000039033 - AFX Connectors remain in a Not Deployed state after patching or upgrading RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Jun 23, 2020Last modified by RSA Customer Support Employee on Aug 25, 2020
Version 21Show Document
  • View in full screen mode

Article Content

Article Number000039033
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.1.1 P07+, 7.2.0 P01+
IssueCertain AFX Connector types fail to deploy after patching or upgrading RSA Identity Governance & Lifecycle. The connectors remain in a Not Deployed status in RSA Identity Governance & Lifecycle under AFX > Connectors.

It is not known at this time how many connector types are affected. We have seen this problem with the following connector types:
  • Generic SSH Connectors
  • Office365 Connectors
For example, below is the state of an Office365 Connector after patching to 7.2.0 P01:

User-added image

The following error message is displayed in the user interface when using the Test Connector Settings button.

java.io.IOException: Auth cancel
at net.sf.commons.ssh.jsch.JschConnectionFactory.connectUsingPassword(JschConnectionFactory.java:82)

The following error is logged to the aveksaServer.log file ($AVEKSA_HOME/wildfly/standalone/log/aveksaServer.log):

06/15/2020 17:19:26.641 ERROR (default task-2) [com.aveksa.afx.server.service.handler.AFXPrimaryRequestHandler]
Exception putting together connector deployment for <Connector name>
at java.lang.String.replace(String.java:2240)
at com.aveksa.afx.server.service.handler.flow.EndpointSubstitutor.substituteCodes(EndpointSubstitutor.java:233)
at com.aveksa.afx.server.service.handler.flow.EndpointSubstitutor.substitute(EndpointSubstitutor.java:106)
at com.aveksa.afx.server.service.handler.AFXPrimaryRequestHandler.processConnectors(AFXPrimaryRequestHandler.java:284)
at com.aveksa.afx.server.service.handler.AFXPrimaryRequestHandler.processRequest(AFXPrimaryRequestHandler.java:42)
at com.aveksa.afx.plugin.integration.service.AFXRequestDispatcherProvider.dispatchRequest(AFXRequestDispatcherProvider.java:51)
at com.aveksa.afx.AFXServlet.doPost(AFXServlet.java:24)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)

Please refer to RSA Knowledge Base Article 000030327 -- Artifacts to gather in RSA Identity Governance & Lifecycle to find the location of the aveksaServer.log for your specific deployment, if you are on a WildFly cluster or a non-WildFly platform. The aveksaServer.log may also be downloaded from the RSA Identity Governance & Lifecycle user interface (Admin > System > Server Nodes tab > under Logs.)
CauseThis is a known issue reported in engineering ticket ACM-105907 and effects RSA Identity Governance & Lifecycle versions 7.1.1 P07 and higher and 7.2.0 P01 and higher.

This issue occurs when the physical word Password or password is used as a reference or part of a reference in the Command Code section of the connector capability definition. (AFX > Connectors > {Connector name} > Edit > Capability tab.)
ResolutionThis issue is resolved in RSA Identity Governance & Lifecycle 7.2.0 P03.
WorkaroundTo workaround this issue, remove any reference to Password or password in the Command Code sectionFor example, in the connector definition below the terms dcPass1 and dcPass2 have been substituted for dcPassword1 and dcPassword2 which would cause the connector to fail because the word Password was embedded in the references.
User-added image