UserApp 4.8 workflow error: Access token has expired

I've recently upgraded Userapp from 4.7.3 to 4.8 and getting the below error in catalina log while trying to assign/revoke roles using workflow.

                         (https-jsse-nio-8443-exec-4) [WORKFLOW] Token validation failed. HTTP status code: 400 Detail message from authentication server: Access token has expired.
Also attaching the catalina log for your reference.

2022-09-13 03:25:24,867 WARN  [com.netiq.idm.auth.oauth.OAuthManager] (https-jsse-nio-8443-exec-4) [WORKFLOW] Token validation failed. HTTP status code: 400 Detail message from authentication server: Access token has expired.
2022-09-13 03:25:24,868 WARN  [com.netiq.idm.auth.oauth.OAuthRestFilter] (https-jsse-nio-8443-exec-4) [WORKFLOW] The authentication token has expired.
2022-09-13 03:25:25,268 INFO  [com.novell.soa.af.impl.LogEvent] (WORKFLOW pool-1-workflow engine-ND-thread-10) [WORKFLOW] [Workflow_Started] Initiated by cn=J2P2SuperAdmin,ou=Users,o=xxxxxxnet, Process ID: 9085f2ad930142f3aba9ac0e197d67cf, Process Name: cn=assignroles,cn=requestdefs,cn=appconfig,cn=user application driver,cn=driver set,ou=idm,ou=services,o=xxxxxxnet:232, Activity: Start, Recipient: cn=J2P2SuperAdmin,ou=Users,o=xxxxxxnet, Secondary User: null
2022-09-13 03:25:25,317 INFO  [com.novell.soa.af.impl.LogEvent] (WORKFLOW pool-1-workflow engine-ND-thread-10) [WORKFLOW] [Workflow_Forwarded] Initiated by System, Process ID: 9085f2ad930142f3aba9ac0e197d67cf, Process Name: cn=assignroles,cn=requestdefs,cn=appconfig,cn=user application driver,cn=driver set,ou=idm,ou=services,o=xxxxxxnet:232, Activity: Start, Recipient: cn=J2P2SuperAdmin,ou=Users,o=xxxxxxnet
Inside getRevokeRoles
Process ID: cn=assignroles,cn=requestdefs,cn=appconfig,cn=user application driver,cn=driver set,ou=idm,ou=services,o=xxxxxxnet
2022-09-13 03:25:25,575 INFO  [com.novell.soa.af.impl.LogEvent] (WORKFLOW pool-1-workflow engine-ND-thread-10) [WORKFLOW] [Workflow_Forwarded] Initiated by System, Process ID: 9085f2ad930142f3aba9ac0e197d67cf, Process Name: cn=assignroles,cn=requestdefs,cn=appconfig,cn=user application driver,cn=driver set,ou=idm,ou=services,o=xxxxxxxxx:232, Activity: SetAssignRevokeRoles, Recipient: cn=J2P2SuperAdmin,ou=Users,o=xxxxxxxxx
2022-09-13 03:25:25,649 INFO  [com.novell.soa.af.impl.LogEvent] (WORKFLOW pool-1-workflow engine-ND-thread-10) [WORKFLOW] [Workflow_Forwarded] Initiated by System, Process ID: 9085f2ad930142f3aba9ac0e197d67cf, Process Name: cn=assignroles,cn=requestdefs,cn=appconfig,cn=user application driver,cn=driver set,ou=idm,ou=services,o=xxxxxxxxx:232, Activity: IsRoleAssign, Recipient: cn=J2P2SuperAdmin,ou=Users,o=xxxxxxxxx
2022-09-13 03:25:25,882 ERROR [com.microfocus.external.client.ExternalApplicationClient] (WORKFLOW pool-1-workflow engine-ND-thread-10) [WORKFLOW] Error while processing the external application request.
com.sun.jersey.api.client.ClientHandlerException: java.net.ConnectException: Connection refused (Connection refused)
	at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:155)
	at com.sun.jersey.api.client.Client.handle(Client.java:652)
	at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682)
	at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
	at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:570)
	at com.microfocus.external.client.ExternalApplicationClient.doPost(ExternalApplicationClient.java:80)
	at com.microfocus.external.idm.IDMApplicationClientImpl.requestPermission(IDMApplicationClientImpl.java:45)
	at com.novell.soa.af.impl.activity.RoleRequestActivity.processTarget(RoleRequestActivity.java:442)
	at com.novell.soa.af.impl.activity.RoleRequestActivity.process(RoleRequestActivity.java:266)
	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
	at com.novell.soa.af.impl.core.ProcessImpl.startActivity(ProcessImpl.java:1788)
	at com.novell.soa.af.impl.core.ProcessImpl.forward(ProcessImpl.java:1672)
	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:294)
	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:269)
	at com.novell.soa.af.impl.activity.ConditionActivity.process(ConditionActivity.java:87)
	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
	at com.novell.soa.af.impl.core.ProcessImpl.startActivity(ProcessImpl.java:1788)
	at com.novell.soa.af.impl.core.ProcessImpl.forward(ProcessImpl.java:1672)
	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:294)
	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:269)
	at com.novell.soa.af.impl.activity.MappingActivity.process(MappingActivity.java:68)
	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
	at com.novell.soa.af.impl.core.ProcessImpl.startActivity(ProcessImpl.java:1788)
	at com.novell.soa.af.impl.core.ProcessImpl.forward(ProcessImpl.java:1672)
	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:294)
	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:269)
	at com.novell.soa.af.impl.activity.StartActivity.process(StartActivity.java:94)
	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
	at com.novell.soa.af.impl.activity.RunnableActivity.run(RunnableActivity.java:50)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.ConnectException: Connection refused (Connection refused)
	at java.net.PlainSocketImpl.socketConnect(Native Method)
	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
	at java.net.Socket.connect(Socket.java:589)
	at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:666)
	at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:173)
	at sun.net.NetworkClient.doConnect(NetworkClient.java:180)
	at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
	at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
	at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)
	at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
	at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1162)
	at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1056)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
	at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1340)
	at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1315)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:264)
	at com.sun.jersey.client.urlconnection.URLConnectionClientHandler$1$1.getOutputStream(URLConnectionClientHandler.java:238)
	at com.sun.jersey.api.client.CommittingOutputStream.commitStream(CommittingOutputStream.java:117)
	at com.sun.jersey.api.client.CommittingOutputStream.write(CommittingOutputStream.java:89)
	at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
	at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)
	at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)
	at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)
	at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)
	at java.io.BufferedWriter.flush(BufferedWriter.java:254)
	at com.sun.jersey.core.util.ReaderWriter.writeToAsString(ReaderWriter.java:191)
	at com.sun.jersey.core.provider.AbstractMessageReaderWriterProvider.writeToAsString(AbstractMessageReaderWriterProvider.java:128)
	at com.sun.jersey.core.impl.provider.entity.StringProvider.writeTo(StringProvider.java:88)
	at com.sun.jersey.core.impl.provider.entity.StringProvider.writeTo(StringProvider.java:58)
	at com.sun.jersey.api.client.RequestWriter.writeRequestEntity(RequestWriter.java:300)
	at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:217)
	at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:153)
	... 31 more
2022-09-13 03:25:25,883 ERROR [com.novell.soa.af.impl.activity.RoleRequestActivity] (WORKFLOW pool-1-workflow engine-ND-thread-10) [WORKFLOW] Error while processing the external application request.
com.microfocus.external.exception.ExternalClientException: Error while processing the external application request.
	at com.microfocus.external.client.ExternalApplicationClient.doPost(ExternalApplicationClient.java:94)
	at com.microfocus.external.idm.IDMApplicationClientImpl.requestPermission(IDMApplicationClientImpl.java:45)
	at com.novell.soa.af.impl.activity.RoleRequestActivity.processTarget(RoleRequestActivity.java:442)
	at com.novell.soa.af.impl.activity.RoleRequestActivity.process(RoleRequestActivity.java:266)
	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
	at com.novell.soa.af.impl.core.ProcessImpl.startActivity(ProcessImpl.java:1788)
	at com.novell.soa.af.impl.core.ProcessImpl.forward(ProcessImpl.java:1672)
	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:294)
	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:269)
	at com.novell.soa.af.impl.activity.ConditionActivity.process(ConditionActivity.java:87)
	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
	at com.novell.soa.af.impl.core.ProcessImpl.startActivity(ProcessImpl.java:1788)
	at com.novell.soa.af.impl.core.ProcessImpl.forward(ProcessImpl.java:1672)
	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:294)
	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:269)
	at com.novell.soa.af.impl.activity.MappingActivity.process(MappingActivity.java:68)
	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
	at com.novell.soa.af.impl.core.ProcessImpl.startActivity(ProcessImpl.java:1788)
	at com.novell.soa.af.impl.core.ProcessImpl.forward(ProcessImpl.java:1672)
	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:294)
	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:269)
	at com.novell.soa.af.impl.activity.StartActivity.process(StartActivity.java:94)
	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
	at com.novell.soa.af.impl.activity.RunnableActivity.run(RunnableActivity.java:50)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
2022-09-13 03:25:25,883 ERROR [com.novell.soa.af.impl.LogEvent] (WORKFLOW pool-1-workflow engine-ND-thread-10) [WORKFLOW] [Workflow_Error] Initiated by cn=J2P2SuperAdmin,ou=Users,o=xxxxxxxxx, Error Message: Error while processing the external application request., Process ID: 9085f2ad930142f3aba9ac0e197d67cf, Process Name: cn=assignroles,cn=requestdefs,cn=appconfig,cn=user application driver,cn=driver set,ou=idm,ou=services,o=xxxxxxxxx:232, Activity: Assign Roles, Recipient: cn=J2P2SuperAdmin,ou=Users,o=xxxxxxxxx

