net.sf.easyjson.UnmarshallException: couldn't parse JSON error occurs when logging into CA Identity Manager
search cancel

net.sf.easyjson.UnmarshallException: couldn't parse JSON error occurs when logging into CA Identity Manager

book

Article ID: 14717

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction



After logging into CA Identity Manager through the User Console, the following error messages fill up the log files repeatedly:


ERROR [stderr] (http-/0.0.0.0:8080-1) net.sf.easyjson.UnmarshallException: couldn't parse JSON

ERROR [stderr] (http-/0.0.0.0:8080-1) at net.sf.easyjson.JSONSerializer.fromJSON(Unknown Source)

ERROR [stderr] (http-/0.0.0.0:8080-1) at net.sf.easyjson.JSON.getObject(Unknown Source)

ERROR [stderr] (http-/0.0.0.0:8080-1) at com.netegrity.llsdk6.imsimpl.passwordservices.PasswordBlobImpl.createBlobFromText(PasswordBlobImpl.java:64)

ERROR [stderr] (http-/0.0.0.0:8080-1) at com.netegrity.llsdk6.imsimpl.managedobject.UserImpl.getPasswordBlob(UserImpl.java:3162)

ERROR [stderr] (http-/0.0.0.0:8080-1) at com.netegrity.llsdk6.imsimpl.managedobject.UserImpl.authenticate(UserImpl.java:702)

ERROR [stderr] (http-/0.0.0.0:8080-1) at com.netegrity.webapp.authentication.DefaultAuthenticationModule.authenticate(DefaultAuthenticationModule.java:73)

ERROR [stderr] (http-/0.0.0.0:8080-1) at com.netegrity.webapp.authentication.FrameworkLoginFilter.authenticateUser(FrameworkLoginFilter.java:565)

ERROR [stderr] (http-/0.0.0.0:8080-1) at com.netegrity.webapp.authentication.FrameworkLoginFilter.doFilter(FrameworkLoginFilter.java:373)

ERROR [stderr] (http-/0.0.0.0:8080-1) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)

ERROR [stderr] (http-/0.0.0.0:8080-1) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)

ERROR [stderr] (http-/0.0.0.0:8080-1) at com.netegrity.webapp.filter.LocaleFilter.doFilter(LocaleFilter.java:100)

ERROR [stderr] (http-/0.0.0.0:8080-1) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)

ERROR [stderr] (http-/0.0.0.0:8080-1) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)

ERROR [stderr] (http-/0.0.0.0:8080-1) at com.netegrity.webapp.filter.ClientExtractFilter.doFilter(ClientExtractFilter.java:35)

ERROR [stderr] (http-/0.0.0.0:8080-1) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)

ERROR [stderr] (http-/0.0.0.0:8080-1) at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)

ERROR [stderr] (http-/0.0.0.0:8080-1) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926)

ERROR [stderr] (http-/0.0.0.0:8080-1) at java.lang.Thread.run(Thread.java:745)

 

How to resolve this error and reduce the log files from filling up?

Environment

Release: Identity Manager

Cause

This error (com.netegrity.llsdk6.imsimpl.passwordservices.PasswordBlobImpl.createBlobFromText(PasswordBlobImpl.java:66) ) would normally be related to SiteMinder integration. While the integration does not have to be currently in place, it usually refers to a Corporate Directory which used in any previous IM/SM integration.

Resolution

This issue occurs when the CA Identity Manager product is integrated with SiteMinder. The value PasswordData in CA Directory is filled with a value that Identity Manager doesn't recognize and this causes the server.log file to be filled up with error messages. This can be avoided by creating a new directory of users when the product is integrated with SiteMinder or clearing out the PasswordData field for every single user in the Directory store being used.

Normally, clearing the %PASSWORD_DATA% attribute for a user which triggers this error would resolve it (this would have to be done per user). This can be done via any LDAP browser, such as JXplorer.
%PASSWORD_DATA% is a metadata attribute, so while it does not contain the actual current password, it does contain information about the passwords and it is used for tracking purposes (as configured in the password policy).

It is always advised to take backup of the directory before any mass change is to be applied.