ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Dynatrace HTTP monitor interferes with Identity Portal functionality

book

Article ID: 199229

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

A customer installed Dynatrace HTTP monitoring software on the machine where they have Identity Portal installed.

After that some Identity Portal functionality, like forgot password feature, stopped working.

Identity Manager server log contained such error:

10:00:34,924 ERROR [ims.default] (http-/0.0.0.0:8443-1) com.netegrity.llsdk6.imsapi.exception.NoSuchObjectException: [facility=4 severity=2 reason=0 status=38 message=No items found]
    at com.netegrity.llsdk6.imsimpl.provider.AdminTaskProviderImpl.findByTag(AdminTaskProviderImpl.java:316) [imsapi6.jar:]
    ...

Cause

Dynatrace HTTP monitor made injections into the TEWS SOAP requests sent from Identity Portal server to Identity Manager server.

Modified SOAP request looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
    <s:Header>
        <h:ASFPPreVerifyTaskContext xmlns:h="http://tews6/wsdl" mustUnderstand="0" actor="">
            <admin_id xmlns="http://tews6/wsdl">xxxxxxxxxx</admin_id>
        </h:ASFPPreVerifyTaskContext>
        <X-dynaTrace xmlns="http://ns.dynatrace.com/wcf" mustUnderstand="0" actor="">FW4;-1273248646;7;-167505140;283983;0;-1374428998;763;75b8;2h01;3hf604130c;4h04554f</X-dynaTrace>
    </s:Header>
    <s:Body>
        <ASFPPreVerify xmlns="http://tews6/wsdl">
            <ASFPPreVerifySearch>
                <Organization>
                    <UniqueName>o=external,dc=xxxxxxxxxx,dc=com</UniqueName>
                    <AndLower>false</AndLower>
                </Organization>
                <Filter index="0">
                    <Field>%USER_ID%</Field>
                    <Op>EQUALS</Op>
                    <Value>xxxxxxxxx</Value>
                    <Conj>And</Conj>
                </Filter>
                <Filter index="1">
                    <Field>dob</Field>
                    <Op>EQUALS</Op>
                    <Value>06071985</Value>
                </Filter>
            </ASFPPreVerifySearch>
        </ASFPPreVerify>
    </s:Body>
</s:Envelope>

The above SOAP request fails in IM server with following exception:

com.netegrity.llsdk6.imsapi.exception.NoSuchObjectException: [facility=4 severity=2 reason=0 status=38 message=No items found]

Environment

Release : 14.x

Component : IdentityMinder(Identity Manager)

Resolution

This is the correct behavior.

TEWS, which is used in Identity Portal to send requests to Identity Manager, does not allow SOAP injections.

To fix the problem disable Dynatrace monitoring or any other 3rd party software that makes injections into SOAP requests.