I found the solution https://support.microfocus.com/kb/doc.php?id=7024492 in the knowledge base but not sure about how to "encode with base64 the password used for the forms client in configupdate" as mentioned in the document.

  • I suspect that the TID you found is for a different problem based on your error.

    The workjflow.WAR process where workflows run now, is failing to connect to the SOAP endpoints (maybe REST?  Not sure what your PRD is doing) with this error.

    com.sun.jersey.api.client.ClientHandlerException: java.net.ConnectException: Connection refused (Connection refused)

    The TID is talking about Forms which is well past by the time you get to this error. 

    The access token expired is not an error, it is more informational, and is telling you it is going to get a new one.

    However, the file you need to edit is specified in that tid.  Is the ClientPass field blank as it suggests?  If so, do you know the value of the password you used in configupdate.sh when you configured the upgrade?  (Generally all the client secrets are the same, which makes life easier since there are maybe 8 of them now?)

    It is stored in the ism-configuration.properties file but encrypted.

    I would suggest that more likely your problem is that the signing CA for your UA's SSL certificate (or one of the CA's in the chain) is missing from a keystore that workflow.war wants to use.

    Since there are only a couple of keystores involved it is usually easy to resolve this.

    /opt/netiq/common/jre/lib/security/cacerts

    /opt/netiq/idm/apps/tomcat/comf/idm.jks (and maybe apps.jks)

    /opt/netiq/idm/apps/osp/osp.jks

    Make sure each contains the certs that sign your OSP cert and your Tomcat cert. 

  • Thanks for the answer.

    I imported the CA cert to /opt/netiq/idm/apps/osp/osp.jks and the "Access token has expired" issue is resolved. But still getting the Error Message: Error while processing the external application request.

    ataching catalina log for reference.

