SMP 3 – Configuring Strong Encryption for JVM Security
SMP 3 is a Java application running inside Virgo. To not have to worry about Java versions and installation, the installer even installs SAP JVM together with the server. So you have a SMP 3 installation and a Java installation at hand. This means that you get automatically Java security features … and some legacy problems that come from the dark ages of Internet. One is that you have to enable Strong encryption for SMP3’s Java. This is needed at least when you are going to use SAML2 with ADFS as authentication provider. SAML 2 allows the IdP to encrypt the SAML response to make sure only the SP can decrypt it. The encryption algorithm used there is using Strong encryption methods. These are not available by default to Java. They need to be activated manually.
The procedure for how to do this can be found at SAP Help. To enable Strong encryption, a policy file must be downloaded from Oracle and placed into a Java folder.
Download policy file.
Click on accept to enable the download link.
Click on the link: UnlimitedJCEPolicyJDK7.zip. This will download a ZIP file. The content of the ZIP file are 2 JAR files. These 2 files must be copied to the SMP 3 Java JVM.
- Stop SMP 3 server.
Copy the 2 JAR files to:
Folder: <SMP3 installation dir>/sapjvm_7/jre/lib/security
The installation path is outlined in the Readme that is part of the downloaded policy file:
3) Install the unlimited strength policy JAR files.
In case you later decide to revert to the original “strong” but
limited policy versions, first make a copy of the original JCE
policy files (US_export_policy.jar and local_policy.jar). Then
replace the strong policy files with the unlimited strength
versions extracted in the previous step.
The standard place for JCE jurisdiction policy JAR files is:
Restart SMP 3
After installing the pocliy file, Java JVM has strong encryption enabled.
If you want to test if it worked: there is a code snippet available on SO.
Just run it as a Java program.
- Compile: /sap/MobilePlatform3/sapjvm_7/bin/javac TestUCE.java
- Run: /sap/MobilePlatform3/sapjvm_7/bin/java TestUCE