Unable to modify custom endpoint credentials.

search cancel

Unable to modify custom endpoint credentials.

book

Article ID: 368497

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

When we try to modify the endpoint from Provisioning Manager - we get errors and the properties screen is unable to open.

While if we try to modify it from User Console, we get another error and still are not able to access configuration screen.

Following error is seen in the log file.

_{2024-03-19 09:09:33,236 ERROR [im.provisioning.endpoint] (default task-650) Failed to retrieve properties of endpoint 'LDAP_XXXX_XX'}

_{2024-03-19 09:09:33,236 ERROR [im.provisioning.endpoint] (default task-650) Failed to load properties [LDAdescription, passwordSyncAgentInstalled, user, baseDN, protocolSecure, version, accountForcedDeletable, defaultPolicy, accountDeletable, connectionURI, passwordPropagationDisabled]: javax.naming.NamingException: [LDAP: error code 1 - :ETA_E_0019<RDI>, Endpoint 'LDAP_XXXX_XX' read failed: Error decrypting attribute eTDYNPassword: attribute eTDYNUser has been modified since this attribute was encrypted. Please reset the encrypted attribute. ]; remaining name 'eTDYNDirectoryName=LDAP_XXXX_XX,eTNamespaceName=LDAP_XXXX_XX,dc=imxx,dc=eta'}

_{2024-03-19 09:09:33,236 ERROR [ims.ui] (default task-650) com.netegrity.webapp.page.TaskController [facility=4 severity=3 reason=0 status=6 message=Unrecognized command]}

_{Failed to load properties [LDAdescription, passwordSyncAgentInstalled, user, baseDN, protocolSecure, version, accountForcedDeletable, defaultPolicy, accountDeletable, connectionURI, passwordPropagationDisabled]: javax.naming.NamingException: [LDAP: error code 1 - :ETA_E_0019<RDI>, Endpoint 'LDAP_XXXX_XX read failed: Error decrypting attribute eTDYNPassword: attribute eTDYNUser has been modified since this attribute was encrypted. Please reset the encrypted attribute. ]; remaining name 'eTDYNDirectoryName=LDAP_XXXX_XX ,eTNamespaceName=LDAP_XXXX_XXX,dc=im,dc=eta'}

_{at com.ca.identitymanager.provisioning.managedobjectprovider.impl.EndpointProviderImpl.getManagedObject(EndpointProviderImpl.java:174)}

_{at com.netegrity.llsdk6.imsimpl.managedobject.ManagedObjectImpl._add(ManagedObjectImpl.java:389)}

_{at com.netegrity.llsdk6.imsimpl.BaseObject.addAttributes(BaseObject.java:2604)}

_{at com.netegrity.ims.task.TaskSessionImpl.addSubjectAttributeRights(TaskSessionImpl.java:1725)}

_{at com.netegrity.ims.task.TaskSessionImpl.createTabHandlers(TaskSessionImpl.java:1685)}

_{at com.netegrity.ims.task.TaskSessionImpl.setSubject(TaskSessionImpl.java:645)}

_{at com.netegrity.ims.businessprocess.TaskServiceImpl.createNestedTaskSession(TaskServiceImpl.java:323)}

_{at com.ca.identitymanager.provisioning.tab.EndpointSearchPage.selectResult(EndpointSearchPage.java:307)}

_{at com.netegrity.webapp.page.screen.StandardSearchPage.handleSelection(StandardSearchPage.java:1410)}

_{at com.netegrity.webapp.page.screen.StandardSearchPage.update(StandardSearchPage.java:642)}

_{at com.ca.identitymanager.provisioning.tab.EndpointSearchPage.update(EndpointSearchPage.java:245)}

_{at com.netegrity.webapp.page.NestingWrapper.update(NestingWrapper.java:249)}

_{at com.netegrity.webapp.page.AbstractParentPage.update(AbstractParentPage.java:67)}

