This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

5078 ERROR_SMS_SEND_ERROR

Hi all

I'm trying to setup a SMS gateway for SSPR. So we can use it  to send SMS tokens and new passwords.

I have filled the  following fields ;
- SMS Gateway : URL
- SMS Gateway User : gateway Username 
- SMS Gateway Password : Password of gateway's user
- HTTP(S) Method : POST
- SMS Gateway Authentication Method : Authentication will be part of the request

 

And when i click on the test button i get the below Error;

 

unable to send message: 5078 ERROR_SMS_SEND_ERROR (IO error while sending SMS: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

How can i solve this issue?

 

 

Tags:

Parents
  • 0  

    The error you are seeing is this part:

    IO error while sending SMS: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

     

    This is a classic SSL/TLS error.  The certificate that the SMS servers web server is using, is not signed by a CA your JVM trusts. Ergo, get the CA that signed their cert's private key and  install in your JVM's keystore.

    In the SMS Gateway URL you have the value.  Open a browser, go to that URL.  Click on the lock icon in the URL bar of your browser,View Certificate.

    Look at the certification chain.  Likely a CA, an intermediate CA then the Cert itself.

    Export the public key (Save to file, b64 or pem or der, should all work as formats) for the CA and if there is an intermediate that as well.

    (Also, notice the Serial number of both, maybe screen shot the two views from the browser).

    Go to the JVM your SSPR is using. If installed as part of IDM 4.8 or so it would be:

    /opt/netiq/common/jre or else it coudl be /opt/netiq/idm/apps/jre

    Do you know how to use Keytool from jre/bin/keytool to import certs in the keystore?  For fun, I would first use -list -v options in keytool and pipe it to a file (or less) and search for the serial numbers of the CA.

    I suspect the primary CA is trusted by the JVM but the intermediate CA is missing.  I have seen this often.

    Import them both, if it is already there it will warn you.  Then try again.

     

Reply
  • 0  

    The error you are seeing is this part:

    IO error while sending SMS: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

     

    This is a classic SSL/TLS error.  The certificate that the SMS servers web server is using, is not signed by a CA your JVM trusts. Ergo, get the CA that signed their cert's private key and  install in your JVM's keystore.

    In the SMS Gateway URL you have the value.  Open a browser, go to that URL.  Click on the lock icon in the URL bar of your browser,View Certificate.

    Look at the certification chain.  Likely a CA, an intermediate CA then the Cert itself.

    Export the public key (Save to file, b64 or pem or der, should all work as formats) for the CA and if there is an intermediate that as well.

    (Also, notice the Serial number of both, maybe screen shot the two views from the browser).

    Go to the JVM your SSPR is using. If installed as part of IDM 4.8 or so it would be:

    /opt/netiq/common/jre or else it coudl be /opt/netiq/idm/apps/jre

    Do you know how to use Keytool from jre/bin/keytool to import certs in the keystore?  For fun, I would first use -list -v options in keytool and pipe it to a file (or less) and search for the serial numbers of the CA.

    I suspect the primary CA is trusted by the JVM but the intermediate CA is missing.  I have seen this often.

    Import them both, if it is already there it will warn you.  Then try again.

     

Children
  • 0 in reply to   
    Hi thanks for replying, I managed to sort the certificate issue. But now in the the forgot password after getting the security code via sms, SSPR doesnt take me to the page where I have to input the code? Says Error 404. Page cannot be found
  • 0 in reply to   

    I'm unable to verify identity During Forgot Password Process. i get the below Error after entering the User Search. An sms with token is received, then after I get HTTP 404. Further investigation in the logs show the below

     

