xFlow Insights app integration with CABI Jasper over SSL

book

Article ID: 131331

calendar_today

Updated On:

Products

SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service KNOWLEDGE TOOLS CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

Attempt to login as an Analyst to xFlow/Inisghts over SSL for the first time attempts to create the user in casm_insights organization in CABI Jasper, but does not complete the operation fully because of an SSL exception which leaves that user creation incomplete and useless for later usage. 


An error "Server Unavailable" shows up on the UI.

User-added image

With DEBUG enabled, InsightMS.log shows entries like this:

DEBUG - 2019-04-22 11:39:24 [util.UserProfileCreator] - Jasper Url for user search: https://XXXX:8443/jasperserver-pro/rest_v2/organizations/casm_insights/users/testinguser 
,, 
INFO - 2019-04-22 11:39:24 [util.UserProfileCreator] - User does not exist, so creating user: [testinguser] 
DEBUG - 2019-04-22 11:39:24 [util.UserProfileCreator] - Jasper Url for user creation: [https:/XXXX:8443/jasperserver-pro/rest_v2/organizations/casm_insights/users/testinguser] 
.. 
INFO - 2019-04-22 11:39:24 [util.UserProfileCreator] - Populating profile attributes for the user: [testinguser] 
DEBUG - 2019-04-22 11:39:24 [util.UserProfileCreator] - Jasper Url for populating attributes: [https://XXXX:8443/jasperserver-pro/rest_v2/organizations/casm_insights/users/testinguser/attributes] 
.. 
INFO - 2019-04-22 11:39:24 [util.UserProfileCreator] - Response status [200], cookie [], content type [application/json] 
INFO - 2019-04-22 11:39:24 [util.UserProfileCreator] - Checking if the user folder exists or not 
.. 
DEBUG - 2019-04-22 11:39:24 [util.UserProfileCreator] - Jasper url for searching for a folder: https:/XXXX:8443/jasperserver-pro/rest_v2/resources?folderUri=/organizations/casm_insights/users/testinguser&q 
.. 
.. 
INFO - 2019-04-22 11:39:24 [util.UserProfileCreator] - Response status [404], cookie [], content type [application/errorDescriptor+json] 
..
INFO - 2019-04-22 11:39:24 [util.UserProfileCreator] - Folder does not exists. Creating folder for user: [testinguser] 
DEBUG - 2019-04-22 11:39:24 [util.UserProfileCreator] - Jasper Url for folder creation: https://XXXX:8443/jasperserver-pro/rest_v2/resources/users/testinguser 
DEBUG - 2019-04-22 11:39:24 [util.UserProfileCreator] - Jasper SessionId: [5373DD10DBA8D2DF9A5B843446ADDB65] 
.. 
DEBUG - 2019-04-22 11:39:24 [util.UserProfileCreator] - Request body: [{"uri":"/users/ testinguser ", "label":" testinguser "}] 
.. 

ERROR - 2019-04-22 11:39:24 [util.UserProfileCreator] - IOException 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
at sun.security.ssl.Alerts.getSSLException(Unknown Source) 
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) 
at sun.security.ssl.Handshaker.fatalSE(Unknown Source) 
at sun.security.ssl.Handshaker.fatalSE(Unknown Source) 
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) 



 

Environment

Release:
Component: XFLOW

Resolution

CABI Jasper certificate and its certificate chain  needs to be imported to Java's native keystore present in :  <>\Program Files\CA\SC\JRE\1.8.0_74\lib\security\cacerts keystore  (for 17.2 its JRE\11.0.1\lib\security\cacerts)

Note:  It HAS to be the JRE in the above folders and NOT the <xFlow_Install>\jre\lib\security\cacerts

1) Backup original cacerts file
2) Import CABI Jasper server certificate including the certificate chain using keytool
Note: default Password for the cacerts keystore is: changeit
3) Restart xFlow

 

Additional Information

If the Java present in <>\Program Files\CA\SC\JRE\  is upgraded, this import needs to be performed again.

Attachments