Tenant gateway connection broken, Proxy status is Disconnected in Portal UI.

The Tenant Gateway log also shows this SSL connection error for the Portal's broker container:

2024-10-21T18:14:32.702+0530 INFO    12832 com.l7tech.external.assertions.portaldeployer.server.client.PortalDeployerClient: Attempting to reconnect to broker [wss://broker.portal.com:9443/]
2024-10-21T18:14:32.702+0530 SEVERE  12839 com.l7tech.external.assertions.portaldeployer.server.client.PortalDeployerClient: Failed connecting to Broker: wss://broker.portal.com:9443/
MqttException (0) - javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
        at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:38)
        at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:736)
        at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
        at java.base/sun.security.ssl.SSLSocketImpl.handleEOF(SSLSocketImpl.java:1562)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1391)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1296)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:416)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:388)
        at org.eclipse.paho.client.mqttv3.internal.SSLNetworkModule.start(SSLNetworkModule.java:149)
        at org.eclipse.paho.client.mqttv3.internal.websocket.WebSocketSecureNetworkModule.start(WebSocketSecureNetworkModule.java:63)
        at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:722)
        ... 1 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
        at java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:489)
        at java.base/sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:478)
        at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:160)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:111)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1383)
        ... 7 more

Release : 5.1.2

The MAG license in the Portal's in-built Gateway (Ingress/APIM container) expired.

The MAG license in portal 5.1.2 has an expiration date of 2024-10-16. Use the above mentioned information to get the gateway user ID and password. You need to use the 10.1.00.11620 policy manager along with the user information.

To confirm this issue is caused by the license expiration, connect a 10.1.00.11620 version of the policy manager to the portal APIM container:

• Run this command to get the Gateway admin password (Ingress/apim container)
  • docker inspect $(docker ps --filter name=portal_apim -q) | grep -e TSSG_PUBLIC_HOST -e SSG_ADMIN_PASSWORD -e SSG_ADMIN_USERNAME
• Using a 10.1 version of the policy manager, connect to the apim-ssg host of the portal. Example: apim-ssg.hostname:9443 (you must use 9443)
• Use admin and the password from the above docker inspect command to connect
• You will see a notification about an expired license
• Here is a copy of the expired license

Apply the attached portal512.xml license for Portal 5.1.2 and Policy Manager 10.1 installer (PM_10.1.zip) which is required to connect to Portal's in-built Gateway (Ingress/APIM container) .

• This is a workaround for the Portal 4.5 version
• This issue is fixed in Portal 5.0.2.6 and 5.1.2.1 version
• The new license will not be there if the portal is restarted; so you need to add the license every time the portal restarts
• DO NOT remove the old license