000038998 - AFX Connectors lose CyberArk Password Vault settings when AFX is restarted in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Jun 10, 2020Last modified by RSA Customer Support Employee on Aug 24, 2020
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000038998
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.1.0, 7.1.1, 7.2.0
 
IssueAFX Connectors that obtain their login credentials from CyberArk Password Vault (Admin > System > Password Vault tab) fail with the following error after an AFX restart:
 
Invalid Credentials


The connector log files ($AFX_HOME/esb/logs) have errors similar to the following (This example is from an LDAP connector):
 

2020-03-18 17:10:22.695 [INFO] org.mule.lifecycle.AbstractLifecycleManager:193 - Starting connector: httpsConnector-endpoint
2020-03-18 17:10:22.825 [ERROR] org.mule.transport.ldapx.LdapxConnector:361 -
LDAPException: Invalid Credentials (49) Invalid Credentials

LDAPException: Server Message: 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 
LDAPException: Matched DN: 
LDAPException: Invalid Credentials (49) Invalid Credentials
LDAPException: Server Message: 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 
LDAPException: Matched DN:


 
CauseThis is a known issue reported in engineering ticket ACM-104735.
 
ResolutionThis issue is resolved in RSA Identity Governance & Lifecycle 7.2.0 P03.
 
WorkaroundEdit each connector after the AFX restart and save the connector definition. The credentials do not need to be modified, saving the existing connector definition resolves the issue (until the next time AFX is restarted.)
 

Attachments

    Outcomes