Active Directory AFX Connector Create Account capability fails when skip certificate validation in RSA Identity Governance & Lifecycle
Originally Published: 2020-04-14
Article Number
Applies To
RSA Version/Condition: 7.1.1
Issue
AFX reports this item failed with code [-1] and message: 'org.mule.api.transformer.TransformerMessagingException: Failed to Create LDAP Context, Check the connection Parameters10.101.251.79:636 (java.lang.Exception). Message payload is of type: String'. If available, another handler will be used to fulfill this item
The Active Directory connector is defined to skip certificate validation (AFX > Connectors > {name of connector} > Settings tab).
The connector log file ($AFX_HOME/esb/logs/AFX-CONN-<name-of-connector>.log) has the following error:
2019-07-31 02:19:40.394 [INFO] org.mule.api.processor.LoggerMessageProcessor:193 -
Active_DirectoryConnector.EXCEPTION flow invoked...
2019-07-31 02:19:40.395 [INFO] org.mule.api.processor.LoggerMessageProcessor:193 - Not account created, no cleanup required!
2019-07-31 02:19:40.460 [INFO] org.mule.api.processor.LoggerMessageProcessor:193 - AFX_OUT redirect flow invoked...
2019-07-31 02:19:40.498 [INFO] org.mule.transport.service.DefaultTransportServiceDescriptor:193 -
Loading default outbound transformer: org.mule.transport.jms.transformers.ObjectToJMSMessage
2019-07-31 02:19:40.500 [INFO] org.mule.transport.service.DefaultTransportServiceDescriptor:193 -
Loading default response transformer: org.mule.transport.jms.transformers.ObjectToJMSMessage
2019-07-31 02:19:40.500 [WARN] com.mulesoft.mule.transport.jms.EeJmsMessageDispatcher:265 - Starting patched JmsMessageReceiver
2019-07-31 02:19:40.502 [INFO] org.mule.lifecycle.AbstractLifecycleManager:193 -
Initialising: 'jmsConnector.dispatcher.1650090192'. Object is: EeJmsMessageDispatcher
2019-07-31 02:19:40.502 [INFO] org.mule.lifecycle.AbstractLifecycleManager:193 -
Starting: 'jmsConnector.dispatcher.1650090192'. Object is: EeJmsMessageDispatcher
2019-07-31 02:21:19.016 [INFO] org.mule.api.processor.LoggerMessageProcessor:193 - Create Account is done
2019-07-31 02:21:19.078 [INFO] org.mule.api.processor.LoggerMessageProcessor:193 - Send ResetPassword command explicitly
2019-07-31 02:21:20.465 [ERROR] org.mule.transport.ldapx.transformers.MessageToModifyRequest:361 - Failed to create LDAPContext
javax.naming.CommunicationException: 10.101.251.79:636 [Root exception is javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: No subject alternative names matching IP address 10.101.251.79 found]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:238)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1609)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
...
Cause
This is a known issue reported in engineering tickets ACM-104246 and ACM-99986.
Resolution
- RSA Identity Governance & Lifecycle 7.1.1 P08
- RSA Identity Governance & Lifecycle 7.2.0.
