Salesforce

Salesforce AFX Connector provisioning fails with 'Error occured while generating access token from refresh token' and INVALID_SESSION_ID in RSA Identity Governance & Lifecycle

Printable View
Header
Salesforce AFX Connector provisioning fails with 'Error occured while generating access token from refresh token' and INVALID_SESSION_ID in RSA Identity Governance & Lifecycle
Salesforce-AFX-Connector-provisioning-fails-with-Error-occured-while-generating-access-token-from-refresh-token-and-INVALID-SESSION-ID-in-RSA-Identity-Governance-Lifecycle
Salesforce AFX Connector provisioning fails with 'Error occured while generating access token from refresh token' and INVALID_SESSION_ID in RSA Identity Governance & Lifecycle
Work in Progress
1,461.15
Article Content
 
RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.1.1, 7.2.0
 
After creating a Salesforce AFX Connector and verifying that a test of the connector successfully obtains an OAuth2 token as in the example below, provisioning to the endpoint using the new SalesForce AFX Connector fails when used the next day.
 
User-added image



The AFX connector log file ($AFX_HOME/esb/logs/esb.AFX-CONN-SalesforceConnector_<date>.log) has the following error: 
2020-02-20 15:54:10.705 [ERROR] com.aveksa.AFX.server.runtime.esb.salesforce.service.UserSalesforceServiceImpl:361 - 
Add Account to group failed due to following error: com.aveksa.AFX.server.runtime.esb.salesforce.service.SalesforceException: Unauthorized User: 
Error code returned:  401  [{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]
com.aveksa.AFX.server.runtime.esb.salesforce.service.SalesforceException: Unauthorized User: 
Error code returned:  401  [{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]
	at com.aveksa.AFX.server.runtime.esb.salesforce.service.SalesforceService.getStream(SalesforceService.java:277)
	at com.aveksa.AFX.server.runtime.esb.salesforce.service.SalesforceService.getEntityIdByName(SalesforceService.java:331)
	at com.aveksa.AFX.server.runtime.esb.salesforce.service.UserSalesforceServiceImpl.addAccountToGroup(UserSalesforceServiceImpl.java:178)
	at com.aveksa.AFX.server.runtime.esb.salesforce.esb.SalesforceComponent.onCall(SalesforceComponent.java:105)
	at org.mule.model.resolvers.CallableEntryPointResolver.invoke(CallableEntryPointResolver.java:46)
	at org.mule.model.resolvers.DefaultEntryPointResolverSet.invoke(DefaultEntryPointResolverSet.java:36)
	at org.mule.component.DefaultComponentLifecycleAdapter.invoke(DefaultComponentLifecycleAdapter.java:339)
	at org.mule.component.AbstractJavaComponent.invokeComponentInstance(AbstractJavaComponent.java:82)
	at org.mule.component.AbstractJavaComponent.doInvoke(AbstractJavaComponent.java:73)
	at org.mule.component.AbstractComponent.invokeInternal(AbstractComponent.java:122)
	at org.mule.component.AbstractComponent.access$000(AbstractComponent.java:57)
	at org.mule.component.AbstractComponent$1$1.process(AbstractComponent.java:238)


The aveksaServer.log file ($AVEKSA_HOME/wildfly/standalone/log/aveksaServer.log) has a related error: 
02/27/2020 09:29:56.618 ERROR (pool-700-thread-1) [com.aveksa.server.core.oauth2.OAuth2Handler] 
Error occured while generating access token from refresh token
java.net.ConnectException: Connection timed out (Connection timed out)
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
    at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
    at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
    at java.net.Socket.connect(Socket.java:589)
    at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:673)
    at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:477)
    at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:153)
    at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:81)
    at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:126)
    at com.aveksa.common.tls.CustomSecureProtocolSocketFactory.createSocket(CustomSecureProtocolSocketFactory.java:57)
    at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:706)
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:386)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
    at com.aveksa.server.core.oauth2.OAuth2Handler.getTokenFromRefreshToken(OAuth2Handler.java:192)
    at com.aveksa.server.core.oauth2.OAuth2ServiceProvider.getAccessTokenUsingRefreshToken(OAuth2ServiceProvider.java:158)
    at com.aveksa.gui.util.oauth2.TokenExpiryHandler.run(TokenExpiryHandler.java:50)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)

(...)

Please refer to RSA Knowledge Base Article 000030327 -- Artifacts to gather in RSA Identity Governance & Lifecycle to find the location of the aveksaServer.log file for your specific deployment if you are on a WildFly cluster or a non-WildFly platform. The aveksaServer.log may also be downloaded from the RSA Identity Governance & Lifecycle user interface (Admin > System > Server Nodes tab > under Logs.)
 
This is a known issue reported in engineering ticket ACM-104033.
 
This issue is resolved in the following RSA Identity Governance & Lifecycle patch levels: 
  • RSA Identity Governance & Lifecycle 7.1.1 P08
  • RSA Identity Governance & Lifecycle 7.2.0 P02

 
000038812
Article Settings
External
Case
Diane McCoy
4/30/2020 5:01 PM
Diane McCoy
Article Assignment
 
 
 
Article Properties
Published
Knowledge
000044938
Diane McCoy
Katrina Nash
English
Powered by