    2022-09-13 10:09:50,252 INFO  [com.netiq.idm.auth.oauth.OAuthRestFilter] (https-jsse-nio-8443-exec-23) [RBPM] SSO Header issued by SSO Filter oauth for User cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx.
    2022-09-13 10:09:50,253 INFO  [com.novell.common.auth.saml.AuthTokenGenerator] (https-jsse-nio-8443-exec-23) [RBPM] Logging in using proxy authorization from SSO filter oauth.
    2022-09-13 10:09:50,297 INFO  [com.netiq.idm.auth.oauth.OAuthRestFilter] (https-jsse-nio-8443-exec-6) [RBPM] SSO Header issued by SSO Filter oauth for User cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx.
    2022-09-13 10:09:50,298 INFO  [com.novell.common.auth.saml.AuthTokenGenerator] (https-jsse-nio-8443-exec-6) [RBPM] Logging in using proxy authorization from SSO filter oauth.
    2022-09-13 10:09:50,307 INFO  [com.novell.pwdmgt.util.PasswordHelper] (https-jsse-nio-8443-exec-23) [RBPM] [Login_Success] cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx successfully logged in.
    2022-09-13 10:09:50,351 INFO  [com.novell.pwdmgt.util.PasswordHelper] (https-jsse-nio-8443-exec-6) [RBPM] [Login_Success] cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx successfully logged in.
    2022-09-13 10:09:52,326 INFO  [com.netiq.idm.auth.oauth.OAuthRestFilter] (https-jsse-nio-8443-exec-6) [RBPM] SSO Header issued by SSO Filter oauth for User cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx.
    2022-09-13 10:09:52,327 INFO  [com.novell.common.auth.saml.AuthTokenGenerator] (https-jsse-nio-8443-exec-6) [RBPM] Logging in using proxy authorization from SSO filter oauth.
    2022-09-13 10:09:52,365 INFO  [com.netiq.idm.auth.oauth.OAuthRestFilter] (https-jsse-nio-8443-exec-22) [RBPM] SSO Header issued by SSO Filter oauth for User cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx.
    2022-09-13 10:09:52,366 INFO  [com.novell.common.auth.saml.AuthTokenGenerator] (https-jsse-nio-8443-exec-22) [RBPM] Logging in using proxy authorization from SSO filter oauth.
    2022-09-13 10:09:52,376 INFO  [com.netiq.idm.auth.oauth.OAuthRestFilter] (https-jsse-nio-8443-exec-24) [RBPM] SSO Header issued by SSO Filter oauth for User cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx.
    2022-09-13 10:09:52,377 INFO  [com.novell.common.auth.saml.AuthTokenGenerator] (https-jsse-nio-8443-exec-24) [RBPM] Logging in using proxy authorization from SSO filter oauth.
    2022-09-13 10:09:52,393 INFO  [com.novell.pwdmgt.util.PasswordHelper] (https-jsse-nio-8443-exec-6) [RBPM] [Login_Success] cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx successfully logged in.
    2022-09-13 10:09:52,426 INFO  [com.novell.pwdmgt.util.PasswordHelper] (https-jsse-nio-8443-exec-22) [RBPM] [Login_Success] cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx successfully logged in.
    2022-09-13 10:09:52,435 INFO  [com.novell.pwdmgt.util.PasswordHelper] (https-jsse-nio-8443-exec-24) [RBPM] [Login_Success] cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx successfully logged in.
    2022-09-13 10:09:52,449 INFO  [com.netiq.idm.auth.oauth.OAuthRestFilter] (https-jsse-nio-8443-exec-21) [RBPM] SSO Header issued by SSO Filter oauth for User cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx.
    2022-09-13 10:09:52,449 INFO  [com.novell.common.auth.saml.AuthTokenGenerator] (https-jsse-nio-8443-exec-21) [RBPM] Logging in using proxy authorization from SSO filter oauth.
    2022-09-13 10:09:52,459 INFO  [com.netiq.idm.auth.oauth.OAuthRestFilter] (https-jsse-nio-8443-exec-5) [RBPM] SSO Header issued by SSO Filter oauth for User cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx.
    2022-09-13 10:09:52,460 INFO  [com.novell.common.auth.saml.AuthTokenGenerator] (https-jsse-nio-8443-exec-5) [RBPM] Logging in using proxy authorization from SSO filter oauth.
    2022-09-13 10:09:52,513 INFO  [com.novell.pwdmgt.util.PasswordHelper] (https-jsse-nio-8443-exec-21) [RBPM] [Login_Success] cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx successfully logged in.
    2022-09-13 10:09:52,515 INFO  [com.novell.pwdmgt.util.PasswordHelper] (https-jsse-nio-8443-exec-5) [RBPM] [Login_Success] cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx successfully logged in.
    2022-09-13 10:09:52,624 INFO  [com.netiq.idm.auth.oauth.OAuthRestFilter] (https-jsse-nio-8443-exec-23) [RBPM] SSO Header issued by SSO Filter oauth for User cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx.
    2022-09-13 10:09:52,625 INFO  [com.novell.common.auth.saml.AuthTokenGenerator] (https-jsse-nio-8443-exec-23) [RBPM] Logging in using proxy authorization from SSO filter oauth.
    2022-09-13 10:09:52,700 INFO  [com.novell.pwdmgt.util.PasswordHelper] (https-jsse-nio-8443-exec-23) [RBPM] [Login_Success] cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx successfully logged in.
    2022-09-13 10:09:52,787 INFO  [com.netiq.idm.auth.oauth.OAuthRestFilter] (https-jsse-nio-8443-exec-5) [RBPM] SSO Header issued by SSO Filter oauth for User cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx.
    2022-09-13 10:09:52,787 INFO  [com.novell.common.auth.saml.AuthTokenGenerator] (https-jsse-nio-8443-exec-5) [RBPM] Logging in using proxy authorization from SSO filter oauth.
    2022-09-13 10:09:52,839 INFO  [com.novell.pwdmgt.util.PasswordHelper] (https-jsse-nio-8443-exec-5) [RBPM] [Login_Success] cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx successfully logged in.
    2022-09-13 10:09:52,863 INFO  [com.netiq.idm.auth.oauth.OAuthRestFilter] (https-jsse-nio-8443-exec-21) [RBPM] SSO Header issued by SSO Filter oauth for User cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx.
    2022-09-13 10:09:52,864 INFO  [com.novell.common.auth.saml.AuthTokenGenerator] (https-jsse-nio-8443-exec-21) [RBPM] Logging in using proxy authorization from SSO filter oauth.
    2022-09-13 10:09:52,915 INFO  [com.novell.pwdmgt.util.PasswordHelper] (https-jsse-nio-8443-exec-21) [RBPM] [Login_Success] cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx successfully logged in.
    2022-09-13 10:09:53,765 INFO  [com.netiq.idm.auth.oauth.OAuthFilter] (https-jsse-nio-8443-exec-22) [RBPM] SSO Header issued by SSO Filter oauth for User cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx.
    2022-09-13 10:09:53,766 INFO  [com.novell.common.auth.saml.AuthTokenGenerator] (https-jsse-nio-8443-exec-22) [RBPM] Logging in using proxy authorization from SSO filter oauth.
    2022-09-13 10:09:53,818 INFO  [com.novell.pwdmgt.util.PasswordHelper] (https-jsse-nio-8443-exec-22) [RBPM] [Login_Success] cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx successfully logged in.
    2022-09-13 10:11:27,144 WARN  [com.netiq.idm.auth.oauth.OAuthManager] (https-jsse-nio-8443-exec-7) [WORKFLOW] Token validation failed. HTTP status code: 400 Detail message from authentication server: Access token has expired.
    2022-09-13 10:11:27,146 WARN  [com.netiq.idm.auth.oauth.OAuthRestFilter] (https-jsse-nio-8443-exec-7) [WORKFLOW] The authentication token has expired.
    2022-09-13 10:11:27,522 INFO  [com.novell.soa.af.impl.LogEvent] (WORKFLOW pool-1-workflow engine-ND-thread-8) [WORKFLOW] [Workflow_Started] Initiated by cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx, Process ID: 90af87c4c1014df9904372dff6485e99, Process Name: cn=assignroles,cn=requestdefs,cn=appconfig,cn=user application driver,cn=driver set,ou=idm,ou=services,o=xxxxxxxxx:232, Activity: Start, Recipient: cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx, Secondary User: null
    2022-09-13 10:11:27,557 INFO  [com.novell.soa.af.impl.LogEvent] (WORKFLOW pool-1-workflow engine-ND-thread-8) [WORKFLOW] [Workflow_Forwarded] Initiated by System, Process ID: 90af87c4c1014df9904372dff6485e99, Process Name: cn=assignroles,cn=requestdefs,cn=appconfig,cn=user application driver,cn=driver set,ou=idm,ou=services,o=xxxxxxxxx:232, Activity: Start, Recipient: cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx
    2022-09-13 10:11:27,700 INFO  [com.novell.soa.af.impl.LogEvent] (WORKFLOW pool-1-workflow engine-ND-thread-8) [WORKFLOW] [Workflow_Forwarded] Initiated by System, Process ID: 90af87c4c1014df9904372dff6485e99, Process Name: cn=assignroles,cn=requestdefs,cn=appconfig,cn=user application driver,cn=driver set,ou=idm,ou=services,o=xxxxxxxxx:232, Activity: SetAssignRevokeRoles, Recipient: cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx
