000038765 - Generic REST Collector fails with 'Access token has expired' error in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Apr 23, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038765
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.2.0
IssueA working Generic REST Collector fails (Collectors > Collector Type > Collector Name > Collect button.)

The following errors are seen in the aveksaServer.log file ($AVEKSA_HOME/wildfly/standalone/log/aveksaServer.log):

com.aveksa.server.runtime.ServerException: Test request failed with response: com.aveksa.server.runtime.ServerException:
com.aveksa.common.DataReadException: com.aveksa.client.genericrest.GenericRestException:
CONNECTION_FAILED_WITH_STATUS_CODE 401 { "error": { "code": "InvalidAuthenticationToken", "message": "Access token has expired.",
"innerError": { "request-id": "b25694d1-4b31-4e1c-91f7-2c716db96bb6", "date": "2020-04-13T16:03:39" } } } .

Caused by com.aveksa.client.genericrest.GenericRestException:
CONNECTION_FAILED_WITH_STATUS_CODE 401 { "error": { "code": "InvalidAuthenticationToken", "message": "Access token has expired.",
"innerError": { "request-id": "b25694d1-4b31-4e1c-91f7-2c716db96bb6", "date": "2020-04-13T16:03:39" } } }
Caused By Stack
com.aveksa.common.DataReadException: com.aveksa.client.genericrest.GenericRestException:
CONNECTION_FAILED_WITH_STATUS_CODE 401 { "error": { "code": "InvalidAuthenticationToken", "message": "Access token has expired.",
"innerError": { "request-id": "b25694d1-4b31-4e1c-91f7-2c716db96bb6", "date": "2020-04-13T16:03:39" } } }

at com.aveksa.collector.generic.rest.adc.GenericRESTAccountDataIterator.next(GenericRESTAccountDataIterator.java:71)
at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.collectData(AccountDataCollector.java:422)
at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.collect(AccountDataCollector.java:302)
at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.
collectTestData(AccountDataCollector.java:277)
at com.aveksa.client.datacollector.framework.DataCollectorManager.collect(DataCollectorManager.java:481)
at com.aveksa.client.component.collector.DefaultCollectorManager.actUpon(DefaultCollectorManager.java:204)
at com.aveksa.client.component.collector.DefaultCollectorManager.handle(DefaultCollectorManager.java:102)
at com.aveksa.client.component.event.DefaultEventManager.handle(DefaultEventManager.java:75)
at com.aveksa.client.datacollector.framework.SimpleEventSource.notifyListeners(SimpleEventSource.java:67)
at com.aveksa.client.component.communication.DefaultCommunicationManager.notifyEvent(DefaultCommunicationManager.java:377)
at com.aveksa.client.component.communication.ChangeListHandler.applyChanges(ChangeListHandler.java:364)
at com.aveksa.client.component.communication.ChangeListHandler.access$300(ChangeListHandler.java:58)
at com.aveksa.client.component.communication.ChangeListHandler$ChangeApplyingRunnable.run(ChangeListHandler.java:275)
at java.lang.Thread.run(Thread.java:748) Caused by: com.aveksa.client.genericrest.GenericRestException:
CONNECTION_FAILED_WITH_STATUS_CODE 401 { "error": { "code": "InvalidAuthenticationToken", "message": "Access token has expired.",
"innerError": { "request-id": "b25694d1-4b31-4e1c-91f7-2c716db96bb6", "date": "2020-04-13T16:03:39" } } }

at com.aveksa.client.genericrest.GenericRestException.connectionError(GenericRestException.java:108)
at com.aveksa.client.genericrest.postprocessor.impl.GenericRESTPostprocessorImpl.
validateResponse(GenericRESTPostprocessorImpl.java:204)
at com.aveksa.client.genericrest.postprocessor.impl.GenericRESTPostprocessorImpl.
getParsedData(GenericRESTPostprocessorImpl.java:89)
at com.aveksa.client.genericrest.GenericRESTClient.executeTestCollection(GenericRESTClient.java:173)
at com.aveksa.collector.generic.rest.adc.GenericRESTAccountDataIterator.collectAccountData(GenericRESTAccountDataIterator.java:155)
at com.aveksa.collector.generic.rest.adc.GenericRESTAccountDataIterator.next(GenericRESTAccountDataIterator.java:68) ... 13 more
End Stack


Please refer to RSA Knowledge Base Article 000030327 -- Artifacts to gather in RSA Identity Governance & Lifecycle to find the location of the aveksaServer.log for your specific deployment if you are on a WildFly cluster or a non-WildFly platform. The aveksaServer.log may also be downloaded from the RSA Identity Governance & Lifecycle user interface (Admin > System > Server Nodes tab > under Logs.)
 
CauseThe collector fails to refresh the OAuth token after the previous token has expired due to the Response Timeout setting defined in:
 
(Collectors > {Collector Type} > {Collector Name} > Edit > Next > Connection Details > Response Timeout (milliseconds)


This is a known issue reported in engineering ticket ACM-104939.
ResolutionThis issue is being investigated by the Engineering team in order to provide a permanent resolution in a future release. 

Attachments

    Outcomes