Identity Manager server log shows JSON errors during login
search cancel

Identity Manager server log shows JSON errors during login

book

Article ID: 7327

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

The following errors are seen in the application server log when users login or when there is an attempt to modify their password

net.sf.easyjson.UnmarshallException: couldn't parse JSON
at net.sf.easyjson.JSONSerializer.fromJSON(Unknown Source)
at net.sf.easyjson.JSON.getObject(Unknown Source)
com.netegrity.llsdk6.imsimpl.passwordservices.PasswordBlobImpl.createBlobFromText(PasswordBlobImpl.java:66)
com.netegrity.llsdk6.imsimpl.managedobject.UserImpl.getPasswordBlob(UserImpl.java:3292)
com.netegrity.llsdk6.imsimpl.managedobject.UserImpl.authenticate(UserImpl.java:708)
com.netegrity.webapp.authentication.DefaultAuthenticationModule.authenticate(DefaultAuthenticationModule.java:73)
com.netegrity.webapp.authentication.FrameworkLoginFilter.authenticateUser(FrameworkLoginFilter.java:573)
com.netegrity.webapp.authentication.FrameworkLoginFilter.doFilter(FrameworkLoginFilter.java:374)
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
com.netegrity.webapp.filter.LocaleFilter.doFilter(LocaleFilter.java:100)
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
com.netegrity.webapp.filter.ClientExtractFilter.doFilter(ClientExtractFilter.java:35)
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)

Environment

Identity Manager

Cause

This error (com.netegrity.llsdk6.imsimpl.passwordservices.PasswordBlobImpl.createBlobFromText(PasswordBlobImpl.java:66) ) would normally be related to SiteMinder integration. While the integration does not have to be currently in place, it usually refers to a Corporate Directory which used in any previous IM/SM integration.

Resolution

This issue occurs when the CA Identity Manager product is integrated with SiteMinder. The value PasswordData in CA Directory is filled with a value that Identity Manager doesn't recognize and this causes the server.log file to be filled up with error messages. This can be avoided by creating a new directory of users when the product is integrated with SiteMinder or clearing out the PasswordData field for every single user in the Directory store being used.

Normally, clearing the %PASSWORD_DATA% attribute for a user which triggers this error would resolve it (this would have to be done per user). This can be done via any LDAP browser, such as JXplorer.
%PASSWORD_DATA% is a metadata attribute, so while it does not contain the actual current password, it does contain information about the passwords and it is used for tracking purposes (as configured in the password policy).

It is always advised to take backup of the directory before any mass change is to be applied.