    2022-09-13 10:11:27,727 INFO  [com.novell.soa.af.impl.LogEvent] (WORKFLOW pool-1-workflow engine-ND-thread-8) [WORKFLOW] [Workflow_Forwarded] Initiated by System, Process ID: 90af87c4c1014df9904372dff6485e99, Process Name: cn=assignroles,cn=requestdefs,cn=appconfig,cn=user application driver,cn=driver set,ou=idm,ou=services,o=xxxxxxxxx:232, Activity: IsRoleAssign, Recipient: cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx
    2022-09-13 10:11:27,908 ERROR [com.microfocus.external.client.ExternalApplicationClient] (WORKFLOW pool-1-workflow engine-ND-thread-8) [WORKFLOW] Error while processing the external application request.
    com.sun.jersey.api.client.ClientHandlerException: java.net.ConnectException: Connection refused (Connection refused)
    	at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:155)
    	at com.sun.jersey.api.client.Client.handle(Client.java:652)
    	at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682)
    	at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
    	at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:570)
    	at com.microfocus.external.client.ExternalApplicationClient.doPost(ExternalApplicationClient.java:80)
    	at com.microfocus.external.idm.IDMApplicationClientImpl.requestPermission(IDMApplicationClientImpl.java:45)
    	at com.novell.soa.af.impl.activity.RoleRequestActivity.processTarget(RoleRequestActivity.java:442)
    	at com.novell.soa.af.impl.activity.RoleRequestActivity.process(RoleRequestActivity.java:266)
    	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
    	at com.novell.soa.af.impl.core.ProcessImpl.startActivity(ProcessImpl.java:1788)
    	at com.novell.soa.af.impl.core.ProcessImpl.forward(ProcessImpl.java:1672)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:294)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:269)
    	at com.novell.soa.af.impl.activity.ConditionActivity.process(ConditionActivity.java:87)
    	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
    	at com.novell.soa.af.impl.core.ProcessImpl.startActivity(ProcessImpl.java:1788)
    	at com.novell.soa.af.impl.core.ProcessImpl.forward(ProcessImpl.java:1672)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:294)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:269)
    	at com.novell.soa.af.impl.activity.MappingActivity.process(MappingActivity.java:68)
    	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
    	at com.novell.soa.af.impl.core.ProcessImpl.startActivity(ProcessImpl.java:1788)
    	at com.novell.soa.af.impl.core.ProcessImpl.forward(ProcessImpl.java:1672)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:294)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:269)
    	at com.novell.soa.af.impl.activity.StartActivity.process(StartActivity.java:94)
    	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
    	at com.novell.soa.af.impl.activity.RunnableActivity.run(RunnableActivity.java:50)
    	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    	at java.lang.Thread.run(Thread.java:748)
    Caused by: java.net.ConnectException: Connection refused (Connection refused)
    	at java.net.PlainSocketImpl.socketConnect(Native Method)
    	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
    	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
    	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
    	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
    	at java.net.Socket.connect(Socket.java:589)
    	at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:666)
    	at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:173)
    	at sun.net.NetworkClient.doConnect(NetworkClient.java:180)
    	at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
    	at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
    	at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)
    	at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
    	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
    	at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1162)
    	at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1056)
    	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
    	at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1340)
    	at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1315)
    	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:264)
    	at com.sun.jersey.client.urlconnection.URLConnectionClientHandler$1$1.getOutputStream(URLConnectionClientHandler.java:238)
    	at com.sun.jersey.api.client.CommittingOutputStream.commitStream(CommittingOutputStream.java:117)
    	at com.sun.jersey.api.client.CommittingOutputStream.write(CommittingOutputStream.java:89)
    	at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
    	at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)
    	at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)
    	at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)
    	at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)
    	at java.io.BufferedWriter.flush(BufferedWriter.java:254)
    	at com.sun.jersey.core.util.ReaderWriter.writeToAsString(ReaderWriter.java:191)
    	at com.sun.jersey.core.provider.AbstractMessageReaderWriterProvider.writeToAsString(AbstractMessageReaderWriterProvider.java:128)
    	at com.sun.jersey.core.impl.provider.entity.StringProvider.writeTo(StringProvider.java:88)
    	at com.sun.jersey.core.impl.provider.entity.StringProvider.writeTo(StringProvider.java:58)
    	at com.sun.jersey.api.client.RequestWriter.writeRequestEntity(RequestWriter.java:300)
    	at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:217)
    	at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:153)
    	... 31 more
    2022-09-13 10:11:27,909 ERROR [com.novell.soa.af.impl.activity.RoleRequestActivity] (WORKFLOW pool-1-workflow engine-ND-thread-8) [WORKFLOW] Error while processing the external application request.
    com.microfocus.external.exception.ExternalClientException: Error while processing the external application request.
    	at com.microfocus.external.client.ExternalApplicationClient.doPost(ExternalApplicationClient.java:94)
    	at com.microfocus.external.idm.IDMApplicationClientImpl.requestPermission(IDMApplicationClientImpl.java:45)
    	at com.novell.soa.af.impl.activity.RoleRequestActivity.processTarget(RoleRequestActivity.java:442)
    	at com.novell.soa.af.impl.activity.RoleRequestActivity.process(RoleRequestActivity.java:266)
    	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
    	at com.novell.soa.af.impl.core.ProcessImpl.startActivity(ProcessImpl.java:1788)
    	at com.novell.soa.af.impl.core.ProcessImpl.forward(ProcessImpl.java:1672)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:294)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:269)
    	at com.novell.soa.af.impl.activity.ConditionActivity.process(ConditionActivity.java:87)
    	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
    	at com.novell.soa.af.impl.core.ProcessImpl.startActivity(ProcessImpl.java:1788)
    	at com.novell.soa.af.impl.core.ProcessImpl.forward(ProcessImpl.java:1672)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:294)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:269)
    	at com.novell.soa.af.impl.activity.MappingActivity.process(MappingActivity.java:68)
    	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
    	at com.novell.soa.af.impl.core.ProcessImpl.startActivity(ProcessImpl.java:1788)
    	at com.novell.soa.af.impl.core.ProcessImpl.forward(ProcessImpl.java:1672)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:294)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:269)
    	at com.novell.soa.af.impl.activity.StartActivity.process(StartActivity.java:94)
    	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
    	at com.novell.soa.af.impl.activity.RunnableActivity.run(RunnableActivity.java:50)
    	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    	at java.lang.Thread.run(Thread.java:748)
    2022-09-13 10:11:27,909 ERROR [com.novell.soa.af.impl.LogEvent] (WORKFLOW pool-1-workflow engine-ND-thread-8) [WORKFLOW] [Workflow_Error] Initiated by cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx, Error Message: Error while processing the external application request., Process ID: 90af87c4c1014df9904372dff6485e99, Process Name: cn=assignroles,cn=requestdefs,cn=appconfig,cn=user application driver,cn=driver set,ou=idm,ou=services,o=xxxxxxxxx:232, Activity: Assign Roles, Recipient: cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx
    

