000015319 - Events from RSA AIMS solution not propagating to RSA Archer system

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015319
IssueEvents from RSA AIMS solution not propagating to RSA Archer system.
RCF logging, 'INFO' level logging via 'logging.properties' file RCF server, will show following errors:


Feb 4, 2014 1:26:35 PM com.rsa.connector.framework.plugin.ApplicationRequestHandler
SEVERE: Application aims has reported error while processing request queue item#1. This request is set for reprocessing.
com.rsa.connector.framework.components.datastore.archer.exception.ArcherComunicationException: javax.xml.ws.WebServiceException: org.apache.cxf.binding.soap.SoapFault: Server was unable to process request. ---> Unable to login with specified credentials
    at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.login(ArcherWSHelper.java:506)
    at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.getSessionToken(ArcherWSHelper.java:483)
    at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.callArcher(ArcherWSHelper.java:397)
    at com.rsa.connector.framework.components.datastore.archer.ArcherDataStore.findApplicationID(ArcherDataStore.java:1285)
    at com.rsa.connector.framework.components.datastore.archer.ArcherDataStore.putData(ArcherDataStore.java:440)
    at com.rsa.connector.framework.components.datastore.archer.ArcherDataStore.handleData(ArcherDataStore.java:385)
    at com.rsa.connector.plugin.soc.SOCManagementService.onApplicationDataReceived(SOCManagementService.java:67)
    at com.rsa.connector.plugin.service.AbstractRsaConnectorService.processDataHandlingRequest(AbstractRsaConnectorService.java:99)
    at com.rsa.connector.framework.plugin.ApplicationRequestHandler.execute(ApplicationRequestHandler.java:177)
    at com.rsa.connector.framework.plugin.ApplicationRequestHandler.access$400(ApplicationRequestHandler.java:30)
    at com.rsa.connector.framework.plugin.ApplicationRequestHandler$QueueWorker.run(ApplicationRequestHandler.java:249)
Caused by: javax.xml.ws.WebServiceException: org.apache.cxf.binding.soap.SoapFault: Server was unable to process request. ---> Unable to login with specified credentials
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:144)
    at $Proxy43.createUserSessionFromInstance(Unknown Source)
    at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.login(ArcherWSHelper.java:499)
    ... 10 more
Caused by: org.apache.cxf.binding.soap.SoapFault: Server was unable to process request. ---> Unable to login with specified credentials
    at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
    at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
    at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
    at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:99)
    at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
    at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
    at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:700)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2261)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2134)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1988)
    at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
    at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:639)
    at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:487)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
    ... 12 more

 
CauseEndpoint configuration used RCF AIMS application does not have correct RSA Archer log-on credentials.
ResolutionTo fix this issue:

1 - Log on to RCF server used by RSA Security Analytics for event escalation.

2 - Connect to RCF Shell utility and that will require RCF Shell credentials established at initial install.

3 - Execute 'List-apps' command, and note down 'Application ID' for AIMS application. By default 'Application ID' is set to 'aims'.

4 - Execute 'List-endpoints aims' command, and note down 'Endpoint Name'. By default 'Endpoint Name' is set to 'Archer'.

5 - Now to change credentials for AIMS endpoint, execute 'change-endpoint-cred' and following values at the prompt. Application ID from step# 3, Endpoint Name from step# 4, RSA Archer user credentials with proper rights / permissions to 'Incident Management' solution and its modules / applications.

6 - Confirm changes to 'Endpoint' configuration.

7 - Execute 'list-apps' command and confirm that RCF AIMS application is in 'Started' state.

8 - Close 'RCF shell' utility and proceed to restarting  'RSA Connector Framework' services.


Please go ahead and trigger events in RSA Security Analytics. Confirm RCF connector logs for propagation of events into RSA Archer system.
Legacy Article IDa64032

Attachments

    Outcomes