AFX Connectors lose CyberArk Password Vault settings when AFX is restarted in RSA Identity Governance & Lifecycle

2 years ago

Originally Published: 2020-06-10

Article Number

000041761

Applies To

RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.1.0, 7.1.1, 7.2.0

Issue

AFX Connectors that obtain their login credentials from CyberArk Password Vault (Admin > System > Password Vault tab) fail with the following error after an AFX restart:

Invalid Credentials

The connector log files ($AFX_HOME/esb/logs) have errors similar to the following (This example is from an LDAP connector):

2020-03-18 17:10:22.695 [INFO] org.mule.lifecycle.AbstractLifecycleManager:193 - Starting connector: httpsConnector-endpoint
2020-03-18 17:10:22.825 [ERROR] org.mule.transport.ldapx.LdapxConnector:361 - 
LDAPException: Invalid Credentials (49) Invalid Credentials
LDAPException: Server Message: 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 
LDAPException: Matched DN: 
LDAPException: Invalid Credentials (49) Invalid Credentials
LDAPException: Server Message: 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 
LDAPException: Matched DN:

Cause

This is a known issue reported in engineering ticket ACM-104735.

Resolution

This issue is resolved in RSA Identity Governance & Lifecycle 7.2.0 P03.

Workaround

Edit each connector after the AFX restart and save the connector definition. The credentials do not need to be modified, saving the existing connector definition resolves the issue (until the next time AFX is restarted.)

Don't see what you're looking for?

Related Articles

Trending Articles