Release NotesFederation Security Services Release NotesDefects Fixed in the Policy Server 6.0 SP6 Option PackFixes in the Policy Server 6.0 SP6 Option Pack › DSA Keys Not Supported on Solaris 10 (97620/98080)

Previous Topic: Fixes in the Policy Server 6.0 SP6 Option Pack

Next Topic: No Mechanism to Override SAML 1.0/1.1 TARGET Query Parameter (99811)
DSA Keys Not Supported on Solaris 10 (97620/98080)

Symptom:

DSA keys created by the JDK 1.1 javakey tool, and stored in the JDK 1.1 IdentityDatabase use a deprecated OID (1.3.14.3.2.12). These keys will not be granted full privileges on Solaris 10 if the default security provider configuration is in place.

A workaround is to list the Sun provider (sun.security.provider.Sun) ahead of the PKCS11 provider (sun.security.pkcs11.SunPKCS11) in the java.security security properties located in the lib/security directory of the JDK installation.

Solution:

This issue has been documented in a new topic that has been added to the Policy Server Installation section of the Policy Server and Web Agent Option Pack Guide for 6.0 SP 6.

STAR Issue: 18653642-1