Environment
NetIQ Identity Manager Roles Based Provisioning Module 4.0.2
Situation
When going to reporting module from User application by clicking "Access Reporting Module" red error shows up:
REST Error UnparsableJSONResponse, 500
In server.log you will find the following error:
2014-02-23 09:41:04,752 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/easrestapi].[jerseyServlet]] (http-0.0.0.0-8543-6) Servlet.service() for servlet jerseyServlet threw exception
java.lang.IllegalStateException
at com.novell.sentinel.eas.security.idm4.UserInfo.isExpired(UserInfo.java:195)
at com.novell.sentinel.eas.security.idm4.IDMAuthenticationFilter.checkPermission(IDMAuthenticationFilter.java:93)
at com.novell.sentinel.eas.security.idm4.IDMAuthenticationFilter.doFilter(IDMAuthenticationFilter.java:45)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:722)
REST Error UnparsableJSONResponse, 500
In server.log you will find the following error:
2014-02-23 09:41:04,752 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/easrestapi].[jerseyServlet]] (http-0.0.0.0-8543-6) Servlet.service() for servlet jerseyServlet threw exception
java.lang.IllegalStateException
at com.novell.sentinel.eas.security.idm4.UserInfo.isExpired(UserInfo.java:195)
at com.novell.sentinel.eas.security.idm4.IDMAuthenticationFilter.checkPermission(IDMAuthenticationFilter.java:93)
at com.novell.sentinel.eas.security.idm4.IDMAuthenticationFilter.doFilter(IDMAuthenticationFilter.java:45)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:722)
Resolution
This error is caused by broken communication between Reporting module and User application. There are several root causes for this error:
1. Accessing User application and Reporting module over https:
1. Accessing User application and Reporting module over https:
- import ssl certificate used for User application https communication into java keystore used for Reporting module's Jboss2. Accessing User application and Reporting module over http or https:
- example:- in Jboss/server/IDMProv/deploy/jbossweb.sar/server.xml you have configured https port with the following keystore jboss/server/IDMProv/conf/userapp.keystore
- your User Application/Reporting module Jboss runs with /opt/novell/jdk1.7.0_21/jre
- export User application SSL certificate and import it into the keystore used with User application/Reporting module Jboss - /opt/novell/jdk1.7.0.21/jre/lib/security/cacerts
- after applying patch C for User application/Reporting module 4.0.2, verify that your Jboss binds to 0.0.0.0 in start-jboss.sh script
- example:- start-jboss.sh:exec /opt/novell/idm/rbpm/jboss/bin/run.sh -Djboss.service.binding.set=ports-01 -c IDMProv -b 0.0.0.0