  • Sorry your message was flagged as spam again... It is an ongoing struggle, I released it. 

    Anyway, in general, kick up the logging on the classes nearby the error.  So I would try these two:

    com.novell.soa.af.impl

    com.microfocus.external.client

    See if that returns more messaging.

    Check that ism-configuration.properties has correct config for the Workflow lines..  A clientID, secret, URL, port, etc.

  • Sorry the steps are not clear to me.

    Could you please give a brief details on what you've said above.

  • In User App/Identity Apps, logged in as a Uaadmin equivalent, under Configuration or Administratorion (last menu item usually) there is a Logging option.

    Near the top of that page is a search (which is a search of what is below) and above it a subtle + button. Click plus, type in the values I suggested above. Select DEBUG or TRACE levels for them, then apply. (Persist if you want for now, or not, which means next UA restart the setting persists through a reboot or not.

  • I changed the com.novell.soa.af.impl class from INFO to TRACE but couldn't find com.microfocus.external.client class while searching (getting result 'no packages found').

    As an additional step, I changed "<logger name="com.microfocus" level="INFO" additivity="true">" to TRACE in '/opt/netiq/idm/apps/tomcat/conf/workflow_logging.xml' and restarted tomcat.

    attaching the logs for your reference:

    catalina.out

    2022-09-14 09:07:12,691 DEBUG [com.novell.soa.af.impl.core.DataItemEvaluator] (https-jsse-nio-8443-exec-6) [RBPM] /*
    http://www.JSON.org/json2.js
    2011-10-19
    
    Public Domain.
    
