Authentication behavior of the Email Fulfillment Handler node used in RSA Identity Governance & Lifecycle Email Fulfillment Handler workflow
3 years ago
Originally Published: 2019-04-17
Article Number
000046531
Applies To
RSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.0.2, 7.1.0
 
Issue
When using the Email Fulfillment Handler workflow to fulfill requests, the server section of the Fulfillment Handler node requires a username and password for authenticating to the SMTP server. These values may not be blank. If they are left blank, the workflow cannot be saved.
 
User-added image

If the SMTP server does not require authenticated connections, it will reject the username and password, the workflow will fail, the change request will go into an error state and no email will be sent.
 
User-added image
 
This message can be seen in the aveksaServer.log: 
com.sun.mail.smtp.SMTPAddressFailedException: 554 5.7.1 : Client host rejected: Access denied
 

NOTE: SMTP code 554 5.7.1 is a rejection from the Recipient Domain. SMTP code 554 5.7.1 means Not allowed. The address in Mail From appears to have insufficient submission rights, or is invalid, or is not authorized with the authentication used.

Cause
The SMTP server does not require authenticated connections and cannot authenticate a username and password. In this case, it would be appropriate to send a null username and password but RSA Identity Governance & Lifecycle requires that a username and password be defined in the workflow definition.
Resolution
Product enhancement request ACM-82487 has been submitted to allow the username and password fields of the email fulfillment node to be null. 

Product enhancement requests are evaluated by Product Management to determine when/if they will be added in a future release. 

Related Articles

Trending Articles

Don't see what you're looking for?