Install Java Cryptography Extension unlimited strength jurisdiction files to remove restrictions on cryptographic strength in JCE. These restrictions can prevent users from successfully logging in to vCloud Director using vSphere Single Sign On.

About this task

Because of import control restrictions of some countries, the version of the JCE policy files that are bundled in the JRE bundled in vCloud Director, allow strong but limited cryptography to be used, which is insufficient to deal with the encryption strength used by the SAML identity provider.

Prerequisites

Verify that you are a system administrator.

Procedure

  1. In the /opt/vmware/vcloud-director/jre/bin/java -version directory, identify the version of Java used by vCloud Director.
  2. Download the policy files for the version of Java being used from the following links.
  3. Use the cell management tool to quiesce the vCloud Director cell.

    See the vCloud Director Installation and Upgrade Guide.

  4. Stop vCloud Director services.

    See the vCloud Director Installation and Upgrade Guide.

  5. Locate the JRE policy files in the $VCLOUD_HOME/jre directory and replace them with the downloaded policy files using the same permissions as the replaced files.
  6. Enable the cell using the cell management tool.

What to do next

Repeat this procedure for all cells in vCloud Director.