This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SecurID® Governance & Lifecycle Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.

Amazon AWS Account Collector fails with 'java.lang.NoClassDefFoundError' on WebSphere in RSA Identity Governance & Lifecycle

Article Number

000039123

Applies To

RSA Product Set: RSA Identity Governance & Lifecycle
RSA Product/Service Type: Enterprise Software
RSA Version/Condition: 7.0.2
Platform/Application Server: WebSphere
 

Issue

The Amazon AWS account collector (Collectors > Account Collectors > {Collector name} > Data Source Type: Amazon AWS) on WebSphere fails in RSA Identity Governance & Lifecycle. The error reported in the aveksaServer.log is dependent on the version of RSA Identity Governance & Lifecycle and WebSphere.
 
Note the location of the aveksaServer.log file on WebSphere is located in a directory similar to the following: (where the specific node name would be different):
 /home/oracle/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/vm-support-11Node01Cell/aveksa.ear/aveksa.war/log. The aveksaServer.log may also be downloaded from the RSA Identity Governance & Lifecycle user interface (Admin > System > Server Nodes tab > under Logs.)

RSA Identity Governance & Lifecycle 7.0.2 through 7.0.2 P10:
 
 at com.amazonaws.internal.config.InternalConfig.<clinit>(InternalConfig.java:43)
 at java.lang.J9VMInternals.initializeImpl(Native Method)
 at java.lang.J9VMInternals.initialize(J9VMInternals.java:235)
 at com.amazonaws.internal.config.InternalConfig$Factory.<clinit>(InternalConfig.java:304)
 at java.lang.J9VMInternals.initializeImpl(Native Method)
 at java.lang.J9VMInternals.initialize(J9VMInternals.java:235)
 at com.amazonaws.util.VersionInfoUtils.userAgent(VersionInfoUtils.java:141)
 at com.amazonaws.util.VersionInfoUtils.initializeUserAgent(VersionInfoUtils.java:136)
 at com.amazonaws.util.VersionInfoUtils.getUserAgent(VersionInfoUtils.java:97)
 at com.amazonaws.ClientConfiguration.<clinit>(ClientConfiguration.java:60)
 at java.lang.J9VMInternals.initializeImpl(Native Method)
 at java.lang.J9VMInternals.initialize(J9VMInternals.java:235)
 at com.amazonaws.ClientConfigurationFactory.getDefaultConfig(ClientConfigurationFactory.java:46)
 at com.amazonaws.ClientConfigurationFactory.getConfig(ClientConfigurationFactory.java:36)
 at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.<init>(AmazonIdentityManagementClient.java:214)
 at com.aveksa.collector.amazonaws.AmazonAWSDataHandler.<init>(AmazonAWSDataHandler.java:49)
 at com.aveksa.collector.amazonaws.AmazonAWSAccountDataHandler.<init>(AmazonAWSAccountDataHandler.java:58)
 at com.aveksa.collector.amazonaws.adc.AmazonAWSAccountDataReader.testConnection(AmazonAWSAccountDataReader.java:93)
 at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.collectData(AccountDataCollector.java:351)
 at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.collect(AccountDataCollector.java:302)
 at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.collectTestData(AccountDataCollector.java:277)
 at com.aveksa.client.datacollector.framework.DataCollectorManager.collect(DataCollectorManager.java:532)
 at com.aveksa.client.component.collector.DefaultCollectorManager.actUpon(DefaultCollectorManager.java:203)
 at com.aveksa.client.component.collector.DefaultCollectorManager.handle(DefaultCollectorManager.java:102)
 at com.aveksa.client.component.event.DefaultEventManager.handle(DefaultEventManager.java:60)
 at com.aveksa.client.datacollector.framework.SimpleEventSource.notifyListeners(SimpleEventSource.java:67)
 at com.aveksa.client.component.communication.DefaultCommunicationManager.notifyEvent(DefaultCommunicationManager.java:377)
 at com.aveksa.client.component.communication.ChangeListHandler.applyChanges(ChangeListHandler.java:364)
 at com.aveksa.client.component.communication.ChangeListHandler.access$300(ChangeListHandler.java:58)
 at com.aveksa.client.component.communication.ChangeListHandler$ChangeApplyingRunnable.run(ChangeListHandler.java:275)
 at java.lang.Thread.run(Thread.java:798)
Caused by:
java.lang.ClassNotFoundException: com.fasterxml.jackson.databind.ObjectMapper
 at java.net.URLClassLoader.findClass(URLClassLoader.java:602)
 at com.ibm.ws.bootstrap.ExtClassLoader.findClass(ExtClassLoader.java:243)
 at java.lang.ClassLoader.loadClassHelper(ClassLoader.java:777)
 at java.lang.ClassLoader.loadClass(ClassLoader.java:754)
 at com.ibm.ws.bootstrap.ExtClassLoader.loadClass(ExtClassLoader.java:134)
 at java.lang.ClassLoader.loadClass(ClassLoader.java:731)
 at com.ibm.ws.classloader.ProtectionClassLoader.loadClass(ProtectionClassLoader.java:62)
 at com.ibm.ws.classloader.ProtectionClassLoader.loadClass(ProtectionClassLoader.java:58)
 at com.ibm.ws.classloader.CompoundClassLoader.loadClass(CompoundClassLoader.java:586)
 at java.lang.ClassLoader.loadClass(ClassLoader.java:731)
 ... 31 more
RSA Identity Governance & Lifecycle 7.0.2 P11+ and WebSphere lower than version 8.5.5.9:
java.lang.NoSuchFieldError: org/apache/http/conn/ssl/AllowAllHostnameVerifier.INSTANCE
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.<clinit>(SSLConnectionSocketFactory.java:144)
at com.amazonaws.http.apache.client.impl.ApacheConnectionManagerFactory.getPreferredSocketFactory(ApacheConnectionManagerFactory.java:87)
at com.amazonaws.http.apache.client.impl.ApacheConnectionManagerFactory.create(ApacheConnectionManagerFactory.java:65)
at com.amazonaws.http.apache.client.impl.ApacheConnectionManagerFactory.create(ApacheConnectionManagerFactory.java:58)
at com.amazonaws.http.apache.client.impl.ApacheHttpClientFactory.create(ApacheHttpClientFactory.java:51)
at com.amazonaws.http.apache.client.impl.ApacheHttpClientFactory.create(ApacheHttpClientFactory.java:39)
at com.amazonaws.http.AmazonHttpClient.<init>(AmazonHttpClient.java:282)
at com.amazonaws.AmazonWebServiceClient.<init>(AmazonWebServiceClient.java:164)
at com.amazonaws.AmazonWebServiceClient.<init>(AmazonWebServiceClient.java:153)
at com.amazonaws.AmazonWebServiceClient.<init>(AmazonWebServiceClient.java:138)
at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.<init>(AmazonIdentityManagementClient.java:234)
at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.<init>(AmazonIdentityManagementClient.java:214)
at com.aveksa.collector.amazonaws.AmazonAWSDataHandler.<init>(AmazonAWSDataHandler.java:49)
at com.aveksa.collector.amazonaws.AmazonAWSAccountDataHandler.<init>(AmazonAWSAccountDataHandler.java:58)
at com.aveksa.collector.amazonaws.adc.AmazonAWSAccountDataReader.testConnection(AmazonAWSAccountDataReader.java:93)
at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.collectData(AccountDataCollector.java:351)
at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.collect(AccountDataCollector.java:302)
at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.collectTestData(AccountDataCollector.java:277)
at com.aveksa.client.datacollector.framework.DataCollectorManager.collect(DataCollectorManager.java:532)
at com.aveksa.client.component.collector.DefaultCollectorManager.actUpon(DefaultCollectorManager.java:203)
at com.aveksa.client.component.collector.DefaultCollectorManager.handle(DefaultCollectorManager.java:102)
at com.aveksa.client.component.event.DefaultEventManager.handle(DefaultEventManager.java:60)
at com.aveksa.client.datacollector.framework.SimpleEventSource.notifyListeners(SimpleEventSource.java:67)
at com.aveksa.client.component.communication.DefaultCommunicationManager.notifyEvent(DefaultCommunicationManager.java:377)
at com.aveksa.client.component.communication.ChangeListHandler.applyChanges(ChangeListHandler.java:364)
at com.aveksa.client.component.communication.ChangeListHandler.access$300(ChangeListHandler.java:58)
at com.aveksa.client.component.communication.ChangeListHandler$ChangeApplyingRunnable.run(ChangeListHandler.java:275)
at java.lang.Thread.run(Thread.java:853)
 

