Issue:
Trying to run the RoleDefGenerator.bat / RoleDefGenerator.sh results in the following error:
E:\Program Files\CA\Identity Manager\IAM Suite\Identity Manager\tools\RoleDefinitionGenerator\bin>RoleDefGenerator.bat -d im -h localhost -u imuser -l
Password:
com.ca.iam.model.IAMCommunicationException: javax.naming.CommunicationException: localhost:20390 [Ro
ot exception is java.lang.NoClassDefFoundError: com/rsa/jsafe/crypto/JSAFE_InvalidUseException]
at com.ca.iam.model.impl.IAMServerImpl.namingExceptionToIAMException(IAMServerImpl.java:339)
at com.ca.iam.model.impl.IAMServerImpl.translateNamingException(IAMServerImpl.java:374)
at com.ca.iam.model.impl.ETAServer.init(ETAServer.java:92)
at com.ca.iam.model.IAMServer.newInstance(IAMServer.java:545)
at com.ca.iam.roledefgen.RoleDefGenerator.main(RoleDefGenerator.java:368)
Caused by: javax.naming.CommunicationException: localhost:20390 [Root exception is java.lang.NoClass
DefFoundError: com/rsa/jsafe/crypto/JSAFE_InvalidUseException]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:200)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
at com.ca.commons.jndi.beans.ResilientDirContextFactory.testContexts(ResilientDirContextFact
ory.java:388)
at com.ca.commons.jndi.beans.ResilientDirContextFactory.invoke(ResilientDirContextFactory.ja
va:440)
at $Proxy26.search(Unknown Source)
at com.ca.commons.jndi.beans.JNDIBeanStore$JNDIObjectProcessor.doSearch(JNDIBeanStore.java:1
797)
at com.ca.commons.jndi.beans.JNDIBeanStore.action(JNDIBeanStore.java:617)
at com.ca.iam.model.impl.ETAServer.init(ETAServer.java:78)
... 2 more
Caused by: java.lang.NoClassDefFoundError: com/rsa/jsafe/crypto/JSAFE_InvalidUseException
at com.ca.commons.security.ssl.CustomSSLSocketFactory.getSupportedCipherSuites(CustomSSLSock
etFactory.java:324)
at com.ca.commons.security.ssl.CustomSSLSocketFactory.getDefaultCipherSuites(CustomSSLSocket
Factory.java:318)
at com.ca.commons.security.ssl.CustomSSLSocketFactory.enableSocketCipherSuites(CustomSSLSock
etFactory.java:309)
at com.ca.commons.security.ssl.CustomSSLSocketFactory.createSocket(CustomSSLSocketFactory.ja
va:269)
Cause:
If we change 'localhost' to the actual hostname, the command workes as expected
E:\Program Files\CA\Identity Manager\IAM Suite\Identity Manager\tools\RoleDefinitionGenerator\bin>RoleDefGenerator.bat -d im -h myhostname.here.com -u imuser -l
Alternatively, As per https://docops.ca.com/ca-imag-connectors/1-0/EN/dynamic-connectors-connector-xpress/creating-connectors/how-you-generate-user-console-account-screens
-n
If specified, TLS is not used. TLS communication is enabled by default.
So using
E:\Program Files\CA\Identity Manager\IAM Suite\Identity Manager\tools\RoleDefinitionGenerator\bin>RoleDefGenerator.bat -d im -h myhostname.here.com -u imuser -l -n
will allow all endpoints to be listed (and TLS would not be used)