000037374 - Authentication behavior of the Email Fulfillment Handler node used in RSA Identity Governance & Lifecycle Email Fulfillment Handler workflow

Document created by RSA Customer Support Employee on Apr 23, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037374
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.0.2, 7.1.0
IssueWhen using the Email Fulfillment Handler workflow to fulfill requests, the server section of the Fulfillment Handler node requires a username and password for authenticating to the SMTP server. These values may not be blank. If they are left blank, the workflow cannot be saved.
User-added image

If the SMTP server does not require authenticated connections, it will reject the username and password, the workflow will fail, the change request will go into an error state and no email will be sent.
User-added image


This message can be seen in the aveksaServer.log:

com.sun.mail.smtp.SMTPAddressFailedException: 554 5.7.1 : Client host rejected: Access denied


NOTE: SMTP code 554 5.7.1 is a rejection from the Recipient Domain. SMTP code 554 5.7.1 means Not allowed. The address in Mail From appears to have insufficient submission rights, or is invalid, or is not authorized with the authentication used.

CauseThe SMTP server does not require authenticated connections and cannot authenticate a username and password. In this case, it would be appropriate to send a null username and password but RSA Identity Governance & Lifecycle requires that a username and password be defined in the workflow definition.
ResolutionProduct enhancement request ACM-82487 has been submitted to allow the username and password fields of the email fulfillment node to be null. 

Product enhancement requests are evaluated by Product Management to determine when/if they will be added in a future release.