oracle website. 
Apply the patches to the following files on your system: 
local_policy.jar 
US_export_policy.jar 
These files are in the following directories: 
Windows:jre_home\lib\security 
UNIX:jre_home/lib/security 

jre_home specifies the location of the Java Runtime Environment installation. 

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/installing/install-ca-siteminder-sps