Cause

This is a known issue reported in engineering ticket ACM-96764.
 
This issue occurs because WebSphere packs an old version of the Apache HTTP Client library in the installation, which they fixed in version 8.5.5.9 only. For more information, see PI50993:Apache HTTPComponents vulnerabilities in WebSphere Application Server (CVE-2012-6153, CVE-2014-3577).
 

Resolution

This issue is resolved in the following RSA Identity Governance & Lifecycle versions and patch levels and WebSphere version:
  • RSA Identity Governance & Lifecycle 7.0.2 P11 and WebSphere 8.5.5.9
  • RSA Identity Governance & Lifecycle 7.1.0 and WebSphere 8.5.5.9
Note that both RSA Identity Governance & Lifecycle and WebSphere need to be upgraded to specific versions to resolve this issue.
 

Workaround

WebSphere provides a utility to use shared libraries which can be used to add libraries to an application without updating the application EAR files. RSA Identity Governance & Lifecycle uses the same utility and creates a shared library with the required JARs and associates these same libraries with the aveksa.ear application. To perform this procedure:
  1. Log in to the WebSphere Administration Console as admin.
  2. Under Environment, navigate to Shared Libraries.
Image descriptionImage description
  1. Select the scope of the library and create a New Library.
Image descriptionImage description
In the screenshot, /opt/IBM/shared is the class path which is configured to contain the libraries. This can be any directory that can contain the required libraries as noted in the following table. Note that the workaround is dependent on the versions of both RSA Identity Governance & Lifecycle and WebSphere. Find your version of RSA Identity Governance & Lifecycle and WebSphere in the table below and configure the shared libraries as noted.
RSA Identity Governance & Lifecycle Version
Libraries to be kept in Shared library location for
WebSphere Version < 8.5.5.9
Libraries to be kept in Shared library location for
WebSphere version 8.5.5.9 and above.
7.0.2 versions prior to P11
jackson-annotations-2.6.6.jar
jackson-databind-2.6.6.jar
jackson-core-2.6.6.jar
httpclient-4.5.1.jar
httpcore-4.4.3.jar
jackson-annotations-2.6.6.jar
jackson-databind-2.6.6.jar
jackson-core-2.6.6.jar
7.0.2 P11 and above
httpclient-4.5.1.jar
httpcore-4.4.3.jar
The collector should work without this workaround.
Select the Use an isolated class loader for this shared library option.
  1. Save the configuration into the master configuration.
  2. Once you create the shared library and store the required JARs in the configured location, navigate to Application > Application Types > WebSphere Enterprise Applications.
  3. Click on aveksa.
  4. In the References section, click on Shared Library References.
  5. Select aveksa and click Reference Shared libraries.
Image descriptionImage description
  1. Map the created shared library and click OK.
Image descriptionImage description
  1. After saving the changes, restart the server using the following commands:
stopServer.sh
startServer.sh

 
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 09:47 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.