000034800 - RSA Identity Governance and Lifecycle Review Details link ($reviewDetailURL) in Reviewer Email gets "The request could not be handled" error

Document created by RSA Customer Support Employee on May 30, 2017Last modified by RSA Customer Support on Aug 15, 2019
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034800
Applies ToRSA Product Set: Identity Governance & Lifecycle 
RSA Version/Condition: 7.0.2, 7.1.0

IssueFor a Group Review, when the Review becomes active, emails (via event templates) are sent to Reviewers. For these emails, the {$reviewDetailURL} variable has been configured in the email template. As a result, the generated URL may look like this: 

However, when the Reviewer clicks on the link, the following error is returned:
The request could not be handled

User-added image

The following message may also be found in the aveksaServer.log.

02/02/2017 18:31:08.174 WARN (default task-55) [com.aveksa.gui.core.GuiFramework] 
No CSRF guard token was found in the submitted request.
This may indicate an attack on the server. Request is blocked.

CauseThis is a known issue reported in engineering ticket ACM-72056. The problem is the bad formulation of the reviewDetailURL variable for the email template.  
ResolutionThis issue is resolved in the following RSA Identity Governance & Lifecycle patches:
  • RSA Identity Governance & Lifecycle 7.0.2 P08
  • RSA Identity Governance & Lifecycle 7.1.0 P01
WorkaroundManually substitute the bad PageID value in the URL by changing the text UserReviewSummaryWizard to GroupReviewSummaryWizard, as shown below. Change