000034800 - RSA Identity Governance and Lifecycle Review Details link ($reviewDetailURL) in Reviewer Email gets "The request could not be handled" error

Document created by RSA Customer Support Employee on May 30, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000034800
Applies ToRSA Product Set: RSA Via Lifecycle and Governance
RSA Product/Service Type: Appliance
RSA Version/Condition: 7.0.0
Platform: Linux
  • For a Group Review, when the Review becomes active, emails (via event templates) are sent to Reviewers.
  • For these emails, the {$reviewDetailURL} variable has been configured in the email template.
  • As a result, the generated URL may look like this: 

  • However, when the Reviewer clicks on the link, the following error is returned:
The request could not be handled

User-added image

  • The following message may also be found in the aveksaServer.log.
02/02/2017 18:31:08.174 WARN (default task-55) [com.aveksa.gui.core.GuiFramework] No CSRF guard token was found in the submitted request. 
This may indicate an attack on the server. Request is blocked.

CauseThis issue has been logged as defect ACM-72056 (Bad URL for Group Review {$reviewDetailURL} variable).  The cause is the bad formulation of the reviewDetailURL variable for the email template.  This is also why the "No CSRF guard token was found in the submitted request" warning is issued and the request fails.
ResolutionAt the time of writing, there is no fix for this problem.
WorkaroundManually substitute the bad PageID value in the URL by changing the text UserReviewSummaryWizard to GroupReviewSummaryWizard, as shown below:
Change from https://server1.company1.com/aveksa/main?Oid=100&ReqType=Dialog&ObjectClass=com.aveksa.gui.objects.review.GuiReview&PageID=UserReviewSummaryWizard&Action=New&ReviewUserSignOff=false&TableID=MyPendingReviewsSummaryTable
Change to https://server1.company1.com/aveksa/main?Oid=100&ReqType=Dialog&ObjectClass=com.aveksa.gui.objects.review.GuiReview&PageID=GroupReviewSummaryWizard&Action=New&ReviewUserSignOff=false&TableID=MyPendingReviewsSummaryTable
NotesSee The request could not be handled" error when reviewer clicks on "View Review."