000035501 - Unable to open any workflow on RSA Identity Governance & Lifecycle 7.0.2 or 7.1.0 when deployed in a clustered environment or on an application server with custom access ports

1. When using a clustered environment where the application server nodes listen only on the hostname/IP address of the server but not on localhost. This is most common in Wildfly clusters, but might also happen on WebSphere and WebLogic according to your application server configuration.
2. When the application server listen port has been changed in the application server settings to anything other than the default ports. Below is a table of the default expected console port for each Application Server type.

Note: The values provided for the parameters ${wp-client-hostname} and ${wp-client-hostport} do not have to be reachable from the end users' browsers. They have to be reachable locally from where the aveksaWFArchiect.ear is deployed to where the aveksa.ear is deployed, which in most cases is the same server.

1. If you are on 7.0.2, apply 7.0.2 P05+ or upgrade to 7.1.0.  
2. If you cannot apply 7.0.2 P05+ or upgrade to 7.1.0, first follow the steps under the Workaround section before proceeding further.
3. Follow one of the steps below, per your application server to set up these JVM parameters.
   
   • 
      

     WildFly

     
     
      
     1. Login as the oracle user via SSH to server that hosts the Identity Governance & Lifecycle WildFly application server (in case of cluster environments, you need to do this for each server).
     2. Edit one of the following files as per you setup:
          
        • Standalone environment: /home/oracle/wildfly/bin/standalone.conf
        • Clustered environment: /home/oracle/wildfly/bin/domain.conf
          
     3. Add the following line to the very end of the file:
          

        JAVA_OPTS="$JAVA_OPTS -Dwp-client-hostname=<Your Identity Governance & Lifecycleinternal server hostname> -Dwp-client-hostport=<Your internal Identity Governance & Lifecycle server HTTP port> "

        
          
      
   • 
      

     WebSphere

     
     
      
     1. In the WebSphere console, to select the server, click Servers > Server types > WebSphere application servers and select the server.
     2. Choose the server used for RSA Identity Governance & Lifecycle.
     3. Under the Configuration tab, select Server Infrastructure > Java and Process Management > Process Definition.
     4. Under Additional Properties, select Java Virtual Machine.
     5. Enter the following under Generic JVM Arguments:
      

6. Save to the master configuration.

• 
  

  WebLogic

  
  Use one of the following methods to set JVM arguments.
  
  

  Note: If you use custom scripts to start the WebLogic application server, these methods might not map to your environment. Consult the WebLogic administrator on how the JVM  settings are set for your environment.

  
  
  
  1. Editing the WebLogic Domain startup environment script. This method is typically used on a standalone system and is required if you are deploying RSA Identity Governance & Lifecycle using the AdminServer instance.
      
     1. Edit the setDomainEnv.sh file for the domain in which you will be deploy RSA Identity Governance & Lifecycle. For example, from $WEBLOGIC_HOME/user_projects/domains/<domain_name>/bin.
     2. Add the following settings near the beginning of the setDomainEnv script, where WL_HOME is set.
          

        JAVA_OPTIONS="$JAVA_OPTIONS -Dwp-client-hostname=<Your RSA Identity Governance & Lifecycle internal server hostname> -Dwp-client-hostport=<Your internal RSA Identity Governance & Lifecycle server HTTP port> "
           export JAVA_OPTIONS

        
          
      
  2. Specifying JVM arguments within the Admin Console for a server instance. This method is typically used when your servers are managed by NodeManager.
      
     1. Log on to the WebLogic console.
     2. Click Environment > Servers and select the server.
     3. On the Configuration tab, click the Server Start tab.
     4. In the Arguments field, add:
      

3. After completing the JVM settings described above, restart the WebLogic application server.

1. You can do the following steps on any machine on which the Java Development Kit 1.7 (JDK 1.7) is installed, and also on which you correctly configured the PATH environmental variables.  Use the Java Tutorial on CLASS and CLASS PATH for reference. The below example uses Windows.
2. Use any application (for example, 7Zip) to extract the RSA Identity Governance & Lifecycle software/patch .tar file to any directory; A directory named Packages is used for the following example.

3. Create a working directory, new_ear, for example.
4. Copy the aveksaWFArchitect.ear file from the extracted tar directory in step 2 to the new_ear directory.
5. Create two temporary directories under new_ear.  For example, ear_dir and jar_dir.

6. Open the Windows command prompt (cmd.exe).
7. Use the following commands  to unzip the aveksaWFArchitect.ear in the temporary ear directory named ear_dir:
   

   
   cd ear_dir
   jar -xvf ..\aveksaWFArchitect.ear

   
   
   
8. Use the followng commands in the command prompt to unzip <ear_dir>\APP-INF\lib\acmConfig.jar in the temporary jar directory named jar_dir:
   

   
   cd ..\jar_dir
   jar -xvf ..\ear_dir\APP-INF\lib\acmConfig.jar

   
   
   
9. Use any text editor (preferably Notepad++) to modify the property values for serverContextPath and client.connect.URL in the properties file <jar_dir>\workpoint-client.properties as follows:

serverContextPath = http://${wp-client-hostname}:${wp-client-hostport}/wpServices
client.connect.URL = http://${wp-client-hostname}:${wp-client-hostport}/wpServices/xml

10. Save the changes to workpoint-client.properties, and close the file.
11. Use the following commands in the command prompt to rebuild the modified acmConfig.ear:
    

    
    cd jar_dir
    jar uvfm ..\ear_dir\APP-INF\lib\acmConfig.jar META-INF\MANIFEST.MF *

    
    
    
12. Use the following commands in the command prompt to rebuild the modified aveksaWFArchitect.ear:
    

    
    cd ..\ear_dir
    jar uvfm ..\aveksaWFArchitect.ear META-INF\MANIFEST.MF *

    
    
    
13. The aveksaWFArchitect.ear in the new_ear directory now has been updated with the changes. You can now follow the steps in the RSA Identity Governance & Lifecycle 7.0.2 Installation Guide specific to your application server, RSA Identity Governance & Lifecycle 7.0.2 - Configuring WildFly Clustering or contact RSA Support to deploy the new aveksaWFArchitect.ear file.
14. Follow the above steps under Resolution to set the values of the newly added JVM parameters.

You will need to perform the above edits to the new aveksaWFArchitect.ear file every time you apply a new patch or upgrade to a version of 7.0.2 that does not yet have a fix.