    ',FATAL, servlet.AbstractPwmServlet, 5015 ERROR_UNKNOWN (unexpected error processing request: java.lang.ClassNotFoundException: org.apache.jsp.WEB_002dINF.jsp.forgottenpassword_002dentertoken_jsp org.apache.jasper.JasperException: java.lang.ClassNotFoundException: org.apache.jsp.WEB_002dINF.jsp.forgottenpassword_002dentertoken_jsp at org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.java:176) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:375) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:396) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:340) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:720) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:466) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:391) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:318) at password.pwm.http.PwmResponse.forwardToJsp(PwmResponse.java:84) at password.pwm.http.PwmRequest.forwardToJsp(PwmRequest.java:140) at password.pwm.http.servlet.forgottenpw.ForgottenPasswordServlet.forwardUserBasedOnRecoveryMethod(ForgottenPasswordServlet.java:1509) at password.pwm.http.servlet.forgottenpw.ForgottenPasswordServlet.advancedToNextStage(ForgottenPasswordServlet.java:706) at password.pwm.http.servlet.forgottenpw.ForgottenPasswordServlet.processAction(ForgottenPasswordServlet.java:236) at password.pwm.http.servlet.AbstractPwmServlet.handleRequest(AbstractPwmServlet.java:106) at password.pwm.http.servlet.AbstractPwmServlet.doPost(AbstractPwmServlet.java:64) at javax.servlet.http.HttpServlet.service(HttpServlet.java:648) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:138) at password.pwm.http.filter.CaptchaFilter.processFilter(CaptchaFilter.java:60) at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:138) at password.pwm.http.filter.SessionFilter.processFilter(SessionFilter.java:84) at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:138) at password.pwm.http.filter.ApplicationModeFilter.processFilter(ApplicationModeFilter.java:72) at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at password.pwm.http.filter.RequestInitializationFilter.initializeServletRequest(RequestInitializationFilter.java:185) at password.pwm.http.filter.RequestInitializationFilter.doFilter(RequestInitializationFilter.java:109) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at password.pwm.http.filter.GZIPFilter.doFilter(GZIPFilter.java:67) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1502) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1458) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.ClassNotFoundException: org.apache.jsp.WEB_002dINF.jsp.forgottenpassword_002dentertoken_jsp at java.net.URLClassLoader.findClass(URLClassLoader.java:381) at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:131) at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:62) at org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:127) at org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.java:171) ... 65 more ) 2020-10-09T16:19:23Z, ERROR, http.PwmResponse, {181988} 5015 ERROR_UNKNOWN (unexpected error processing request: java.lang.ClassNotFoundException: org.apache.jsp.WEB_002dINF.jsp.forgottenpassword_002dentertoken_jsp [105.245.100.95] org.apache.jasper.JasperException: java.lang.ClassNotFoundException: org.apache.jsp.WEB_002dINF.jsp.forgottenpassword_002dentertoken_jsp at org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.java:176) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:375) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:396) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:340) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:720) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:466) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:391) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:318) at password.pwm.http.PwmResponse.forwardToJsp(PwmResponse.java:84) at password.pwm.http.PwmRequest.forwardToJsp(PwmRequest.java:140) at password.pwm.http.servlet.forgottenpw.ForgottenPasswordServlet.forwardUserBasedOnRecoveryMethod(ForgottenPasswordServlet.java:1509) at password.pwm.http.servlet.forgottenpw.ForgottenPasswordServlet.advancedToNextStage(ForgottenPasswordServlet.java:706) at password.pwm.http.servlet.forgottenpw.ForgottenPasswordServlet.processAction(ForgottenPasswordServlet.java:236) at password.pwm.http.servlet.AbstractPwmServlet.handleRequest(AbstractPwmServlet.java:106) at password.pwm.http.servlet.AbstractPwmServlet.doPost(AbstractPwmServlet.java:64) at javax.servlet.http.HttpServlet.service(HttpServlet.java:648) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:138) at password.pwm.http.filter.CaptchaFilter.processFilter(CaptchaFilter.java:60) at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:138) at password.pwm.http.filter.SessionFilter.processFilter(SessionFilter.java:84) at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:138) at password.pwm.http.filter.ApplicationModeFilter.processFilter(ApplicationModeFilter.java:72) at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at password.pwm.http.filter.RequestInitializationFilter.initializeServletRequest(RequestInitializationFilter.java:185) at password.pwm.http.filter.RequestInitializationFilter.doFilter(RequestInitializationFilter.java:109) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at password.pwm.http.filter.GZIPFilter.doFilter(GZIPFilter.java:67) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1502) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1458) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.ClassNotFoundException: org.apache.jsp.WEB_002dINF.jsp.forgottenpassword_002dentertoken_jsp at java.net.URLClassLoader.findClass(URLClassLoader.java:381) at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:131) at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:62) at org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:127) at org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.java:171) ... 65 more'

    attached screenshot shows the expected form.