000017518 - RSA FIM error 'The specified role is not defined in Entity'

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017518
Applies ToRSA Federated Identity Manger (FIM) 4.1
This error should not occur if the default FIM endpoints are used.  This error indicates that the partner is trying to initiate SLO (Single Log Out) as an SP against the SP SLO endpoint URL, or as and IDP against the IDP endpoint URL.   FIM cannot identify the SLO request as the endpoint is not correct for the SP role (or IDP role).
IssueRSA FIM error "The specified role is not defined in Entity"
The following stack trace is thrown in the system.log and debug.log:
om.rsa.fim.profile.logout.LogoutProfileException: Exception encountered at the top-level of the profile bean: The specified role is not defined in Entity
at com.rsa.fim.profile.logout.LogoutHelper.handleThrowable(LogoutHelper.java:1181)
at com.rsa.fim.profile.logout.LogoutProfileBean.processLogoutRequest(LogoutProfileBean.java:517)
at com.rsa.fim.profile.common.FIMProfileBean.processLogoutRequest(FIMProfileBean.java:134)
at com.rsa.fim.profile.common.FIMProfile_mzkd72_EOImpl.processLogoutRequest(FIMProfile_mzkd72_EOImpl.java:589)
at com.rsa.fim.servlet.logout.LogoutService.doGet(LogoutService.java:66)
at com.rsa.fim.servlet.logout.LogoutService.doPost(LogoutService.java:120)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:226)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:124)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at com.rsa.fim.servlet.FIMGenericServletFilter.doFilter(FIMGenericServletFilter.java:38)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3393)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2140)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2046)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1366)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)
Caused by: com.rsa.fim.exception.ProfileException: The specified role is not defined in Entity
at com.rsa.fim.profile.util.ProfileHelper.nullCheck(ProfileHelper.java:2088)
at com.rsa.fim.profile.util.ProfileHelper.getPartnerAsyncEndpoint(ProfileHelper.java:2035)
at com.rsa.fim.profile.logout.LogoutHelper.getPartnerAsyncLogoutEndpoint(LogoutHelper.java:342)
at com.rsa.fim.profile.logout.LogoutHelper.getLogoutService(LogoutHelper.java:899)
at com.rsa.fim.profile.logout.LogoutProfileBean.processLogoutRequest(LogoutProfileBean.java:387)
... 21 more
ResolutionDelete the entity and create the entity again using the default FIM endpoints.  Customers should not edit the SLO endpoints manually. 
The SP (Service Provider) SLO endpoint is defined as /slo/request/AP instead of the default /slo/request/RP   
Legacy Article IDa66379

Attachments

    Outcomes