This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SecurID® Governance & Lifecycle Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.

Unable to open any workflow on RSA Identity Governance & Lifecycle 7.0.2 or 7.1.0 when deployed in a clustered environment or on an application server with custom access ports

Article Number

000035501

Applies To

RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.0.2, 7.1.0
Platform: WildFly, WebSphere, WebLogic

Issue

An attempt to open the Workflow Editor in RSA Identity Governance & Lifecycle 7.0.2 or 7.1.0 fails with any of the following errors:
 
Could not connect to HTTP invoker remote service at
[http://localhost:9080/wpServices/ServerConfigService]; nested exception is
​java.net.ConnectException: Connection refused
 
Image descriptionImage description


Could not access HTTP invoker remote service at ​[http://node1:9080/wpServices
/ServerConfigService]; nested exception is java.net.UnknownHostException: server1
 
Image descriptionImage description
 

Cause

This a known issue under "Known Issues and Limitations" in the RSA Identity Governance & Lifecycle 7.0.2 Release Notes under ID ACM-72065 as well as the standard RSA Identity Governance & Lifecycle 7.1 documentation.

This error can occur in more than one case:
  1. When using a clustered environment where the application server nodes listen only on the hostname/IP address of the server but not on localhost. This is most common in Wildfly clusters but might also happen on WebSphere and WebLogic according to your application server configuration.
  2. When the application server listen port has been changed in the application server settings to anything other than the default ports. Below is a table of the default expected console port for each Application Server type.
Application ServerDefault Port
WildFly8080
WebSphere9080
WebLogic7001

Resolution

This problem is fixed in 7.0.2 P05 and 7.1.0 as the new aveksaWFArchitect.ear file has built in JVM parameters ${wp-client-hostname} and ${wp-client-hostport} that can be used to specify the hostname and ports of each node. As of 7.1.1 we can leverage an additional parameter, ${wp-client-protocol}.
 

Note: The values provided for the parameters ${wp-client-hostname}, ${wp-client-hostport}, and ${wp-client-protocol} do not have to be reachable from the end users' browsers. They have to be reachable locally from where the aveksaWFArchiect.ear is deployed to where the aveksa.ear is deployed, which in most cases is the same server.


To resolve this issue follow the steps below:
  1. If you are on 7.0.2, apply 7.0.2 P05+ or upgrade to 7.1.0.  
  2. If you cannot apply 7.0.2 P05+ or upgrade to 7.1.0, first follow the steps under the Workaround section before proceeding further.
  3. Follow one of the steps below, per your application server to set up these JVM parameters.

    • WildFly

      1. Login as the oracle user via SSH to a server that hosts the Identity Governance & Lifecycle WildFly application (in case of cluster environments, you need to do this for each server).
      2. Edit one of the following files as per you setup:
        • Standalone environment: /home/oracle/wildfly/bin/standalone.conf
        • Clustered environment: /home/oracle/wildfly/bin/domain.conf
      3. Add the following line to the very end of the file:

        JAVA_OPTS="$JAVA_OPTS -Dwp-client-hostname=<Your Identity Governance & Lifecycleinternal server hostname> -Dwp-client-hostport=<Your internal Identity Governance & Lifecycle server HTTP port> "

        (7.1.1 only) additionally, you can add:

        -Dwp-client-protocol=<protocol>

    • WebSphere

      1. In the WebSphere console, to select the server, click Servers > Server types > WebSphere application servers and select the server.
      2. Choose the server used for RSA Identity Governance & Lifecycle.
      3. Under the Configuration tab, select Server Infrastructure > Java and Process Management > Process Definition.
      4. Under Additional Properties, select Java Virtual Machine.
      5. Enter the following under Generic JVM Arguments:
-Dwp-client-hostname=<Your internal RSA Identity Governance & Lifecycle server hostname>
-Dwp-client-hostport=<Your internal RSA Identity Governance & Lifecycle server HTTP port>
(7.1.1+) -Dwp-client-protocol=<protocol>
  1. Save to the master configuration.

  • WebLogic

    Use one of the following methods to set JVM arguments.

    Note: If you use custom scripts to start the WebLogic application server, these methods might not map to your environment. Consult the WebLogic administrator on how the JVM  settings are set for your environment.

    1. Editing the WebLogic Domain startup environment script. This method is typically used on a standalone system and is required if you are deploying RSA Identity Governance & Lifecycle using the AdminServer instance.
      1. Edit the setDomainEnv.sh file for the domain in which you will be deployed RSA Identity Governance & Lifecycle. For example, from $WEBLOGIC_HOME/user_projects/domains/<domain_name>/bin.
      2. Add the following settings near the beginning of the setDomainEnv script, where WL_HOME is set.

