Support Content Notification - Support Portal

Product/Component

SITEMINDER -POLICY SERVER

Notification Id

342

Last Updated

Initial Publication Date

August 8, 2019

This notice is being sent to alert you that Broadcom/CA software products will be migrating to support open-source implementations of Java.

For Layer7 products, primary support will shift from Oracle Java to AdoptOpenJDK, a popular free version of Java that derives its source from OpenJDK.

What is AdoptOpenJDK?

"AdoptOpenJDK uses infrastructure, build and test scripts to produce prebuilt binaries from OpenJDK™ class libraries and a choice of either the OpenJDK HotSpot or Eclipse OpenJ9 VM.

All AdoptOpenJDK binaries and scripts are open source licensed and available for free." (source: https://adoptopenjdk.net/)

This document will discuss details of the change as they pertain to the Layer7 SiteMinder product, and provide users with information that will help ensure that their product deployment(s) can continue to be supported by Broadcom/CA in the future.

The summary level progression of our shift to use of AdoptOpenJDK

The only component of Layer7 SiteMinder that embeds Java libraries is the Administrative application (Admin GUI). With the imminent Layer7 SiteMinder 12.8.03 (Service Pack 3) release the embedded Java libraries in the Administrative application will be AdoptOpenJDK libraries.
All testing of the components being released as part of the 12.8.03 service pack have been executed with AdoptOpenJDK 1.8 update 212.
We currently plan that any and all future testing of all SiteMinder components, with a dependency on Java, no matter what version they are, will be executed with AdoptOpenJDK
We currently plan that any and all future code releases (fixes, services packs, dot releases, version releases) that have a dependency on Java libraries will be executed with AdoptOpenJDK
The Oracle Java fixes that were historically available to customers on the SiteMinder patch site are no longer going to be available after August 18^th.

FAQ

Q1: I am running a release of SiteMinder that is prior to version 12.8.03 and it uses Oracle Java Libraries in the Admin UI, do I need to change those libraries?

A1: No, you can continue to run that version of SiteMinder Admin UI as is. However, future releases, will embed AdoptOpenJDK libraries in place of Oracle Java libraries.

Q2: I have several SiteMinder components using Oracle Java that I have supplied on the system where the SiteMinder component is running. Do I need to change those to AdoptOpenJDK?

A2: It is not essential that you do that immediately, but you will want to plan to do that in the future. Here are some scenarios to help you understand how we will roll out the support of AdoptOpenJDK:

Future Scenario 1: A release of a SiteMinder 12.7 or 12.6 Service Pack. If there is a future service pack, the two key changes would be that the Administrative UI within those service packs would embed AdoptOpenJDK libraries and all components will be tested on systems that have AdoptOpenJDK deployed on them.
Future Scenario 2: A vulnerability is reported in Java that can be exploited in SiteMinder by a hacker. Broadcom will test and support fixes to this vulnerability via builds supplied from AdoptOpenJDK.
Future Scenario 3: A release from Broadcom of any form (patch, CR, Service Pack, dot release, version release) occurs on or after August 18, 2019 AND that release has a Java pre-requisite. That release will be tested on systems that have been deployed with AdoptOpenJDK.

In each case, it will be necessary to transition to AdoptOpenJDK in order to continue receiving appropriate support.

Q3: Where do I need to plan to use AdoptOpenJDK immediately?

A3: If you plan to install SiteMinder 12.8.03 components (specifically and only the components with the 12.8.03 version number), then you will need to deploy AdoptOpenJDK to those systems that will host the SiteMinder 12.8.03 components and require use of Java.

Q4: I have several different SiteMinder Agents or end point components (e.g. Web Agent Option Pack) that run on systems that have Oracle Java deployed because the endpoint is dependent on Java. What do I have to do?

A4: There is no need to make any immediate change, but please see the above mentioned “Future Scenarios” for guidance on when use of AdoptOpenJDK may be necessary to continue receiving appropriate support.

Q5: I used to be able to download the Oracle Java patches from the SiteMinder patch web site. Will those patches still be available?

A5: No. After August 18, 2019, those patches will no longer be available.

Q6: My organization has a license to Oracle Java that we have purchased directly from Oracle. Will I be able to continue to use Oracle Java with SiteMinder?

A6: Oracle Java is a derivative of OpenJDK. It is highly likely that Oracle Java releases will not impact the functioning of SiteMinder components. For SiteMinder, we will offer support for use of Oracle Java under our “Reasonable Commercial Effort Statement” in our published platform support matrices. However, from August 18^th onward our testing environment will be based on AdoptOpenJDK and we highly recommend you plan to use AdoptOpenJDK as outlined in A2 (above).