User App Driver Error (intermittent)


Hi Guys,

I'm trying to troubleshoot a non-functioning workflow and came across
the following error in the User App driver log:

[03/21/16 16:26:35.711]:UserAppDriver ST:
DirXML Log Event -------------------
Driver: \IDV-XXX-DEV\system\driverset\UserApplication
Channel: Subscriber
Object:
\IDV-XXX-DEV\system\driverset\UserApplication\AppConfig\DirectoryModel
Status: Error
Message: com.sssw.b2b.rt.GNVException: rt007005:Error encountered
executing WSDL Action:;
---> nested java.lang.RuntimeException:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: KeyUsage does not allow
digital signatures

Anybody know what is causing it?

Regards
Steve


--
stevehani
------------------------------------------------------------------------
stevehani's Profile: https://forums.netiq.com/member.php?userid=11062
View this thread: https://forums.netiq.com/showthread.php?t=55594

  • Could you share some other information about your environment, such as IDM
    version, Patch level,, etc.?

    Is this production, QA, dev, etc.?

    Has this ever worked?

    Do other workflows work?

    Have you done any customization to the SSL certificate used by the
    UserApp, such as set one up (it comes without any security by default)
    within Tomcat or whatever application service?

    When minting a certificate the user chooses what that certificate can do,
    such as encryption, signing, or even being a CA itself. The error
    literally means that Java is trying to use a certificate for signing that
    was not meant to be used for signing, but I have no idea how you managed
    to get to that spot. I'm only guessing that it's the UserApp cert, but
    that seems odd too since enabling signing is pretty normal.

    Any other logs before this one that could help? Was there a full stack
    available, or was this all of the error presented?

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  • Hi ab,

    Thanks for your response... Let me first warn you that I am a newbie to
    IDM, so am still finding my feet...

    Please see responses to your questions...

    ab;266284 Wrote:
    > Could you share some other information about your environment, such as
    > IDM
    > version, Patch level,, etc.?
    > IDM v4.5.3, OSP 6.0.0.3, SSPR v3.3.1, eDir 8.8 SP8
    >
    > Is this production, QA, dev, etc.? Dev
    >
    > Has this ever worked? Yes, prior to upgrading environment from IDM4.5.1
    > and OSP to 6.0.0.3
    >
    > Do other workflows work? I have created a PRD (workflow) to extend a
    > user's account expiration date and that seems to be working ok.
    >
    > Have you done any customization to the SSL certificate used by the
    > UserApp, such as set one up (it comes without any security by default)
    > within Tomcat or whatever application service?
    >
    > I have created an SSL cert for OSP and the User App. As OSP and User App
    > run on the same server it has made the certificate use a bit convoluted.
    >
    > OSP seems to be communicating ok and there is a Private Key Entry in the
    > osp.jks cert store for osp.
    > Tomcat7 (for iManager) uses an SSL cert generated by our internal CA
    > Tomcat (for User App) uses a different SSL cert generated by our
    > internal CA
    >
    > When minting a certificate the user chooses what that certificate can
    > do,
    > such as encryption, signing, or even being a CA itself. The error
    > literally means that Java is trying to use a certificate for signing
    > that
    > was not meant to be used for signing, but I have no idea how you managed
    > to get to that spot. I'm only guessing that it's the UserApp cert, but
    > that seems odd too since enabling signing is pretty normal.
    >
    > Any other logs before this one that could help? Was there a full stack
    > available, or was this all of the error presented? No, the only other
    > error I could see that may be related... appears in the Roles