000014791 - FIM managed server fails to start after applying HF_06

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014791
Applies ToRSA Federated Identity Management Module (FIM) 4.0
WebLogic 10
IssueFIM managed server fails to start after applying HF_06
FIM managed server aborts the start-up during the loading of the FIM plugins

WebLogic console shows a plugin attempting to load, then unloading after failing to load the JsafeJCE

2008-11-04 13:13:27,421, (PluginClassLoader.java:37),FIM.server.com, , , , Attempting to load plugin class: com.rsa.jsafe.provider.JsafeJCE
2008-11-04 13:13:27,429, (PluginClassLoader.java:37),FIM.server.com, , , , Attempting to load plugin class: java.io.PrintStream
2008-11-04 13:13:27,433, (PluginClassLoader.java:50), FIM.server.com, , , ,  Parent Loader loaded plugin class: java.io.PrintStream
2008-11-04 13:13:27,449, (PluginFactory.java:312), FIM.server.com, , , , Unloading plugin classloader for directory: 126[OID]com.rsa.fim.config.PluginConfig

CauseThis problem occurs because the jsafeJCEFIPS.jar file cannot be located.  FIM 4.0 versions after HF_06 (and FIM 3.12 versions after contain a new version of the jsafeJCEFIPS.jar file.  Prior to HF_06 the jsafeJCEFIPS.jar file needs to be deployed only if the customer requires FIPS compliance.  After HF_06 this file must be deployed regardless of the FIPS compliance requirements.   The setting in the java.security file will determine if FIPS or non FIPS mode is used.
ResolutionEnsure that the updated jsafeJCEFIPS.jar file included in HF_06 is copied to all nodes in a clustered environment  and all tiers in a tiered deployment as per the hotfix readme.   
NotesNote that the default behavior of RSA FIM after applying the HF_06 hotfix is for the product to enforce FIPS compliance.  This is the more secure setting and is the recommended mode for running RSA FIM.  If you are using certificates that are not FIPS compliant however this may cause those certificates to be rejected.  If you wish to run FIM in the non FIPS mode you must explicitly set the FIM mode in the java.security file to non FIPS mode as per the instructions in the hotfix readme.txt file.
Legacy Article IDa42895