Registring Agent for JBoss, I get the error "Unsupported algorithm, MD5, selected for FIPS140 mode: FIPS140"

Document ID : KB000006912
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

I'm trying to register the Agent for JBoss to the Policy Server, and the registration fails giving the following output :

[root@linux-U171282 bin]# ./smreghost.sh -i myps.test.com -u siteminder -p mypassword -hn myagent -hc myagent -cf COMPAT -o
Exception in thread "main" java.lang.ExceptionInInitializerError
 at javax.crypto.JceSecurity.loadPolicies(JceSecurity.java:318)
 at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:263)
 at javax.crypto.JceSecurity.access$000(JceSecurity.java:48)
 at javax.crypto.JceSecurity$1.run(JceSecurity.java:81)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:78)
 at javax.crypto.Cipher.getInstance(Cipher.java:653)
 at com.ca.siteminder.sdk.agentapi.crypto.ap.f(DashoA10*..:1203)
 at com.ca.siteminder.sdk.agentapi.crypto.ar.<init>(DashoA10*..:72)
 at com.ca.siteminder.sdk.agentapi.crypto.ap.a(DashoA10*..:203)
 at com.ca.siteminder.sdk.agentapi.connection.a3.<clinit>(DashoA10*..:86)
 at com.ca.siteminder.sdk.agentapi.w.a(DashoA10*..:128)
 at com.ca.siteminder.sdk.agentapi.SmRegHost.a(DashoA10*..:577)
 at com.ca.siteminder.sdk.agentapi.SmRegHost.register(DashoA10*..:395)
 at com.ca.siteminder.sdk.agentapi.SmRegHost.main(DashoA10*..:323)
Caused by: java.lang.SecurityException: Framework jar verification can not be initialized
 at javax.crypto.JarVerifier.<clinit>(JarVerifier.java:189)
 ... 15 more
Caused by: java.lang.SecurityException: Unsupported algorithm, MD5, selected for FIPS140 mode: FIPS140

How can I solve this problem ?

Environment:
Agent for JBoss 12.52SP1CR06 with JDK 1.8.0_60 64bit;
Cause:

In order to use the MD5 algorithm, you should configure the JDK to disable the FIPS140 encryption.

Resolution:

Edit the /opt/jdk1.8.0_60/jre/lib/security/java.security file to have the following configuration. Be sure the last line with com.rsa.cryptoj is set.

  security.provider.1=com.ibm.crypto.provider.IBMJCE
  security.provider.2=com.rsa.jsafe.provider.JsafeJCE
  security.provider.3=sun.security.provider.Sun
  security.provider.4=sun.security.rsa.SunRsaSign
  security.provider.5=sun.security.ec.SunEC
  security.provider.6=com.sun.net.ssl.internal.ssl.Provider
  security.provider.7=com.sun.crypto.provider.SunJCE
  security.provider.8=sun.security.jgss.SunProvider
  security.provider.9=com.sun.security.sasl.Provider
  security.provider.10=org.jcp.xml.dsig.internal.dom.XMLDSigRI
  security.provider.11=sun.security.smartcardio.SunPCSC
  com.rsa.cryptoj.fips140initialmode=NON_FIPS140_MODE