Symantec IGA

Standalone IM 14.1 and IP 14.1 integration

  • 1.  Standalone IM 14.1 and IP 14.1 integration

    Posted Apr 05, 2018 06:19 AM

    Hi guys, I had to install and integrate IP 14.1 on top of an already existing IM 14.1 production environment.

    I have been able to install IP and configure both IM and GM connectors without any particular problem and it seems to read and manage all objects.

    Obviously i had to forget about any "standard" task because the customer environment has been deeply customized in terms of tasks, js screen logic, PX and external code.

    The problem that now i am facing is that when i try to use the IP Access module to add or remove a target permission or a role to a user, the request is submitted but nothing happen :

    IP:  the request is reported as COMPLETED, the Details reports the permission removal as AUDITED and the Timeline is in SUBMITTED state

    IM: the server log reports theese 3 rows:

    • WARN  [ims.default] (default task-32) The task Gestione per Utente is not transaction based. Ignoring the transaction id 3a9ebfcb-dcc3e381-e0e11a81-fd43be
    • WARN  [ims.idmutils.crypto] (default task-32) The system has been asked to decrypt data that has no encryption type tag. Returning unencrypted string.
    • ERROR [com.netegrity.crypto.PBESHA1RC2CBCPKCS12PBE5128Handler] (default task-32) javax.crypto.BadPaddingException: Error closing stream:

    As far as i can understand the 1st warning could be related to the way the tasks are managed by IP: It will fetch the status after the submission and the process will not be synchronous.

    The 2nd and 3rd seems to be related to some kind of problem in decrypting data received, i guess, using ws call from IP... does this make any sense?

    As a result IM doesn't take in charge the requested task, IP is not able to fetch its status and the activity is not executed.

     

    Since IP and IM are not installed using IdSuite or VApp but have been installed and configured manually, is there any other post-configuration related to any shared key or keystore that IM and IP need to share?

    Have you ever faced this error or can give me any suggestion to debug and fix this?

    Regards,

    Claudio