xFlow Insights app integration with CABI Jasper over SSL

Products

SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service CA Service Desk Manager CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

Attempt to login as an Analyst to xFlow/Inisghts over SSL for the first time attempts to create the user in casm_insights organization in CABI Jasper, but does not complete the operation fully because of an SSL exception which leaves that user creation incomplete and useless for later usage.

An error "Server Unavailable" shows up on the UI.

With DEBUG enabled, InsightMS.log shows entries like this:

DEBUG - 2019-04-22 11:39:24 [util.UserProfileCreator] - Jasper Url for user search: https://<Server_Name>:8443/jasperserver-pro/rest_v2/organizations/casm_insights/users/<user_name>
,,
INFO - 2019-04-22 11:39:24 [util.UserProfileCreator] - User does not exist, so creating user: [<user_name>]
DEBUG - 2019-04-22 11:39:24 [util.UserProfileCreator] - Jasper Url for user creation: [https:/<Server_Name>:8443/jasperserver-pro/rest_v2/organizations/casm_insights/users/<user_name>]
..
INFO - 2019-04-22 11:39:24 [util.UserProfileCreator] - Populating profile attributes for the user: [<user_name>]
DEBUG - 2019-04-22 11:39:24 [util.UserProfileCreator] - Jasper Url for populating attributes: [https://<Server_Name>:8443/jasperserver-pro/rest_v2/organizations/casm_insights/users/<user_name>/attributes]
..
INFO - 2019-04-22 11:39:24 [util.UserProfileCreator] - Response status [200], cookie [], content type [application/json]
INFO - 2019-04-22 11:39:24 [util.UserProfileCreator] - Checking if the user folder exists or not
..
DEBUG - 2019-04-22 11:39:24 [util.UserProfileCreator] - Jasper url for searching for a folder: https:/<Server_Name>:8443/jasperserver-pro/rest_v2/resources?folderUri=/organizations/casm_insights/users/<user_name>&q
..
..
INFO - 2019-04-22 11:39:24 [util.UserProfileCreator] - Response status [404], cookie [], content type [application/errorDescriptor+json]
..
INFO - 2019-04-22 11:39:24 [util.UserProfileCreator] - Folder does not exists. Creating folder for user: [<user_name>]
DEBUG - 2019-04-22 11:39:24 [util.UserProfileCreator] - Jasper Url for folder creation: https://<Server_Name>:8443/jasperserver-pro/rest_v2/resources/users/<user_name>
DEBUG - 2019-04-22 11:39:24 [util.UserProfileCreator] - Jasper SessionId: [5373DD10DBA8D2DF9A5B843446ADDB65]
..
DEBUG - 2019-04-22 11:39:24 [util.UserProfileCreator] - Request body: [{"uri":"/users/ <user_name> ", "label":" <user_name> "}]
..

ERROR - 2019-04-22 11:39:24 [util.UserProfileCreator] - IOException
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)

Environment

Release: Service Management 17.x
Component: XFLOW

Resolution

CABI Jasper certificate and its certificate chain needs to be imported to Java's native keystore present in : <>\Program Files\CA\SC\JRE\1.8.0_74\lib\security\cacerts keystore (for 17.2 its JRE\11.0.1\lib\security\cacerts)

Note: It HAS to be the JRE in the above folders and NOT the <xFlow_Install>\jre\lib\security\cacerts

1) Backup original cacerts file
2) Import CABI Jasper server certificate including the certificate chain using keytool
Note: default Password for the cacerts keystore is: changeit
3) Restart xFlow

Additional Information

If the Java present in <>\Program Files\CA\SC\JRE\ is upgraded, this import needs to be performed again.