SecurID® Governance & Lifecycle Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.
Article Number
000038812
Applies To
RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.1.1, 7.2.0
RSA Version/Condition: 7.1.1, 7.2.0
Issue
After creating a Salesforce AFX Connector and verifying that a test of the connector successfully obtains an OAuth2 token as in the example below, provisioning to the endpoint using the new SalesForce AFX Connector fails when used the next day.
Image descriptionThe AFX connector log file ($AFX_HOME/esb/logs/esb.AFX-CONN-SalesforceConnector_<date>.log) has the following error:
2020-02-20 15:54:10.705 [ERROR] com.aveksa.AFX.server.runtime.esb.salesforce.service.UserSalesforceServiceImpl:361 -
Add Account to group failed due to following error: com.aveksa.AFX.server.runtime.esb.salesforce.service.SalesforceException: Unauthorized User:
Error code returned: 401 [{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]
com.aveksa.AFX.server.runtime.esb.salesforce.service.SalesforceException: Unauthorized User:
Error code returned: 401 [{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]
at com.aveksa.AFX.server.runtime.esb.salesforce.service.SalesforceService.getStream(SalesforceService.java:277)
at com.aveksa.AFX.server.runtime.esb.salesforce.service.SalesforceService.getEntityIdByName(SalesforceService.java:331)
at com.aveksa.AFX.server.runtime.esb.salesforce.service.UserSalesforceServiceImpl.addAccountToGroup(UserSalesforceServiceImpl.java:178)
at com.aveksa.AFX.server.runtime.esb.salesforce.esb.SalesforceComponent.onCall(SalesforceComponent.java:105)
at org.mule.model.resolvers.CallableEntryPointResolver.invoke(CallableEntryPointResolver.java:46)
at org.mule.model.resolvers.DefaultEntryPointResolverSet.invoke(DefaultEntryPointResolverSet.java:36)
at org.mule.component.DefaultComponentLifecycleAdapter.invoke(DefaultComponentLifecycleAdapter.java:339)
at org.mule.component.AbstractJavaComponent.invokeComponentInstance(AbstractJavaComponent.java:82)
at org.mule.component.AbstractJavaComponent.doInvoke(AbstractJavaComponent.java:73)
at org.mule.component.AbstractComponent.invokeInternal(AbstractComponent.java:122)
at org.mule.component.AbstractComponent.access$000(AbstractComponent.java:57)
at org.mule.component.AbstractComponent$1$1.process(AbstractComponent.java:238)
The aveksaServer.log file ($AVEKSA_HOME/wildfly/standalone/log/aveksaServer.log) has a related error:
02/27/2020 09:29:56.618 ERROR (pool-700-thread-1) [com.aveksa.server.core.oauth2.OAuth2Handler]
Error occured while generating access token from refresh token
java.net.ConnectException: Connection timed out (Connection timed out)
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:673)
at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:477)
at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:153)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:81)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:126)
at com.aveksa.common.tls.CustomSecureProtocolSocketFactory.createSocket(CustomSecureProtocolSocketFactory.java:57)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:706)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:386)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
at com.aveksa.server.core.oauth2.OAuth2Handler.getTokenFromRefreshToken(OAuth2Handler.java:192)
at com.aveksa.server.core.oauth2.OAuth2ServiceProvider.getAccessTokenUsingRefreshToken(OAuth2ServiceProvider.java:158)
at com.aveksa.gui.util.oauth2.TokenExpiryHandler.run(TokenExpiryHandler.java:50)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
(...)
Please refer to RSA Knowledge Base Article 000030327 -- Artifacts to gather in RSA Identity Governance & Lifecycle to find the location of the aveksaServer.log file for your specific deployment if you are on a WildFly cluster or a non-WildFly platform. The aveksaServer.log may also be downloaded from the RSA Identity Governance & Lifecycle user interface (Admin > System > Server Nodes tab > under Logs.)
Cause
This is a known issue reported in engineering ticket ACM-104033.
Resolution
This issue is resolved in the following RSA Identity Governance & Lifecycle patch levels:
- RSA Identity Governance & Lifecycle 7.1.1 P08
- RSA Identity Governance & Lifecycle 7.2.0 P02
In this article
