NullException thrown when current keys do not match.

Document ID : KB000005854
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

When perfoming create SSOToken and decode SSOToken on Agent API, if the current keys do not match, PaddingException is thrown and does not proceed with last key process. As a result, AgentAPI fails to SSO and an error message below appears in Agent API log .

"AgentAPI decode ssoToken result : RETURN_CODE=[-1]"

Environment:
Agent API - CA SSO 12.0 SP03 or later version.
Cause:

Crypto-J which is Library of RSA in AgentAPI is designed to throw PaddingException if current keys do not match.

This issue may  occur under the condition where..

-Using FIPs Only mode.

-Using Agent API - CA SSO 12.0 SP03 or later version.

-Agent key rollover is configured

 

Resolution:

This issue occurs due to the design of RSA in AgentAPI. 

It will be changed on AgentAPI side not to throw PaddingException even if current keys do not match.

However, the schedule for the change is not fixed yet.