    NO WARRANTY EXPRESSED OR IMPLIED. USE AT YOUR OWN RISK.
    
    See http://www.JSON.org/js.html
    
    
    This code should be minified before deployment.
    See http://javascript.crockford.com/jsmin.html
    
    USE YOUR OWN COPY. IT IS EXTREMELY UNWISE TO LOAD CODE FROM SERVERS YOU DO
    NOT CONTROL.
    
    
    This file creates a global JSON object containing two methods: stringify
    and parse.
    
    JSON.stringify(value, replacer, space)
    value any JavaScript value, usually an object or array.
    
    replacer an optional parameter that determines how object
    values are stringified for objects. It can be a
    function or an array of strings.
    
    space an optional parameter that specifies the indentation
    of nested structures. If it is omitted, the text will
    be packed without extra whitespace. If it is a number,
    it will specify the number of spaces to indent at each
    level. If it is a string (such as '\t' or ' '),
    it contains the characters used to indent at each level.
    
    This method produces a JSON text from a JavaScript value.
    
    When an object value is found, if the object contains a toJSON
    method, its toJSON method will be called and the result will be
    stringified. A toJSON method does not serialize: it returns the
    value represented by the name/value pair that should be serialized,
    or undefined if nothing should be serialized. The toJSON method
    will be passed the key associated with the value, and this will be
    bound to the value
    
    For example, this would serialize Dates as ISO strings.
    
    Date.prototype.toJSON = function (key) {
    function f(n) {
    // Format integers to have at least two digits.
    return n < 10 ? '0' + n : n;
    }
    
    return this.getUTCFullYear() + '-' +
    f(this.getUTCMonth() + 1) + '-' +
    f(this.getUTCDate()) + 'T' +
    f(this.getUTCHours()) + ':' +
    f(this.getUTCMinutes()) + ':' +
    f(this.getUTCSeconds()) + 'Z';
    };
    
    You can provide an optional replacer method. It will be passed the
    key and value of each member, with this bound to the containing
    object. The value that is returned from your method will be
    serialized. If your method returns undefined, then the member will
    be excluded from the serialization.
    
    If the replacer parameter is an array of strings, then it will be
    used to select the members to be serialized. It filters the results
    such that only members with keys listed in the replacer array are
    stringified.
    
    Values that do not have JSON representations, such as undefined or
    functions, will not be serialized. Such values in objects will be
    dropped; in arrays they will be replaced with null. You can use
    a replacer function to replace those with JSON values.
    JSON.stringify(undefined) returns undefined.
    
    The optional space parameter produces a stringification of the
    value that is filled with line breaks and indentation to make it
    easier to read.
    
    If the space parameter is a non-empty string, then that string will
    be used for indentation. If the space parameter is a number, then
    the indentation will be that many spaces.
    
    Example:
    
    text = JSON.stringify(['e', {pluribus: 'unum'}]);
    // text is '["e",{"pluribus":"unum"}]'
    
    
    text = JSON.stringify(['e', {pluribus: 'unum'}], null, '\t');
    // text is '[\n\t"e",\n\t{\n\t\t"pluribus": "unum"\n\t}\n]'
    
    text = JSON.stringify([new Date()], function (key, value) {
    return this[key] instanceof Date ?
    'Date(' + this[key] + ')' : value;
    });
    // text is '["Date(---current time---)"]'
    
    
    JSON.parse(text, reviver)
    This method parses a JSON text to produce an object or array.
    It can throw a SyntaxError exception.
    
    The optional reviver parameter is a function that can filter and
    transform the results. It receives each of the keys and values,
    and its return value is used instead of the original value.
    If it returns what it received, then the structure is not modified.
    If it returns undefined then the member is deleted.
    
    Example:
    
    // Parse the text. Values that look like ISO date strings will
    // be converted to Date objects.
    
    myData = JSON.parse(text, function (key, value) {
    var a;
    if (typeof value === 'string') {
    a =
    /^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2}(?:\.\d*)?)Z$/.exec(value);
    if (a) {
    return new Date(Date.UTC(+a[1], +a[2] - 1, +a[3], +a[4],
    +a[5], +a[6]));
    }
    }
    return value;
    });
    
    myData = JSON.parse('["Date(09/09/2001)"]', function (key, value) {
    var d;
    if (typeof value === 'string' &&
    value.slice(0, 5) === 'Date(' &&
    value.slice(-1) === ')') {
    d = new Date(value.slice(5, -1));
    if (d) {
    return d;
    }
    }
    return value;
    });
    
    
    This is a reference implementation. You are free to copy, modify, or
    redistribute.
    */
    
    /*jslint evil: true, regexp: true */
    
    /*members "", "\b", "\t", "\n", "\f", "\r", "\"", JSON, "\\", apply,
    call, charCodeAt, getUTCDate, getUTCFullYear, getUTCHours,
    getUTCMinutes, getUTCMonth, getUTCSeconds, hasOwnProperty, join,
    lastIndex, length, parse, prototype, push, replace, slice, stringify,
    test, toJSON, toString, valueOf
    */
    
    
    // Create a JSON object only if one does not already exist. We create the
    // methods in a closure to avoid creating global variables.
    
