IM Fatal error - Unable to parse web.xml
search cancel

IM Fatal error - Unable to parse web.xml


Article ID: 277107


Updated On:


CA Identity Manager CA Identity Suite


After upgrading CA IM (Identity Manager) 14.3 (over JBoss EAP 6.4) to Symantec IM (Identity Manager) 14.4 (over JBoss EAP 7.2), the application server log shows the following error:

Unable to parse web.xml: Server returned HTTP response code: 503 for URL:
 at org.apache.xerces.impl.XMLEntityManager.setupCurrentEntity(Unknown Source)
 at org.apache.xerces.impl.XMLEntityManager.startEntity(Unknown Source)
 at org.apache.xerces.impl.XMLEntityManager.startDTDEntity(Unknown Source)
 at org.apache.xerces.impl.XMLDTDScannerImpl.setInputSource(Unknown Source)
 at org.apache.xerces.impl.XMLDocumentScannerImpl$DTDDispatcher.dispatch(Unknown Source)
 at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
 at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
 at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
 at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
 at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
 at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
 at org.apache.myfaces.shared_impl.webapp.webxml.WebXmlParser.parse(
 at org.apache.myfaces.shared_impl.webapp.webxml.WebXml.init(
 at org.apache.myfaces.webapp.StartupServletContextListener.initFaces(
 at org.apache.myfaces.webapp.StartupServletContextListener.contextInitialized(
 at io.undertow.servlet.core.ApplicationListeners.contextInitialized(
 at io.undertow.servlet.core.DeploymentManagerImpl$
 at io.undertow.servlet.core.DeploymentManagerImpl$
 at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$
 at io.undertow.servlet.core.ContextClassLoaderSetupAction$
 at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(
 at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(
 at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(
 at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(
 at io.undertow.servlet.core.DeploymentManagerImpl.deploy(
 at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(
 at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$
 at java.util.concurrent.Executors$
 at org.jboss.threads.EnhancedQueueExecutor.safeRun(
 at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(
 at org.jboss.threads.EnhancedQueueExecutor$



Release : 14.4 GA

Component : Identity Manager


This happens when IM machine cannot access file which resides in the Internet, i.e. Document Type Definition file that defines the structure and the legal elements and attributes of an XML document. IM requires access to the dtd file to parse the \standalone\deployments\iam_im.ear\user_console.war\WEB-INF\web.xml


Non-vApp case:

1) Download web-app_2-3.dtd from

2) Modify web.xml file under user_console.war/WEB-INF

3) Change the following line 


<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "">


<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "/absolute path of the dtd location/web-app_2_3.dtd">

Then restart the application server and check the error is gone.

vApp Case (please see additional information before proceeding):

There is no write privilege for 'config' user to modify web.xml file in vApp. Please do the following to workaround this problem.

1. Build a Windows Server with IIS that runs on the network reachable by the vApp

2. Create dtd directory under C:\inetpub\wwwroot directory and store downloaded web-app_2_3.dtd file in there.

3. Using IIS manager, select the Default Web Site node and double-click MIME Type and modify .dtd entry to have application/octet-stream MIME type. Restart the IIS service.

3. On the vApp, add the following custom host entry in /opt/CA/VirtualAppliance/custom/hosts file

<IIS machine IP Address>

Note: Replace <IIS machine IP Address> with actual IIS machine's IP address

4. On the vApp, run the following alias


5. On the vApp, restart IM


Additional Information

Fix included in 14.4 CP1. DE504857

As it's a CP, install the latest CP which at the time of this update (12/2023) is 14.4 CP2 CHF1.

As for Virtual Appliance reach out to Support so we can provide fix.