AFX Connectors remain in a Not Deployed state after patching or upgrading RSA Identity Governance & Lifecycle

RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.1.1 P07+, 7.2.0 P01+
 

Certain AFX Connector types fail to deploy after patching or upgrading RSA Identity Governance & Lifecycle. The connectors remain in a Not Deployed status in RSA Identity Governance & Lifecycle under AFX > Connectors.

It is not known at this time how many connector types are affected. We have seen this problem with the following connector types:

• Generic SSH Connectors
• Office365 Connectors

For example, below is the state of an Office365 Connector after patching to 7.2.0 P01:

The following error message is displayed in the user interface when using the Test Connector Settings button.

java.io.IOException: Auth cancel
at net.sf.commons.ssh.jsch.JschConnectionFactory.connectUsingPassword(JschConnectionFactory.java:82)

The following error is logged to the aveksaServer.log file ($AVEKSA_HOME/wildfly/standalone/log/aveksaServer.log):

06/15/2020 17:19:26.641 ERROR (default task-2) [com.aveksa.afx.server.service.handler.AFXPrimaryRequestHandler] 
Exception putting together connector deployment for <Connector name>
java.lang.NullPointerException
at java.lang.String.replace(String.java:2240)
	at com.aveksa.afx.server.service.handler.flow.EndpointSubstitutor.substituteCodes(EndpointSubstitutor.java:233)
	at com.aveksa.afx.server.service.handler.flow.EndpointSubstitutor.substitute(EndpointSubstitutor.java:106)
	at com.aveksa.afx.server.service.handler.AFXPrimaryRequestHandler.processConnectors(AFXPrimaryRequestHandler.java:284)
	at com.aveksa.afx.server.service.handler.AFXPrimaryRequestHandler.processRequest(AFXPrimaryRequestHandler.java:42)
	at com.aveksa.afx.plugin.integration.service.AFXRequestDispatcherProvider.dispatchRequest(AFXRequestDispatcherProvider.java:51)
	at com.aveksa.afx.AFXServlet.doPost(AFXServlet.java:24)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)

Please refer to RSA Knowledge Base Article 000030327 -- Artifacts to gather in RSA Identity Governance & Lifecycle to find the location of the aveksaServer.log for your specific deployment, if you are on a WildFly cluster or a non-WildFly platform. The aveksaServer.log may also be downloaded from the RSA Identity Governance & Lifecycle user interface (Admin > System > Server Nodes tab > under Logs.)
 

This is a known issue reported in engineering ticket ACM-105907 and effects RSA Identity Governance & Lifecycle versions 7.1.1 P07 and higher and 7.2.0 P01 and higher.

This issue occurs when the physical word Password or password is used as a reference or part of a reference in the Command Code section of the connector capability definition. (AFX > Connectors > {Connector name} > Edit > Capability tab.)
 

This issue is resolved in RSA Identity Governance & Lifecycle 7.2.0 P03.
 

To workaround this issue, remove any reference to Password or password in the Command Code section. For example, in the connector definition below the terms dcPass1 and dcPass2 have been substituted for dcPassword1 and dcPassword2 which would cause the connector to fail because the word Password was embedded in the references.