|Applies To||RSA Product Set: Identity Governance & Lifecycle|
RSA Version/Condition: 6.8.1, 6.9.1, 7.0.1, 7.0.2
|Issue||The RSA Identity Governance & Lifecycle ServiceNow AFX connector fails with the following exception in the AFX ServiceNow connector log file.|
The path and name of the AFX connector log file varies by installation. Typically the file is called /home/oracle/AFX/esb/logs/esb.AFX-CONN-ServiceNow.log or something very similar.
"9/01/19 12:20:12.796 PM","Error","Fulfillment","CreateServiceRequest",
"Error occured while executing the capability javax.xml.ws.WebServiceException:
Could not send Message.... ... Caused by: javax.net.ssl.SSLHandshakeException:
SSLHandshakeException invoking https://myserver.service-now.com/command.do?SOAP:
Received fatal alert: handshake_failure ....
Caused by: javax.net.ssl.SSLHandshakeException:
Received fatal alert: handshake_failure
This could affect RSA Identity Governance & Lifecycle ServiceNow collectors, however, at the time of writing this RSA Knowledge Base Article, there have been no such reported failures.
This failure occurs when the Web Service client, (RSA Identity Governance & Lifecycle AFX Connnector) attempts to negotiate an SSL connection using the TLS 1.0 or TLS 1.1 protocol and the Web Services server (ServiceNow) has disabled TLS 1.0 and TLS 1.1 connections and enforces SSL connections over TLS 1.2.
This is a known issue in the following versions.
|Resolution||This issue does not occur in versions of RSA Identity Governance & Lifcycle that use Java 1.8. To resolve this issue, upgrade to a current version of RSA Identity Governance & Lifecycle that uses Java 1.8:|
|Workaround||You may be able to workaround this issue depending on the version by upgrading Java to the latest version supported by your product.|
How to upgrade Java for your specific environment (check the below versions for compatibility before attempting to upgrade Java using one of these methods):
Versions of RSA Identity Governance & Lifecycle where Java can be upgraded:
NOTE: Java1.7.0_1811.7.0_181 is not supported and has not been tested on RSA Identity Governance & Lifecycle 7.0.0 or 7.0.1. RSA does not guarantee that other features of the product will not be affected. Caution should be used when using this work around. RSA reserves the right to request that a customer upgrade to a supported version of the product should they encounter issues.
|Notes||Click here to see the ServiceNow article that describes the timeline for deprecating support for TLS 1.0 and TLS 1.1.|