Identity Applications 4.7.2 - Audit exception "extra data g

Hi
Enviroment

  • SO: RHEL 7.3
  • Identity Applications 4.7.2 (novell-AUDTplatformagent-2.0.2-81.x86_64)
  • NAuditPA.jar MD5 c4058b61c534bbc76c90ad98e6d6df24
  • Sentinel 8.2



File /etc/logevent.conf
LogHost=10.1.4.43
LogEnginePort=1289
LogReconnectInterval=60
LogCacheDir=/var/opt/novell/naudit/cache
LogCacheLimitAction=roll cache
LogForceCaching=Y
LogDebug=always
LogMaxCacheSize=5120
LogJavaClassPath=/var//opt/novell/naudit/NAuditPA.jar




File /opt/netiq/idm/apps/tomcat/conf/idmuserapp_logging.xml

<appenders>
<!-- CONSOLE and FILE appender are defined in jboss-log4j.xml -->
<!-- Novell Audit appender -->
<appender class="com.netiq.logging.log4j.NauditLog4jAppender" name="NAUDIT">
<param name="Threshold" value="ALL"/>
<param name="ApplicationDetail" value="DirXML"/>
</appender>
<!-- CEF appender -->
<appender class="com.netiq.idm.logging.syslog.CEFSyslogAppender" name="CEF">
<param name="Threshold" value="ALL"/>
</appender>
</appenders>

<loggers>
<logger name="com.novell" level="INFO" additivity="true">

<appender-ref ref="NAUDIT"/>

<!-- remove this line to turn on CEF auditing
<appender-ref ref="CEF"/>
remove this line to turn on CEF auditing -->
</logger>
<logger name="com.sssw" level="INFO" additivity="true">

<appender-ref ref="NAUDIT"/>

<!-- remove this line to turn on CEF auditing
<appender-ref ref="CEF"/>
remove this line to turn on CEF auditing -->
</logger>
<logger name="com.netiq" level="INFO" additivity="true">

<appender-ref ref="NAUDIT"/>

<!-- remove this line to turn on CEF auditing
<appender-ref ref="CEF"/>
remove this line to turn on CEF auditing -->
</logger>
....
</loggers>



In nproduct.log

Thu Jan 24 12:04:12 2019 [jlogevent]: Error: com.novell.naudit.logevent.LogEventException: Error creating certificate:
Unable to initialize, java.io.IOException: extra data given to DerValue constructor
at com.novell.naudit.logevent.LogEvent.doLogOpen(LogEvent.java:287)
at com.novell.naudit.logevent.LogEvent.logOpen(LogEvent.java:99)
at com.novell.naudit.LogEvent.LogOpen(LogEvent.java:208)
at com.netiq.logging.NauditAppenderSkeleton.start(NauditAppenderSkeleton.java:86)
at com.netiq.idm.rest.admin.LoggingService.activateNauditAppender(LoggingService.java:1113)
at com.netiq.idm.rest.admin.LoggingService.updateNAuditConfig(LoggingService.java:983)
at com.netiq.idm.rest.admin.LoggingService.updateAuditConfiguration(LoggingService.java:931)
at com.netiq.idm.rest.admin.LoggingService.updateAuditConfiguration(LoggingService.java:891)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ResponseOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:168)
at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:67)
at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:259)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:133)
at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:83)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:133)
at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:71)
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:990)
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:941)
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:932)
at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:384)
at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:451)
at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:632)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.novell.common.auth.JAASFilter.doFilter(JAASFilter.java:145)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.novell.common.auth.saml.AuthTokenGeneratorFilter.doFilter(AuthTokenGeneratorFilter.java:108)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.novell.common.auth.sso.SSOFilter.doFilter(SSOFilter.java:125)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.novell.common.ForceNoCacheFilter.doFilter(ForceNoCacheFilter.java:69)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.novell.common.CrossScriptingFilter.doFilter(CrossScriptingFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.novell.common.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:132)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: extra data given to DerValue constructor
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:198)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:102)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
at com.novell.naudit.logevent.LogEvent.doLogOpen(LogEvent.java:265)
... 68 more
Caused by: java.io.IOException: extra data given to DerValue constructor
at sun.security.util.DerValue.init(DerValue.java:410)
at sun.security.util.DerValue.<init>(DerValue.java:295)
at sun.security.util.DerValue.<init>(DerValue.java:306)
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:195)
... 71 more


In Sentinel log (/var/opt/novell/sentinel/log/server 0.0.log) nothing for this server

Where the inconvenience could be.

Additional information, Identity Application server migrate from 4.5.6 to 4.7.2

thanks in advance.
  • letroncoso;2494255 wrote:
    Hi
    Enviroment

    • SO: RHEL 7.3
    • Identity Applications 4.7.2 (novell-AUDTplatformagent-2.0.2-81.x86_64)
    • NAuditPA.jar MD5 c4058b61c534bbc76c90ad98e6d6df24
    • Sentinel 8.2



    File /etc/logevent.conf
    LogHost=10.1.4.43
    LogEnginePort=1289
    LogReconnectInterval=60
    LogCacheDir=/var/opt/novell/naudit/cache
    LogCacheLimitAction=roll cache
    LogForceCaching=Y
    LogDebug=always
    LogMaxCacheSize=5120
    LogJavaClassPath=/var//opt/novell/naudit/NAuditPA.jar




