可能原因:
缺少smjavaagentapi.jar文件或者libsjavaagentapi.so缺少相关的依赖包。
解决方法:
1. 检查sso的lib下面是否有smjavaagentapi.jar
2.使用ldd命令检查sso的bin下面的ligsmjavaagentapi.so是否缺少依赖包,如果缺少,添加到/usr/lib目录下。
补充知识1:
Implementation differences between smjavaagentapi and smagentapi
http://www.siteminderconsulting.com/smjavaagentapi-vs-smagentapi/
Another interesting piece of information for those who work closely with SM SDK for Agent APIs. Siteminder SDK provides an array of agent APIs which one can leverage to write a custom agent from scratch ( we will talk about siteminder custom agents in detail in coming articles , contact me if you need more information on this ). Lot many enterprises use these agent APIs to write there custom solutions around agent area.
Applications can use these agent APIs in 2 ways .. they can use either the pure java agent APIs or JNI java agent APIs. smagentapi.jar is the library which is used for pure java implementation while smjavaagentapi.jar is used in case of JNI java agent api implementation. Applications have the liberty to use either of them based on there architecture. From SM SDK perspective both libraries have same functionality but built with different technologies. So there is a difference the way applications can use them in there environments.
smagentapi.jar does not need any shared objects or dll to do its functionality , it is a pure java api and can be used standalone. smjavaagentapi needs the underlying shared object or dll to run , it calls the native functions contained in shared objects/DLLs to achieve its tasks. In case you dont have the shared objects/dll in your environment or the path is not set properly then it is very much common to get following “unsatisfied link” errors while loading these libraries.
Sample error.
“EXCEPTION OCCURED WHILE INITIALIZING SESSION MANAGER – SESSION MANAGER FAILED TO INITIALIZE
: java.lang.UnsatisfiedLinkError: netegrity/siteminder/javaagent/AgentAPI.javaagent_api_getConfig ”
So if you are using JNI Java agent api , dont forget to take care of native shared object/dll( libsmjavaagentapi.so/dll)
补充知识2:
http://tony007.com/netegrity.htm
Netegrity Siteminder (now Computer Associates) provides the foundation for policy-based authentication and authorization across the Enterprise. The 2 major components in Siteminder are the Policy Server and the Remote Agents. The agents intercept the request for an electronic resource and enforce the access policy located in the Policy Server, basically, the agents are like security guards that verify the persons identity and open the secure door.
Netegrity provides agents for many web and application servers, however,
currently (as far as I know) there is no agent available for tomcat or
jboss/jetty.
I developed a custom agent using the Siteminder sdk that supports most
Servlet 2.3 compliant containers including tomcat and jboss (with embedded
tomcat or jetty). This is a basic agent that is meant to be used in a
development environment. It allows a developer using standalone jboss/tomcat
to test authentication/authorization against the Netegrity policy server.
I'm making this available to the Netegrity Siteminder
community in the traditional open source agreement, which basically means
- use it at your own risk. Having said that, you may
contact me with any questions/problems related to this agent and I will
be glad to answer your questions and provide bug fixes (in my spare time).
After you read the application strategy and installation instructions
below, you may request the runtime (.jar) file and/or source code by
contacting me.
Application
Strategy
This siteminder agent only
supports basic authentication and at this time does not use policy server
administration functions, this means it does not handle user timeouts
or cache flushing. It will however, cache unprotected resources to avoid
policy server call overhead and handle SSO tokens (SMSESSION) to provide
session re-establishment.
The most common options to intercept a request
in tomcat are valves and servlet filters. I decided to implement my siteminder
agent as a Servlet filter because it's a portable, 100% Sun specifications
compliant solution.
Installation
Step 1 - Confirm that the Netegrity
Siteminder client support is installed, this may be available if you 1)
installed one of the Netegrity agents or 2) installed the Siteminder SDK.
Basically, the 2 files you need are the smjavaagentapi.jar which is a
java wrapper (JNI) to the actual C api implementation shared library (in
windows is called smjavaagentapi.dll). The DLL file must be located somewhere
in the system path and must be of the same version as the JAR file.
Step 2 - Create a configuration file as shown
below and call it smfilter.cfg (adjust it for you application)
PS_IP = 127.0.0.1 PS_CONMIN = 1 PS_CONMAX = 3 PS_CONSTEP = 1 PS_TIMEOUT = 75 PS_AUPORT = 44442 PS_AZPORT = 44443 PS_ACPORT = 44441 AGENT_NAME = mylaptop AGENT_IP = 127.0.0.1 |
- The AGENT_NAME parameter must contain the name
of an agent defined in the policy server, it must support 4.x clients.
- The PS_IP parameter above should point to your policy server
- Execute the following command to update the configuration file with
an encrypted shared secret word - note the parameter '-c' specifies the
location of the configuration file.
#java -classpath smfilter.jar com.tony007.FilterUtil
-c c:\config\smfilter.cfg
This will add the following line to the configuration
file (containing your shared secret encrypted)
AGENT_SECRET_ENC = bWFzdGVy
Step 3 - Update your server web.xml definition
to include this filter.
In tomcat
this file located in the /conf directory (ie., C:\jakarta-tomcat-4.1.30\conf).
In jboss with tomcat
it is located in the jbossweb-tomcat directory (i.e., C:\jboss-3.2.3\server\default\deploy\jbossweb-tomcat41.sar)
In jboss with jetty
(Identity Minder default) it's called webdefault.xml and located in the
jbossweb.sar directory (i.e., D:\IdentityMinder\jboss-3.0.6\server\default\deploy\jbossweb.sar\webdefault.xml).
Insert the lines below immediately after the <web-app>
tag
<!-- start - Netegrity Agent Filter --> |
NOTE: You must change the config parameter above
to reflect the location of your smfilter.cfg file.
Step 4 - Restart your web container.
Test this agent by creating a test policy for this agent