Issue:
Gateway is able to validate SSO tokens only on one node of a cluster.
The ssg_0_0.log contains:
'Unable to decode the token - invalid SSO token!'
Environment:
Gateway Integrated with Siteminder to validate SSO tokens
Cause:
If you are using FIPS, cluster machines need a configuration change to specify that FIPS is being used
Resolution:
1) Add the following line before the line “CAPKIHOME=${CAROOT}/CAPKI” in the /opt/SecureSpan/Gateway/runtime/etc/profile.d/siteminder-env.sh file
CA_SM_PS_FIPS140=ONLY
2) Modify the following line in the file to export CA_SM_PS_FIPS140 environment variable
export CAROOT LD_LIBRARY_PATH CAPKIHOME CA_SM_PS_FIPS140
3) Restart the Gateway process: service ssg restart