search cancel

Clarity - SOAP Error - the trustAnchors parameter must be non-empty

book

Article ID: 113174

calendar_today

Updated On:

Products

Clarity PPM SaaS Clarity PPM On Premise

Issue/Introduction

Facing a SOAP error whenever we XOG via a gel script in Clarity. This problem may also be intermittent. The error is:

Failed to send a SOAP message generated to 'https://company.org/niku/xog'.java.lang.RuntimeException: 
Unexpected error: java.security.InvalidAlgorithmParameterException:
the trustAnchors parameter must be non-empty at com.niku.union.gel.tags.soap.InvokeTag.doTag(InvokeTag.java:76)

Error in the Clarity bg-ca.log is:

WARN 2018-09-11 02:36:04,907 [Custom script execution pool-7-thread-1] utils.Utils (clarity:admin:57841200__1BBD-A3DA-48CF-9181-61295C8C3D8C:none) ----> The exception trace is too big to be attached to the process error message. 
Only a truncated exception trace will be attaced to the process error message. Here is the complete exception trace: org.apache.commons.jelly.JellyTagException: null:56:57:
<soap:invoke> Failed to send a SOAP message generated to 'https://somesystem.somecompany.org/niku/xog'.java.lang.RuntimeException: 
Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty 

Environment

Any Clarity environment using SSL and SOAP/XOG via a gel script.

Resolution

Clarity cannot find needed information from the Java TrustStore (usually the CACerts file for Java)

1. Make sure that the jre folder being pointed to is in the same Java install specified in the CSA/Properties.xml file and that the trustStorePassword is the correct one for your cacerts file.

2. To test the file and location directly in JVM for troubleshooting purposes, add the following jvm parameters to both the app and bg services.

  • Update the JVM parameters to add the following on app and bg in properties.xml
-Djavax.net.ssl.trustStore=/apps/niku/jdk1.8.0_40/jre/lib/security/cacerts 
-Djavax.net.ssl.trustStorePassword=changeit 
-Djavax.net.ssl.trustAnchors=/apps/niku/jdk1.8.0_40/jre/lib/security/cacerts 
  • The path in this command should be appropriate to the OS used on the system.

EXAMPLES:

for Linux/Unix:  /apps/niku/jdk1.8.0_40/jre/lib/security/cacerts
for Windows: C:\\niku\jdk1.8.0_40\jre\lib\security\cacerts

  • Restart the services and retry

3. If the test doesn't work, then use KB XOG with HTTPS fails with error: "PKIX path building failed, unable to find valid certification path to requested target." to recreate the certificate correctly

4. If the test works, then java folder and location isn't being correctly set up and needs correction. We recommend setting this up correctly and removing the JVM parameters and restarting once done