The base Java JVM and SDK installs from Oracle are limited in strength for the cryptographic functions that they can perform. Oracle also provide a patch the "Java JCE Unlimited Strength Jurisdiction Policy Files" patch which when applied to the base JDK or JVM install allows for unlimited strength cryptographic functions.
Although the patch is a simple zip file there are often problems associated with installing it and installing it in the right location. This article covers how to do the install of the patch, and also some of the mis-install pitfalls that can occur.
all (windows, linux, solaris)
- Have an existing Java JRE or JDK Installation.
First you will need a Java, either the Java Runtime (JVM) or the Java Development KIt (JDK) installation.
Many of the Siteminder (SSO) components require a specific 32bit rather than a 64bit version of the JDK/JRE so it is worth verifying you have the correct one installed.
- Download the "JCE Unlimited Strength Jurisdiction Policy Files"
The "JCE Unlimited Strength Jurisdiction Policy Files" are available as a .zip file from :
Only the version is applicable (ie., the one jce_policy-8.zip applies to both the 32bit and 64bit editions of java 8 ) .
The version of the Jurisdiction file depends on the version of Java you have installed, as per:
- Java 8 : jce_policy-8.zip
- Java 7 : UnlimitedJCEPolicyJDK7.zip
- Java 6 : jce-policy-6.zip