FIM 3.1.2 - CryptoJ jar causing signature verification errors with md2 signature algorithm
Originally Published: 2008-05-22
Article Number
Applies To
IBM WebSphere 6.0.2
Crypto J jar version 3.5.2 - jsafeJCEFIPS.jar in security.providers
Certificate caontains an md2RSA hash
Issue
signature verification error in system log
2008-05-05 20:52:06,042, (SSOHelper.java:608), uhaps004, , , , SSO top-level profile exception: , com.rsa.fim.exception.ProfileException: The response signature cannot be verified: The message is signed, but the signature cannot be verified
Cause
Resolution
Apply one of the following three solutions:
- Move the jsafeJCEFIPS.jar to the bottom of the security providers list or at least below the IBM versions of Jsafe com.ibm.crypto.provider.IBMJCE or com.ibm.crypto.fips.provider.IBMJCEFIPS.
- Replace the certs with signature algorithms other than MD2, such as SHA1
- Obtain hotfix FIM 3.1.2.5 which uses version 4.0 of the jsafeJCEFIPS. jar and add "com.rsa.cryptoj.jce.fips140initialmode=NON_FIPS140_MODE" to the bottom of the java.security file. This will turn off forced FIPS compliance ( added since CRYPTOJ 3.6 version) which would not of allowed md2 certs to be used.
Related Articles
How to resolve RSA ACE/Agent certificate issues in ACE NAP Number of Views How to resolve an ORA-30036 UNDO Tablespace error in RSA Identity Governance & Lifecycle Number of Views Resolving collector mapping and unification issues in RSA Via Lifecycle and Governance Number of Views RSA Authentication Manager 8.7 SP1 Patch 1 Readme Number of Views RSA Authentication Manager 8.7 SP1 Patch 1 Web Tier Readme Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
