Identity Manager, Portal, and Governance Services Fail to Start with Keystore Error in IGA Xpress V15
search cancel

Identity Manager, Portal, and Governance Services Fail to Start with Keystore Error in IGA Xpress V15

book

Article ID: 434489

calendar_today

Updated On:

Products

CA Identity Suite CA Identity Governance CA Identity Manager CA Identity Portal

Issue/Introduction

When deploying or starting Identity Manager (IM), Identity Portal (IP), and Identity Governance (IG) services in IGA Xpress V15.0, the services fail or remain in a stopped state. Reviewing the service logs (located in /opt/brcm/iga/logs/) reveals the following errors:

  • Caused by: java.io.IOException: keystore password was incorrect
  • Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry
  • WFLYCTL0412: Required services that are not installed: ["jboss.http-upgrade-registry.https-management"]

 

Environment

  • Product: Identity Governance and Intelligence (IGA) Xpress
  • Version: 15.0
  • Components: Identity Manager (IM), Identity Portal (IP), Identity Governance (IG)
  • Platform: Virtual Appliance (VCSA)
  • Deployment Type: Single-node or Cluster configurations

Cause

The failure is typically caused by a missing, mismatched, or incorrect Cluster Key. The Cluster Key is mandatory for all IGA Xpress Identity Suite deployments—including single-node environments—as it serves as a critical component of the encryption algorithm for Suite passwords and communication throughout the environment Is Cluster Key Required.

Resolution

 

RESOLUTION

Verify that the Cluster Key is correctly set and consistent across the deployment by following these steps while logged in as the igx user:

  1. Check Cluster Key: Verify if a cluster key is already configured:

    bash
     
    cluster_key --show

  2. Generate and Set Key: If no key is present or if a mismatch is suspected, generate and set a new key:

    bash
     
    cluster_key --gencluster_key --set

    Warning: Changing the Cluster Key after entering passwords in the Services tab or YAML files will invalidate those passwords Is Cluster Key Required.

  3. Restart Services: Restart the IGA Xpress service to apply the configuration:

    bash
     
    igactl restart xpress

  4. Confirm Suite Configuration: In the IGA Xpress console, ensure the Suite Key and Suite Password are applied correctly under the Services tab to allow for component communication IGA Xpress Deployment Guide.

 

Additional Information

ADDITIONAL INFORMATION

Log files for specific services are located under subfolders in:

  • /opt/brcm/iga/logs/idm/
  • /opt/brcm/iga/logs/idp/
  • /opt/brcm/iga/logs/idg/

Log Configuration Location

Powered by Wolken Software