This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SecurID® Governance & Lifecycle Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.

"JCE cannot authenticate the provider JsafeJCE" when starting SecurID Governance & Lifecycle

Article Number

000067915

Applies To

  • RSA Identity Governance & Lifecycle 7.2.1 P12
  • RSA Identity Governance & Lifecycle 7.5.0 P07
  • SecurID Governance & Lifecycle 7.5.2 P03

Issue

For Wildfly deployments:  After patching RSA Identity Governance & Lifecycle 7.2.1 to P12 (or later) or 7.5.0 to P07 (or later), the server fails to start.  The following errors are logged to aveksaServer.log file:

java.security.NoSuchProviderException: JCE cannot authenticate the provider JsafeJCE
at javax.crypto.b.a(Unknown Source)
at javax.crypto.SecretKeyFactory.getInstance(Unknown Source)
at com.aveksa.common.crypto.CryptoJBasedStringEncryptor.buildKey(CryptoJBasedStringEncryptor.java:404)


For IBM WebSphere deployments:  After patching RSA Identity Governance & Lifecycle 7.2.1 to P12 (or later) or 7.5.0 to P07 (or later), or upgrading to SecurID Governance & Lifecycle 7.5.2 P03, the server fails to start. The following ERROR level log message are logged to the systemout.log file:

06/16/2022 09:38:01.767 ERROR (server.startup : 1) [com.aveksa.migration.jdbctool.CheckDatabase] Error reading Aveksa_System.cfg
java.lang.IllegalStateException: An issue with handling encryption was encountered

16/2022 09:39:03.764 ERROR (server.startup : 1) [com.aveksa.server.runtime.AveksaSystem] Unable to check Database.
java.lang.NullPointerException

 

Cause

This issue occurs when patching to the following versions, with JAVA version remaining at a version older than 1.8.0_u281.  The version/patch listed below contain an update to the BSAFE libraries which is not compatible with JAVA versions older than 1.8.0_u281.
  • RSA Identity Governance & Lifecycle 7.2.1 P12
  • RSA Identity Governance & Lifecycle 7.5.0 P07
  • SecurID Governance & Lifecycle 7.5.2 P03

Resolution

For Wildfly deployments, ensure you have applied the latest JAVA update upgradeJDK8u312b07.tar (or later) available with the above mentioned versions/patches.

For WebLogic deployments, ensure you update your JAVA to the latest version.

For IBM WebSphere deployments, IBM WebSphere must be updated to the the most recent version in order to support the current RSA Governance & Lifecycle patches.  The following are the minimum requirements:

  • IBM WebSphere 9.0.5.7 and later running IBM JDK 1.8
  • IBM WebSphere 8.5.5.15 and later running IBM JDK 1.8
  • IBM WebSphere 8.5.5.14 and later running IBM JDK 1.7


See additional information in the following knowledgebase article for a similar failure when attempting to run an older RSA Governance & Lifecycle version with a later IBM fixpack:
KB 000044471 - “An issue with handling encryption was encountered" with IBM JDK 1.8.0_281 and later in RSA Identity Governance & Lifecycle

Notes

Note for IBM Websphere there are no transitional versions of either the RSA or the IBM software.  You must upgrade IBM WebSphere in conjunction with patching or upgrading the RSA product due to the dependency on the Java version.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2022-08-31 04:28 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.