Password policy modification fails with NullPointerException
search cancel

Password policy modification fails with NullPointerException

book

Article ID: 412770

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

When trying to save a change to a password policy, the task fails with

Error:   Task Failed

Fatal:   Failed to Execute ModifyPasswordPolicyEvent. ERROR MESSAGE: NullPointerException

The IM application server log shows the following stack.

2025-10-01 14:51:27,555 ERROR [com.netegrity.ims.exception.EventExecuteStateException] (Thread-2093 (ActiveMQ-client-global-threads)) Exception: java.lang.NullPointerException
        at com.netegrity.llsdk6.imsimpl.managedobject.PasswordPolicyImpl.clearRegularExpressions(PasswordPolicyImpl.java:2345)
        at com.netegrity.ims.events.ModifyPasswordPolicyEvent.execute(ModifyPasswordPolicyEvent.java:80)
        at com.netegrity.ims.businessprocess.IMSEventController.executing(IMSEventController.java:270)
        at com.netegrity.ims.businessprocess.IMSController.executing(IMSController.java:58)
    ...

 

Cause

The stack trace indicates that IM cannot clear the password policy's regular expression, one of the actions required before writing the updated policy to the Object Store database.

The null pointer means that the password policy or its configuration has not been found in the IM db.

This can be caused by a missing or corrupted password policy in the IM object store.

 

Resolution

Check the password policy in the IM object store fwpasswordpolicy and verify whether the policy is listed. If it exists, check the fwpasswordpolicy_ld table to see if there are any problems with missing or corrupt policy settings that may need to be fixed.

If the password policy does not exist in fwpasswordpolicy, verify whether IM is expected to be integrated with Siteminder. If integrated, IM should not be checking the IM object store for the password policy, as the policy resides in the SM policy store.

If IM is intended to be integrated with SiteMinder verify that the ra.xml file has Enabled = true. Verify the setting on all IM nodes.

The ra.xml is located here.

non-vAPP

<deployed iam_im.ear location>/iam_im.ear/policyserver.rar/META-INF/ra.xml

vAPP

/opt/CA/VirtualAppliance/custom/IdentityManager/SiteMinder_config/ra.xml

It has been seen that some IM nodes in an environment do not have SM integration enabled, whereas other nodes do have correct SM enabled which caused some IM nodes to attempt processing against non-existent IM policies, and other nodes processing correctly using the SM policies.  The SM-integrated nodes' ra.xml files should show SM Enabled = true

<config-property>
            <config-property-name>ValidateSMHeadersWithPS</config-property-name>
            <config-property-type>java.lang.String</config-property-type>
            <config-property-value>false</config-property-value>
        </config-property>
        <config-property>
            <config-property-name>Enabled</config-property-name>
            <config-property-type>java.lang.String</config-property-type>
            <config-property-value>true</config-property-value>
        </config-property>

If you intend to integrate IM with SiteMinder, ensure Enabled is set to True, in the ra.xml file, as above, for all nodes.

Powered by Wolken Software