_{at com.netegrity.webapp.page.jsf.JSFParentPage.update(JSFParentPage.java:119)}

_{at com.netegrity.webapp.page.TaskController.update(TaskController.java:639)}

_{at com.netegrity.taglib.skin.TagUtilLocal.update(TagUtilLocal.java:274)}

_{at com.netegrity.taglib.skin.UpdateTag.doEndTag(UpdateTag.java:146)}

_{at org.apache.jsp.app.ui7.index_jsp._jspx_meth_skin_005fupdate_005f0(index_jsp.java:1831)}

_{at org.apache.jsp.app.ui7.index_jsp._jspService(index_jsp.java:230)}

_{at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)}

_{at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)}

_{at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)}

_{at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:403)}

_{at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:347)}

_{at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)}

_{at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)}

_{at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:81)}

_{at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)}

_{at io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)}

_{at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)}

_{at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)}

_{at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)}

_{at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)}

_{at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)}

_{at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:257)}

_{at io.undertow.servlet.handlers.ServletInitialHandler.dispatchToPath(ServletInitialHandler.java:182)}

_{at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImpl(RequestDispatcherImpl.java:188)}

_{at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImplSetup(RequestDispatcherImpl.java:136)}

_{at io.undertow.servlet.spec.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:99)}

_{at com.netegrity.webapp.filter.ConsolePageFilter.doFilter(ConsolePageFilter.java:531)}

_{at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)}

_{at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)}

_{at com.netegrity.webapp.page.jsf.FacesFilter.doFilter2(FacesFilter.java:181)}

_{at com.netegrity.webapp.page.jsf.FacesFilter.doFilter(FacesFilter.java:152)}

_{at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)}

_{at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)}

_{at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:147)}

_{at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)}

_{at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)}

_{at com.netegrity.webapp.authentication.FrameworkLoginFilter.doFilter(FrameworkLoginFilter.java:417)}

_{at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)}

_{at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)}

_{at com.netegrity.webapp.filter.LocaleFilter.doFilter(LocaleFilter.java:101)}

_{at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)}

_{at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)}

_{at com.netegrity.webapp.filter.ClientExtractFilter.doFilter(ClientExtractFilter.java:52)}

_{at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)}

_{at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)}

_{at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)}

_{at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)}

_{at io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)}

_{at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)}

_{at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)}

_{at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)}

_{at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)}

_{at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)}

_{at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)}

_{at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)}

_{at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)}

_{at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)}

_{at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)}

_{at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)}

_{at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)}

_{at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)}

_{at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)}

_{at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)}

_{at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)}

_{at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)}

_{at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)}

_{at io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)}

_{at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)}

_{at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:275)}

_{at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:79)}

_{at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134)}

_{at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131)}

_{at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)}

_{at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)}

_{at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)}

_{at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1555)}

_{at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255)}

_{at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:79)}

_{at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:100)}

_{at io.undertow.server.Connectors.executeRootHandler(Connectors.java:393)}

_{at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:852)}

_{at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)}

_{at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)}

_{at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)}

_{at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)}

_{at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282)}

_{at java.lang.Thread.run(Thread.java:748)}

Environment

Identity Manager 14.4, 14.5

Cause

Endpoint's service account's DN was changed.

Resolution

Please verify what changes to the service account's credential was performed.
In this case, the service account's DN was modified and that was the root cause of the issue. In cases such as this, change to the DN will not be propagated back to IM. CA Identity Manager doesn't natively support DN changes.

We strongly recommend carrying out activities that involve change of DN with prior planning. One of the first actions is to update the endpoint with new account on the IM so that it can connect successfuly after the change has taken place.

However, failure to take appropriate actions in such cases would require for an identity administrator to manually change the user and password in the provisioning directory (using plain text password). Then try to change the password again (or set the password) using provisioning manager to force the encryption of plain text password in the provisioning directory.

Feedback

thumb_up Yes

thumb_down No