    File /opt/netiq/idm/apps/tomcat/conf/idmuserapp_logging.xml

    <appenders>
    <!-- CONSOLE and FILE appender are defined in jboss-log4j.xml -->
    <!-- Novell Audit appender -->
    <appender class="com.netiq.logging.log4j.NauditLog4jAppender" name="NAUDIT">
    <param name="Threshold" value="ALL"/>
    <param name="ApplicationDetail" value="DirXML"/>
    </appender>
    <!-- CEF appender -->
    <appender class="com.netiq.idm.logging.syslog.CEFSyslogAppender" name="CEF">
    <param name="Threshold" value="ALL"/>
    </appender>
    </appenders>

    <loggers>
    <logger name="com.novell" level="INFO" additivity="true">

    <appender-ref ref="NAUDIT"/>

    <!-- remove this line to turn on CEF auditing
    <appender-ref ref="CEF"/>
    remove this line to turn on CEF auditing -->
    </logger>
    <logger name="com.sssw" level="INFO" additivity="true">

    <appender-ref ref="NAUDIT"/>

    <!-- remove this line to turn on CEF auditing
    <appender-ref ref="CEF"/>
    remove this line to turn on CEF auditing -->
    </logger>
    <logger name="com.netiq" level="INFO" additivity="true">

    <appender-ref ref="NAUDIT"/>

    <!-- remove this line to turn on CEF auditing
    <appender-ref ref="CEF"/>
    remove this line to turn on CEF auditing -->
    </logger>
    ....
    </loggers>



    In nproduct.log

    Thu Jan 24 12:04:12 2019 [jlogevent]: Error: com.novell.naudit.logevent.LogEventException: Error creating certificate:
    Unable to initialize, java.io.IOException: extra data given to DerValue constructor
    at com.novell.naudit.logevent.LogEvent.doLogOpen(LogEvent.java:287)
    at com.novell.naudit.logevent.LogEvent.logOpen(LogEvent.java:99)
    at com.novell.naudit.LogEvent.LogOpen(LogEvent.java:208)
    at com.netiq.logging.NauditAppenderSkeleton.start(NauditAppenderSkeleton.java:86)
    at com.netiq.idm.rest.admin.LoggingService.activateNauditAppender(LoggingService.java:1113)
    at com.netiq.idm.rest.admin.LoggingService.updateNAuditConfig(LoggingService.java:983)
    at com.netiq.idm.rest.admin.LoggingService.updateAuditConfiguration(LoggingService.java:931)
    at com.netiq.idm.rest.admin.LoggingService.updateAuditConfiguration(LoggingService.java:891)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ResponseOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:168)
    at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:67)
    at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:259)
    at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:133)
    at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:83)
    at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:133)
    at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:71)
    at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:990)
    at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:941)
    at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:932)
    at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:384)
    at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:451)
    at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:632)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at com.novell.common.auth.JAASFilter.doFilter(JAASFilter.java:145)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at com.novell.common.auth.saml.AuthTokenGeneratorFilter.doFilter(AuthTokenGeneratorFilter.java:108)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at com.novell.common.auth.sso.SSOFilter.doFilter(SSOFilter.java:125)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at com.novell.common.ForceNoCacheFilter.doFilter(ForceNoCacheFilter.java:69)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at com.novell.common.CrossScriptingFilter.doFilter(CrossScriptingFilter.java:53)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at com.novell.common.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:132)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:748)
    Caused by: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: extra data given to DerValue constructor
    at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:198)
    at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:102)
    at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
    at com.novell.naudit.logevent.LogEvent.doLogOpen(LogEvent.java:265)
    ... 68 more
    Caused by: java.io.IOException: extra data given to DerValue constructor
    at sun.security.util.DerValue.init(DerValue.java:410)
    at sun.security.util.DerValue.<init>(DerValue.java:295)
    at sun.security.util.DerValue.<init>(DerValue.java:306)
    at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:195)
    ... 71 more


    In Sentinel log (/var/opt/novell/sentinel/log/server 0.0.log) nothing for this server

    Where the inconvenience could be.

    Additional information, Identity Application server migrate from 4.5.6 to 4.7.2

    thanks in advance.


    I don't like this:


    Thu Jan 24 12:04:12 2019 [jlogevent]: Error: com.novell.naudit.logevent.LogEventException: Error creating certificate:
    Unable to initialize, java.io.IOException: extra data given to DerValue constructor


    It sounds like something unexpected is being passed. Possibly a bug introduced by the new JRE? You should probably get an SR open with Support on this.
  • Ok thank you, we'll see what we recommend
    just to add a little more data, I pass the java version

    /opt/netiq/common/jre/bin/java -version
    openjdk version "1.8.0_192"
    OpenJDK Runtime Environment (Zulu 8.33.0.1-linux64) (build 1.8.0_192-b01)
    OpenJDK 64-Bit Server VM (Zulu 8.33.0.1-linux64) (build 25.192-b01, mixed mode)
  • On 2019-01-24 16:54, letroncoso wrote:
    > - SO: RHEL 7.3
    > - Identity Applications 4.7.2
    > (novell-AUDTplatformagent-2.0.2-81.x86_64)
    > - NAuditPA.jar MD5 c4058b61c534bbc76c90ad98e6d6df24
    > - Sentinel 8.2
    >
    >
    >
    > File /etc/logevent.conf


    With 4.7.2 you should be using CEF logging instead of NAudit:

    https://www.netiq.com/documentation/identity-manager-47/configure_auditing/data/configure-identity-manager-components-to-use-cef.html


    --
    Norbert