    // delta from original
    // 1) publish these scripts to ScriptVault.JSON.parse, ScriptValue.JSON.stringify
    // 2) replace throw statements with return null, as for some reason rhino is getting a parsing error on the throw
    
    // delta 1: create script vault if it does not exist
    var ScriptVault;
    if (!ScriptVault) {
    	ScriptVault = {};
    }
    
    (function () {
    	var JSON;
    	if (!JSON) {
    		JSON = {};
    	}
    
    	// delta 2: add JSON object to our script vault
    	ScriptVault.JSON = JSON;
    	
        'use strict';
    
        function f(n) {
            // Format integers to have at least two digits.
            return n < 10 ? '0' + n : n;
        }
    
        if (typeof Date.prototype.toJSON !== 'function') {
    
            Date.prototype.toJSON = function (key) {
    
                return isFinite(this.valueOf())
                    ? this.getUTCFullYear() + '-' +
                        f(this.getUTCMonth() + 1) + '-' +
                        f(this.getUTCDate()) + 'T' +
                        f(this.getUTCHours()) + ':' +
                        f(this.getUTCMinutes()) + ':' +
                        f(this.getUTCSeconds()) + 'Z'
                    : null;
            };
    
            String.prototype.toJSON =
                Number.prototype.toJSON =
                Boolean.prototype.toJSON = function (key) {
                    return this.valueOf();
                };
        }
    
        var cx = /[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,
            escapable = /[\\\"\x00-\x1f\x7f-\x9f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,
            gap,
            indent,
            meta = { // table of character substitutions
                '\b': '\\b',
                '\t': '\\t',
                '\n': '\\n',
                '\f': '\\f',
                '\r': '\\r',
                '"' : '\\"',
                '\\': '\\\\'
            },
            rep;
    
    
        function quote(string) {
    
    // If the string contains no control characters, no quote characters, and no
    // backslash characters, then we can safely slap some quotes around it.
    // Otherwise we must also replace the offending characters with safe escape
    // sequences.
    
            escapable.lastIndex = 0;
            return escapable.test(string) ? '"' + string.replace(escapable, function (a) {
                var c = meta[a];
                return typeof c === 'string'
                    ? c
                    : '\\u' + ('0000' + a.charCodeAt(0).toString(16)).slice(-4);
            }) + '"' : '"' + string + '"';
        }
    
    
        function str(key, holder) {
    
    // Produce a string from holder[key].
    
            var i, // The loop counter.
                k, // The member key.
                v, // The member value.
                length,
                mind = gap,
                partial,
                value = holder[key];
    
    // If the value has a toJSON method, call it to obtain a replacement value.
    
            if (value && typeof value === 'object' &&
                    typeof value.toJSON === 'function') {
                value = value.toJSON(key);
            }
    
    // If we were called with a replacer function, then call the replacer to
    // obtain a replacement value.
    
            if (typeof rep === 'function') {
                value = rep.call(holder, key, value);
            }
    
    // What happens next depends on the value's type.
    
            switch (typeof value) {
            case 'string':
                return quote(value);
    
            case 'number':
    
    // JSON numbers must be finite. Encode non-finite numbers as null.
    
                return isFinite(value) ? String(value) : 'null';
    
            case 'boolean':
            case 'null':
    
    // If the value is a boolean or null, convert it to a string. Note:
    // typeof null does not produce 'null'. The case is included here in
    // the remote chance that this gets fixed someday.
    
                return String(value);
    
    // If the type is 'object', we might be dealing with an object or an array or
    // null.
    
            case 'object':
    
    // Due to a specification blunder in ECMAScript, typeof null is 'object',
    // so watch out for that case.
    
                if (!value) {
                    return 'null';
                }
    
    // Make an array to hold the partial results of stringifying this object value.
    
                gap += indent;
                partial = [];
    
    // Is the value an array?
    
                if (Object.prototype.toString.apply(value) === '[object Array]') {
    
    // The value is an array. Stringify every element. Use null as a placeholder
    // for non-JSON values.
    
                    length = value.length;
                    for (i = 0; i < length; i += 1) {
                        partial[i] = str(i, value) || 'null';
                    }
    
    // Join all of the elements together, separated with commas, and wrap them in
    // brackets.
    
                    v = partial.length === 0
                        ? '[]'
                        : gap
                        ? '[\n' + gap + partial.join(',\n' + gap) + '\n' + mind + ']'
                        : '[' + partial.join(',') + ']';
                    gap = mind;
                    return v;
                }
    
    // If the replacer is an array, use it to select the members to be stringified.
    
                if (rep && typeof rep === 'object') {
                    length = rep.length;
                    for (i = 0; i < length; i += 1) {
                        if (typeof rep[i] === 'string') {
                            k = rep[i];
                            v = str(k, value);
                            if (v) {
                                partial.push(quote(k) + (gap ? ': ' : ':') + v);
                            }
                        }
                    }
                } else {
    
    // Otherwise, iterate through all of the keys in the object.
    
                    for (k in value) {
                        if (Object.prototype.hasOwnProperty.call(value, k)) {
                            v = str(k, value);
                            if (v) {
                                partial.push(quote(k) + (gap ? ': ' : ':') + v);
                            }
                        }
                    }
                }
    
    // Join all of the member texts together, separated with commas,
    // and wrap them in braces.
    
                v = partial.length === 0
                    ? '{}'
                    : gap
                    ? '{\n' + gap + partial.join(',\n' + gap) + '\n' + mind + '}'
                    : '{' + partial.join(',') + '}';
                gap = mind;
                return v;
            }
        }
    
    // If the JSON object does not yet have a stringify method, give it one.
    
        if (typeof JSON.stringify !== 'function') {
            JSON.stringify = function (value, replacer, space) {
    
    // The stringify method takes a value and an optional replacer, and an optional
    // space parameter, and returns a JSON text. The replacer can be a function
    // that can replace values, or an array of strings that will select the keys.
    // A default replacer method can be provided. Use of the space parameter can
    // produce text that is more easily readable.
    
                var i;
                gap = '';
                indent = '';
    
    // If the space parameter is a number, make an indent string containing that
    // many spaces.
    
                if (typeof space === 'number') {
                    for (i = 0; i < space; i += 1) {
                        indent += ' ';
                    }
    
    // If the space parameter is a string, it will be used as the indent string.
    
