Article Number
000035501
Applies To
RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.0.2, 7.1.0
Platform: WildFly, WebSphere, WebLogic
Issue
An attempt to open the Workflow Editor in RSA Identity Governance & Lifecycle 7.0.2 or 7.1.0 fails with any of the following errors:
Could not connect to HTTP invoker remote service at
[http://localhost:9080/wpServices/ServerConfigService]; nested exception is
java.net.ConnectException: Connection refused
Image descriptionCould not access HTTP invoker remote service at [http://node1:9080/wpServices
/ServerConfigService]; nested exception is java.net.UnknownHostException: server1
Image description
Cause
This a known issue under "Known Issues and Limitations" in the
RSA Identity Governance & Lifecycle 7.0.2 Release Notes under ID
ACM-72065 as well as the standard
RSA Identity Governance & Lifecycle 7.1 documentation.
This error can occur in more than one case:
- When using a clustered environment where the application server nodes listen only on the hostname/IP address of the server but not on localhost. This is most common in Wildfly clusters but might also happen on WebSphere and WebLogic according to your application server configuration.
- When the application server listen port has been changed in the application server settings to anything other than the default ports. Below is a table of the default expected console port for each Application Server type.
Application Server | Default Port |
---|
WildFly | 8080 |
WebSphere | 9080 |
WebLogic | 7001 |
Resolution
This problem is fixed in 7.0.2 P05 and 7.1.0 as the new aveksaWFArchitect.ear file has built in JVM parameters
${wp-client-hostname} and
${wp-client-hostport} that can be used to specify the hostname and ports of each node. As of 7.1.1 we can leverage an additional parameter,
${wp-client-protocol}.
Note: The values provided for the parameters ${wp-client-hostname}, ${wp-client-hostport}, and ${wp-client-protocol} do not have to be reachable from the end users' browsers. They have to be reachable locally from where the aveksaWFArchiect.ear is deployed to where the aveksa.ear is deployed, which in most cases is the same server.
To resolve this issue follow the steps below:
- If you are on 7.0.2, apply 7.0.2 P05+ or upgrade to 7.1.0.
- If you cannot apply 7.0.2 P05+ or upgrade to 7.1.0, first follow the steps under the Workaround section before proceeding further.
- Follow one of the steps below, per your application server to set up these JVM parameters.
-
WildFly
- Login as the oracle user via SSH to a server that hosts the Identity Governance & Lifecycle WildFly application (in case of cluster environments, you need to do this for each server).
- Edit one of the following files as per you setup:
- Standalone environment: /home/oracle/wildfly/bin/standalone.conf
- Clustered environment: /home/oracle/wildfly/bin/domain.conf
- Add the following line to the very end of the file:
JAVA_OPTS="$JAVA_OPTS -Dwp-client-hostname=<Your Identity Governance & Lifecycleinternal server hostname> -Dwp-client-hostport=<Your internal Identity Governance & Lifecycle server HTTP port> "
(7.1.1 only) additionally, you can add:
-Dwp-client-protocol=<protocol>
-
WebSphere
- In the WebSphere console, to select the server, click Servers > Server types > WebSphere application servers and select the server.
- Choose the server used for RSA Identity Governance & Lifecycle.
- Under the Configuration tab, select Server Infrastructure > Java and Process Management > Process Definition.
- Under Additional Properties, select Java Virtual Machine.
- Enter the following under Generic JVM Arguments:
-Dwp-client-hostname=<Your internal RSA Identity Governance & Lifecycle server hostname>
-Dwp-client-hostport=<Your internal RSA Identity Governance & Lifecycle server HTTP port>
(7.1.1+) -Dwp-client-protocol=<protocol>
- Save to the master configuration.
-Dwp-client-hostname=<Your internal Identity Governance & Lifecycle server hostname>
-Dwp-client-hostport=<Your internalIdentity Governance & Lifecycle server HTTP port>
(7.1.1+) -Dwp-client-protocol=<protocol>
- After completing the JVM settings described above, restart the WebLogic application server.
Workaround
Notes
You will need to perform the above edits to the new aveksaWFArchitect.ear file every time you apply a new patch or upgrade to a version of 7.0.2 that does not yet have a fix.