CA Service Desk manager with ITPAM integration failing after upgrade to 17.4
search cancel

CA Service Desk manager with ITPAM integration failing after upgrade to 17.4

book

Article ID: 281917

calendar_today

Updated On:

Products

CA Service Management - Service Desk Manager CA Process Automation Base CA Service Desk Manager

Issue/Introduction

Post upgrading CA Service desk Manager from 17.3 to 17.4 , ITPAM integration is failing. 
Error : 
There is a problem accessing CA IT PAM Workflow - please try again or contact the administrator. Details: Error accessing ITPAM Service at: https://<PAM SERVER>:8443/itpam/soap?WSDLFailed to access the WSDL at: https://<PAM SERVER>:8443/itpam/soap?WSDL. It failed with: Server returned HTTP response code: 405 for URL: https://<PAM SERVER>8443/itpam/soap?WSDL

04/05 12:33:51.986 [Thread-11] ERROR ItpamWorkflow 321 Error accessing ITPAM Service at: https://<PAM SERVER>:8443/itpam/soap?WSDLFailed to access the WSDL at: https://c<PAM SERVER>:8443/itpam/soap?WSDL. It failed with: 
   Server returned HTTP response code: 405 for URL: https://<PAM SERVER>8443/itpam/soap?WSDL. 
04/05 12:33:51.986 [Thread-11] ERROR ItpamWorkflow 563 Error getting definitions:  
java.lang.Exception: Error accessing ITPAM Service at: https://<PAM SERVER>:8443/itpam/soap?WSDLFailed to access the WSDL at: https://<PAM SERVER>:8443/itpam/soap?WSDL. It failed with: 
   Server returned HTTP response code: 405 for URL: https://<PAM SERVER>:8443/itpam/soap?WSDL.
   at com.ca.ServicePlus.pdm_rpc.ItpamWorkflow.getPAMService(ItpamWorkflow.java:323) ~[pdm_rpc.jar:?]
   at com.ca.ServicePlus.pdm_rpc.ItpamWorkflow.getStartRequestForms(ItpamWorkflow.java:498) [pdm_rpc.jar:?]
   at com.ca.ServicePlus.pdm_rpc.ItpamWorkflow.msgReceived(ItpamWorkflow.java:238) [pdm_rpc.jar:?]
   at jdk.internal.reflect.NativeMetho

Environment

ENV: 
CA ITPAM 4.3.5
CA Service Desk Manager 17.4

Cause

SDM 17.4 client libraries uses CXF client SDK to connect to PAM
PAM default self signed certificate is not respected anymore for the integration with CXF client as it's enforcing to have SAN details in the certificate.

Resolution

PAM Side:
========

Regenerated the new custom key-store file for PAM side using the SAN details and configured the custom certificate in the following files, reference KB Article 264492.

# Edit:PAM\server\c2o\.config\OasisConfig.properties
We need to add three entries to point to the custom certificate. 
itpam.custom.web.keystorepath, itpam.custom.web.password and itpam.custom.web.keystorealias
Example: 
itpam.custom.web.keystorepath=<new c20keystore> 
itpam.custom.web.keystore.password=<#########>
itpam.custom.web.keystorealias=PAMRSA

# Edit PAM\server\c2o\deploy\jbossweb.sar\server.xml
We need to modify this file to use the custom entries mentioned in oasis config file.
# Validate the SAN details in the certificate using the browser.  (If this test is good, then only start modifying the SDM side.)


SDM Side: 
========
Export the PAM customer certificate from browser and import it into SDM key-store file, reference KB Article 269938, KB Article 9538 and KB Article 103456.
Restart the SDM windows service (complete service restart is needed to force to load the key-store file for SDM)
Validate the PAM + SDM integration.

Powered by Wolken Software