        JAVA_OPTIONS="$JAVA_OPTIONS -Dwp-client-hostname=<Your RSA Identity Governance & Lifecycle internal server hostname> -Dwp-client-hostport=<Your internal RSA Identity Governance & Lifecycle server HTTP port> "
        export JAVA_OPTIONS

        7.1.1+
        JAVA_OPTIONS="$JAVA_OPTIONS -Dwp-client-hostname=<Your RSA Identity Governance & Lifecycle internal server hostname> -Dwp-client-hostport=<Your internal RSA Identity Governance & Lifecycle server HTTP port> -Dwp-client-protocol=<protocol>"
        export JAVA_OPTIONS

    2. Specifying JVM arguments within the Admin Console for a server instance. This method is typically used when your servers are managed by NodeManager.
      1. Log on to the WebLogic console.
      2. Click Environment > Servers and select the server.
      3. On the Configuration tab, click the Server Start tab.
      4. In the Arguments field, add:
-Dwp-client-hostname=<Your internal Identity Governance & Lifecycle server hostname>
-Dwp-client-hostport=<Your internalIdentity Governance & Lifecycle server HTTP port>
(7.1.1+) -Dwp-client-protocol=<protocol>
  1. After completing the JVM settings described above, restart the WebLogic application server.

Workaround

On any 7.0.2 patch before P05, you would first need to edit the aveksaWFArchitect.ear file and modify the default URLs to the add the above JVM parameters, then deploy the newly modified aveksaWFArchitect.ear file on your application server.
  1. You can do the following steps on any machine on which the Java Development Kit 1.7 (JDK 1.7) is installed, and also on which you correctly configured the PATH environmental variables.  Use the Java Tutorial on CLASS and CLASS PATH for reference. The below example uses Windows.
  2. Use any application (for example, 7Zip) to extract the RSA Identity Governance & Lifecycle software/patch .tar file to any directory; A directory named Packages is used for the following example.
Image descriptionImage description
  1. Create a working directory, new_ear, for example.
  2. Copy the aveksaWFArchitect.ear file from the extracted tar directory in step 2 to the new_ear directory.
  3. Create two temporary directories under new_ear.  For example, ear_dir and jar_dir.
Image descriptionImage description
  1. Open the Windows command prompt (cmd.exe).
  2. Use the following commands  to unzip the aveksaWFArchitect.ear in the temporary ear directory named ear_dir: 
    cd ear_dir
jar -xvf ..\aveksaWFArchitect.ear

    Image descriptionImage description
  3. Use the following commands in the command prompt to unzip <ear_dir>\APP-INF\lib\acmConfig.jar in the temporary jar directory named jar_dir: 
    cd ..\jar_dir
jar -xvf ..\ear_dir\APP-INF\lib\acmConfig.jar

    Image descriptionImage description
  4. Use any text editor (preferably Notepad++) to modify the property values for serverContextPath and client.connect.URL in the properties file <jar_dir>\workpoint-client.properties as follows:
serverContextPath = http://${wp-client-hostname}:${wp-client-hostport}/wpServices
client.connect.URL = http://${wp-client-hostname}:${wp-client-hostport}/wpServices/xml
  1. Save the changes to workpoint-client.properties, and close the file.
  2. Use the following commands in the command prompt to rebuild the modified acmConfig.ear: 
    cd jar_dir
jar uvfm ..\ear_dir\APP-INF\lib\acmConfig.jar META-INF\MANIFEST.MF *

    Image descriptionImage description
  3. Use the following commands in the command prompt to rebuild the modified aveksaWFArchitect.ear: 
    cd ..\ear_dir
jar uvfm ..\aveksaWFArchitect.ear META-INF\MANIFEST.MF *

    Image descriptionImage description
  4. The aveksaWFArchitect.ear in the new_ear directory now has been updated with the changes. You can now follow the steps in the RSA Identity Governance & Lifecycle 7.0.2 Installation Guide specific to your application server, RSA Identity Governance & Lifecycle 7.0.2 - Configuring WildFly Clustering or contact RSA Support to deploy the new aveksaWFArchitect.ear file.
  5. Follow the above steps under Resolution to set the values of the newly added JVM parameters.

Notes

You will need to perform the above edits to the new aveksaWFArchitect.ear file every time you apply a new patch or upgrade to a version of 7.0.2 that does not yet have a fix.

0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 07:12 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.