IM Fatal error - Unable to parse web.xml
search cancel

IM Fatal error - Unable to parse web.xml


Article ID: 213792


Updated On:


CA Identity Manager CA Identity Suite


After migrating CA IM (Identity Manager) 14.2 (over JBoss eap6.4) to Symantec IM (Identity Manager) 14.4 (over JBoss eap 7.2 / Wildfly 15.x), the application server log shows following error:

15:07:13,219 FATAL [org.apache.myfaces.shared_impl.webapp.webxml.WebXmlParser] (ServerService Thread Pool -- 124) Unable to parse web.xml:
 at [rt.jar:1.8.0_181]
 at [rt.jar:1.8.0_181]
 at [rt.jar:1.8.0_181]
 at [rt.jar:1.8.0_181]
 at [rt.jar:1.8.0_181]
 at [rt.jar:1.8.0_181]


Release : 14.4 GA, 14.5

Component : IdentityMinder(Identity Manager)


This happens when IM machine cannot access file which resides in the Internet, i.e. Document Type Definition file that defines the structure and the legal elements and attributes of an XML document. IM requires access to the dtd file to parse the \standalone\deployments\iam_im.ear\user_console.war\WEB-INF\web.xml



Non-vApp case:

1) Download web-app_2-3.dtd from

2) Modify web.xml file under user_console.war/WEB-INF

3) Change the following line 


<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "">


<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "/absolute path of the dtd location/web-app_2_3.dtd">

Then restart the application server and check the error is gone.

vApp Case (please see additional information before proceeding):

There is no write privilege for 'config' user to modify web.xml file in vApp. Please do the following to workaround this problem.

1. Build a Windows Server with IIS that runs on the network reachable by the vApp

2. Create dtd directory under C:\inetpub\wwwroot directory and store downloaded web-app_2_3.dtd file in there.

3. Using IIS manager, select the Default Web Site node and double-click MIME Type and modify .dtd entry to have application/octet-stream MIME type. Restart the IIS service.

3. On the vApp, add the following custom host entry in /opt/CA/VirtualAppliance/custom/hosts file

<IIS machine IP Address>

Note: Replace <IIS machine IP Address> with actual IIS machine's IP address

4. On the vApp, run the following alias


5. On the vApp, restart IM


Additional Information

Fix included in 14.4 CP1. DE504857

As its a CP, install the latest CP which at the time of this update (5/2023) is 14.4 CP2. 

As for Virtual Appliance reach out to Support so we can provide fix.