DevTest 10.5 Enterprise is not able to connect to IAM after configuring SSL

book

Article ID: 144927

calendar_today

Updated On:

Products

CLOUDTEST CA Application Test CA Cloud Test Mobile MOBILECLOUD Service Virtualization

Issue/Introduction

 Getting below error in our enterprise logs:

"Unable to connect to Identity and Access manager. Please check with your administrator."


ERROR com.ca.ad.sv.iam.IAMClient - Error while getting authorizations

org.keycloak.authorization.client.AuthorizationDeniedException: Failed to obtain entitlements. Server message: {"error":"not_authorized"}

 at org.keycloak.authorization.client.util.Throwables.handleAndWrapHttpResponseException(Throwables.java:52)

 at org.keycloak.authorization.client.util.Throwables.handleAndWrapException(Throwables.java:36)

 at org.keycloak.authorization.client.resource.EntitlementResource.get(EntitlementResource.java:40)

 at com.ca.ad.sv.iam.IAMClient.getAuthorizations(IAMClient.java:244)

 at com.ca.ad.sv.iam.IAMClient.getAuthorizations(IAMClient.java:178)


java.lang.RuntimeException: Could not obtain configuration from server [https://abc.xyz.net:51111/auth/realms/service_virtualization/.well-known/uma-configuration].

at org.keycloak.authorization.client.AuthzClient.<init>(AuthzClient.java:92)

at org.keycloak.authorization.client.AuthzClient.create(AuthzClient.java:60)

at com.ca.ad.sv.iam.IAMClient.<init>(IAMClient.java:42)

at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)

at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)

at java.lang.reflect.Constructor.newInstance(Constructor.java:423)


Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)

at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)

at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1906)


Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:90)

at sun.security.validator.Validator.getInstance(Validator.java:179)

Environment

Release : 10.5

Component : CA Service Virtualization

Resolution



We have to apply two patches. Open a support case and refer the defect id DE422019.


In order to apply the patch For Enterprise Dashboard, follow the steps below: 

Built for version: 10.5

1. Stop the service "DevTest Enterprise Dashboard" 
2. Move the file dradis-10.5.0.jar in LISA_HOME\lib\dradis to a backup folder outside LISA installed folder 
3. Download the fix from support case ..files_from_broadcom/dradis-10.5.0.jar 
4. Place the file downloaded in previous step at LISA_HOME\lib\dradis 
5. Start the service "DevTest Enterprise Dashboard" 
6. Launch Enterprise Dashboard UI and login 

Please let me know if the patch addresses reported problem. If the problem persists, please carefully check the steps once again and if nothing amiss, please do the following: 

1. Revert the changes done 
2. Attach the following log file to the case: LISA_HOME\\lisatmp_10.5.0\enterprisedashboard.log 


================================================================================================

Please follow the steps below to apply the patch_DE422019_10.5.0_GA.jar patch.

NOTE: The patch must be installed on all machines other than the machine that has ED-only.


1. Stop Registry, Portal and workstation

2. Place the patch name:patch_DE422019_10.5.0_GA.jar in LISA_HOME\lib\patches folder

3. Start the services that were stopped in step 1

4. Verify if you are able to login to Portal and Workstation.


In case if you are still unable to login, check the following:

1. Make sure the patch is applied on all Devtest servers and workstation machines

2. Open the log file acl.log and check for the following log entry "INFO com.ca.devtest.acl.internal.IAMConfigurationProvider - Validating IAM SSL Server Certificate...Trusted"