Error while importing RSA Identity Management and Governance Collector metadata: java.lang.IllegalStateException: An issue while handling encryption was encountered
4 years ago
Originally Published: 2016-12-30
Article Number
000040220
Applies To
RSA Product Set: Identity Management and Governance
RSA Version/Condition: 6.9.x, 7.0.x
 
Issue
When importing a metadata file through the User Interface from Admin > Import/Export, that has been exported from another RSA Identity Management and Governance server, the export fails with the following error in the aveksaServer.log: 
05/24/2016 04:17:44.121 ERROR (default task-47) [com.aveksa.server.export.ExportImportConverter] unmarshal
com.aveksa.server.runtime.ServerException: ExportedRoleDataCollector: error
        at com.aveksa.server.export.proxy.ProxyObject.toServerException(ProxyObject.java:148)
        at com.aveksa.server.export.proxy.ProxyObject.toServerException(ProxyObject.java:156)
        at com.aveksa.server.export.proxy.ExportedRoleDataCollector.normalizeAndPersist(ExportedRoleDataCollector.java:80)
        at com.aveksa.server.export.proxy.ProxyObject.unmarshall(ProxyObject.java:63)
        at com.aveksa.server.export.ExportImportConverter.unmarshal(ExportImportConverter.java:118)
        at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72)
        at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66)
        at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50)
        at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:134)
        at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)
        at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1058)
        at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1030)
        at com.thoughtworks.xstream.XStream$2.readFromStream(XStream.java:1723)
        at com.thoughtworks.xstream.core.util.CustomObjectInputStream.readObjectOverride(CustomObjectInputStream.java:104)
        at java.io.ObjectInputStream.readObject(ObjectInputStream.java:364)
        at com.aveksa.server.export.ExportImportController.importMetadata(ExportImportController.java:114)
        at com.aveksa.gui.pages.admin.metadata.edit.general.ImportTablePage.processTable(ImportTablePage.java:65)
        at com.aveksa.gui.pages.admin.metadata.edit.general.ImportWizard.processTable(ImportWizard.java:139)
        at com.aveksa.gui.pages.admin.metadata.edit.CommonPromptPage.handleSubmit(CommonPromptPage.java:54)
        at com.aveksa.gui.pages.admin.metadata.edit.general.ImportPromptPage.handleSubmit(ImportPromptPage.java:55)
        at com.aveksa.gui.pages.base.data.wizard.StepWizardDialogData.handleRequest(StepWizardDialogData.java:113)
        at com.aveksa.gui.pages.PageManager.forwardRequest(PageManager.java:577)
        at com.aveksa.gui.pages.PageManager.handleRequest(PageManager.java:341)
        at com.aveksa.gui.pages.PageManager.handleRequest(PageManager.java:272)
        at com.aveksa.gui.core.MainManager.handleRequest(MainManager.java:177)
        at com.aveksa.gui.core.MainManager.doGet(MainManager.java:126)
        at com.aveksa.gui.core.MainManager.doPost(MainManager.java:412)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
        at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)
        at com.aveksa.gui.core.filters.LoginFilter.doFilter(LoginFilter.java:53)
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
        at com.aveksa.gui.util.security.XSSFilter.doFilter(XSSFilter.java:20)
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
        at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
        at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61)
        at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
        at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
        at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
        at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63)
        at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
        at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
        at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
        at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
        at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
        at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:172)
        at java.security.AccessController.doPrivileged(Native Method)
        at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:169)
        at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
        at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalStateException: An issue with handling encryption was encountered
        at com.aveksa.common.crypto.EncryptionMgr.decrypt(EncryptionMgr.java:501)
        at com.aveksa.server.utils.PasswordTypePropertyHandler.convertPassword(PasswordTypePropertyHandler.java:93)
        at com.aveksa.server.utils.PasswordTypePropertyHandler.managePasswordTypeProperties(PasswordTypePropertyHandler.java:63)
        at com.aveksa.server.core.DataCollector.managePasswordTypeProperties(DataCollector.java:963)
        at com.aveksa.server.core.DataCollector.setBaseDataCollectorVO(DataCollector.java:387)
        at com.aveksa.server.core.RoleDataCollector.getRoleDataCollectorVO(RoleDataCollector.java:163)
        at com.aveksa.server.export.proxy.ExportedRoleDataCollector.normalizeAndPersist(ExportedRoleDataCollector.java:58)
        ... 64 more
Caused by: com.aveksa.common.crypto.EncryptionException: Value to be decrypted has no associated encryptor for its 
embedded key version: keyVersion[XyZ]; Value[ENCAQcV(XyZ...)]
 -- Check that the security key file is not missing
        at com.aveksa.common.crypto.EncryptionMgr.decrypt(EncryptionMgr.java:495)
        ... 70 more
Cause
The security mechanisms in RSA Identity Management and Governance have changed beginning in 6.9.1 to eliminate passwords stored in clear text and to improve encryption key handling to be more secure and robust. Due to these changes the import of exported metadata from a different server will fail.
Workaround
The solution for using the import option is to manually remove the encrypted password from the exported XML metadata file before importing and then setting the password through the user interface, once the object is imported in the new environment.
 
Notes
Improvements are anticipated in future releases to give a warning to reenter the password and not fail with an error on the import.

Related Articles

Trending Articles

Don't see what you're looking for?