Trying to run RoleDefGenerator results in error
search cancel

Trying to run RoleDefGenerator results in error

book

Article ID: 44312

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Issue:

Trying to run the RoleDefGenerator.bat / RoleDefGenerator.sh results in the following error:

E:\Program Files\CA\Identity Manager\IAM Suite\Identity Manager\tools\RoleDefinitionGenerator\bin>RoleDefGenerator.bat -d im -h localhost -u imuser -l
Password:
com.ca.iam.model.IAMCommunicationException: javax.naming.CommunicationException: localhost:20390 [Ro
ot exception is java.lang.NoClassDefFoundError: com/rsa/jsafe/crypto/JSAFE_InvalidUseException]
        at com.ca.iam.model.impl.IAMServerImpl.namingExceptionToIAMException(IAMServerImpl.java:339)

        at com.ca.iam.model.impl.IAMServerImpl.translateNamingException(IAMServerImpl.java:374)
        at com.ca.iam.model.impl.ETAServer.init(ETAServer.java:92)
        at com.ca.iam.model.IAMServer.newInstance(IAMServer.java:545)
        at com.ca.iam.roledefgen.RoleDefGenerator.main(RoleDefGenerator.java:368)
Caused by: javax.naming.CommunicationException: localhost:20390 [Root exception is java.lang.NoClass
DefFoundError: com/rsa/jsafe/crypto/JSAFE_InvalidUseException]
        at com.sun.jndi.ldap.Connection.<init>(Connection.java:200)
        at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
        at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.InitialContext.<init>(InitialContext.java:197)
        at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
        at com.ca.commons.jndi.beans.ResilientDirContextFactory.testContexts(ResilientDirContextFact
ory.java:388)
        at com.ca.commons.jndi.beans.ResilientDirContextFactory.invoke(ResilientDirContextFactory.ja
va:440)
        at $Proxy26.search(Unknown Source)
        at com.ca.commons.jndi.beans.JNDIBeanStore$JNDIObjectProcessor.doSearch(JNDIBeanStore.java:1
797)
        at com.ca.commons.jndi.beans.JNDIBeanStore.action(JNDIBeanStore.java:617)
        at com.ca.iam.model.impl.ETAServer.init(ETAServer.java:78)
        ... 2 more
Caused by: java.lang.NoClassDefFoundError: com/rsa/jsafe/crypto/JSAFE_InvalidUseException
        at com.ca.commons.security.ssl.CustomSSLSocketFactory.getSupportedCipherSuites(CustomSSLSock
etFactory.java:324)
        at com.ca.commons.security.ssl.CustomSSLSocketFactory.getDefaultCipherSuites(CustomSSLSocket
Factory.java:318)
        at com.ca.commons.security.ssl.CustomSSLSocketFactory.enableSocketCipherSuites(CustomSSLSock
etFactory.java:309)
        at com.ca.commons.security.ssl.CustomSSLSocketFactory.createSocket(CustomSSLSocketFactory.ja
va:269)

Cause:

A possible cause could be due to the fact the command is using 'localhost' as opposed to the actual hostname used and configured on the certificate level

 

 

Environment

Release:
Component: IDMGR

Resolution

If we change 'localhost' to the actual hostname, the command workes as expected

E:\Program Files\CA\Identity Manager\IAM Suite\Identity Manager\tools\RoleDefinitionGenerator\bin>RoleDefGenerator.bat -d im -h myhostname.here.com -u imuser -l

Alternatively, As per https://docops.ca.com/ca-imag-connectors/1-0/EN/dynamic-connectors-connector-xpress/creating-connectors/how-you-generate-user-console-account-screens
-n
If specified, TLS is not used. TLS communication is enabled by default.

So using
E:\Program Files\CA\Identity Manager\IAM Suite\Identity Manager\tools\RoleDefinitionGenerator\bin>RoleDefGenerator.bat -d im -h myhostname.here.com -u imuser -l -n
will allow all endpoints to be listed (and TLS would not be used)