SQL Server Integration: Issue during SSO startup in SSO 9.x and above
- Shraddha Shejawal
Problem
When SSO is upgraded to SSO 9.x (which uses Java 11) and the JDBC driver is subsequently upgraded to the latest version available (12.6 at the time this document was created) by following the instructions provided here: Configuring the connection for SQL integration - SSO, the SSO application does not start.
It gives the following error in the logs:
2024-05-23 13:36:29,121 uas init DEBUG password.sql.test.1: ubilogin.method.provider.spi.DirectoryPasswordMethod: starting
2024-05-23 13:36:29,143 uas init WARN password.sql.test.1: ubilogin.method.provider.spi.DirectoryPasswordMethod: error control.ServiceUnavailableException: UbiloginServerMethod.getDirectorySPI
Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory ("encrypt" property is set to "true" and "trustServerCertificate" property is set to "false" but the driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption: Error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. ClientConnectionId:17c53b60-b79b-4790-aec1-71271f149222)
Root Cause
By default “encrypt” property is Set to "true” in JDBC driver version 10.2 and later.
It specifies that the SQL Server uses TLS encryption for all the data sent between the client and the server if the server has a certificate installed.
Ubisecure SSO does not have any configurable parameter to set this property value as required. Somehow SSO supports only value “false” and there is no way to configure this setting.
The default value for encrypt is "false" in 9.4 and earlier versions.
Solution
Use JDBC driver version 9.4 with SSO 9.x and above version
Highlight important information in a panel like this one. To edit this panel's color or style, select one of the options in the menu.