                } else if (typeof space === 'string') {
                    indent = space;
                }
    
    // If there is a replacer, it must be a function or an array.
    // Otherwise, throw an error.
    
                rep = replacer;
                if (replacer && typeof replacer !== 'function' &&
                        (typeof replacer !== 'object' ||
                        typeof replacer.length !== 'number')) {
                    // note: replace throw with null return, does not parse in rhino
                	//throw new Error('JSON.stringify');
                	return null;
                }
    
    // Make a fake root object containing our value under the key of ''.
    // Return the result of stringifying the value.
    
                return str('', {'': value});
            };
        }
    
    
    // If the JSON object does not yet have a parse method, give it one.
    
        if (typeof JSON.parse !== 'function') {
            JSON.parse = function (text, reviver) {
    
    // The parse method takes a text and an optional reviver function, and returns
    // a JavaScript value if the text is a valid JSON text.
    
                var j;
    
                function walk(holder, key) {
    
    // The walk method is used to recursively walk the resulting structure so
    // that modifications can be made.
    
                    var k, v, value = holder[key];
                    if (value && typeof value === 'object') {
                        for (k in value) {
                            if (Object.prototype.hasOwnProperty.call(value, k)) {
                                v = walk(value, k);
                                if (v !== undefined) {
                                    value[k] = v;
                                } else {
                                    delete value[k];
                                }
                            }
                        }
                    }
                    return reviver.call(holder, key, value);
                }
    
    
    // Parsing happens in four stages. In the first stage, we replace certain
    // Unicode characters with escape sequences. JavaScript handles many characters
    // incorrectly, either silently deleting them, or treating them as line endings.
    
                text = String(text);
                cx.lastIndex = 0;
                if (cx.test(text)) {
                    text = text.replace(cx, function (a) {
                        return '\\u' +
                            ('0000' + a.charCodeAt(0).toString(16)).slice(-4);
                    });
                }
    
    // In the second stage, we run the text against regular expressions that look
    // for non-JSON patterns. We are especially concerned with '()' and 'new'
    // because they can cause invocation, and '=' because it can cause mutation.
    // But just to be safe, we want to reject all unexpected forms.
    
    // We split the second stage into 4 regexp operations in order to work around
    // crippling inefficiencies in IE's and Safari's regexp engines. First we
    // replace the JSON backslash pairs with '@' (a non-JSON character). Second, we
    // replace all simple value tokens with ']' characters. Third, we delete all
    // open brackets that follow a colon or comma or that begin the text. Finally,
    // we look to see that the remaining characters are only whitespace or ']' or
    // ',' or ':' or '{' or '}'. If that is so, then the text is safe for eval.
    
                if (/^[\],:{}\s]*$/
                        .test(text.replace(/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g, '@')
                            .replace(/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g, ']')
                            .replace(/(?:^|:|,)(?:\s*\[)+/g, ''))) {
    
    // In the third stage we use the eval function to compile the text into a
    // JavaScript structure. The '{' operator is subject to a syntactic ambiguity
    // in JavaScript: it can begin a block or an object literal. We wrap the text
    // in parens to eliminate the ambiguity.
    
                    j = eval('(' + text + ')');
    
    // In the optional fourth stage, we recursively walk the new structure, passing
    // each name/value pair to a reviver function for possible transformation.
    
                    return typeof reviver === 'function'
                        ? walk({'': j}, '')
                        : j;
                }
    
    // If the text is not JSON parseable, then a SyntaxError is thrown.
                // note: replace throw with null return, does not parse in rhino
                //throw new SyntaxError('JSON.parse');
                return null;
            };
        }
    }());
    2022-09-14 09:07:12,713 DEBUG [com.novell.soa.af.impl.core.DataItemEvaluator] (https-jsse-nio-8443-exec-6) [RBPM] evaluating source expression: initiator
    2022-09-14 09:07:12,714 DEBUG [com.novell.soa.af.impl.core.DataItemEvaluator] (https-jsse-nio-8443-exec-6) [RBPM] result: cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx
    2022-09-14 09:07:13,198 INFO  [com.novell.srvprv.impl.vdata.definition.VirtualDataDefinition] (https-jsse-nio-8443-exec-3) [WORKFLOW] Directory Abstraction Choice List Definitions have been loaded into server lifetime memory
    2022-09-14 09:07:13,798 INFO  [com.novell.soa.af.impl.LogEvent] (WORKFLOW pool-1-workflow engine-ND-thread-7) [WORKFLOW] [Workflow_Started] Initiated by cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx, Process ID: 72d205f8c00d489b9e2ca769c2e044ba, Process Name: cn=assignroles,cn=requestdefs,cn=appconfig,cn=user application driver,cn=driver set,ou=idm,ou=services,o=xxxxxxxxx:232, Activity: Start, Recipient: cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx, Secondary User: null
    2022-09-14 09:07:13,836 INFO  [com.novell.soa.af.impl.LogEvent] (WORKFLOW pool-1-workflow engine-ND-thread-7) [WORKFLOW] [Workflow_Forwarded] Initiated by System, Process ID: 72d205f8c00d489b9e2ca769c2e044ba, Process Name: cn=assignroles,cn=requestdefs,cn=appconfig,cn=user application driver,cn=driver set,ou=idm,ou=services,o=xxxxxxxxx:232, Activity: Start, Recipient: cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx
    Inside getRevokeRoles
    Process ID: cn=assignroles,cn=requestdefs,cn=appconfig,cn=user application driver,cn=driver set,ou=idm,ou=services,o=xxxxxxxxx
    rolesFieldArr : [[Roles: null]]
    allAssignedRolesSize>>>>>0
    assignRolesSize>>>>>1
    revokeRolesArr>>>>>
    Inside getRevokeSSORoles
    assignRolesSize>>>>>2
    allAssignedRolesSize>>>>>0
    revokeRolesArr>>>>>
    Inside getAssignedSkills
    User DN>>>>>cn=PA36730-TUser,ou=Accounts,ou=NADPartnerPortal,ou=Applications,o=xxxxxxxxx
    assignedSkills>>>>>null
    2022-09-14 09:07:14,102 INFO  [com.novell.soa.af.impl.LogEvent] (WORKFLOW pool-1-workflow engine-ND-thread-7) [WORKFLOW] [Workflow_Forwarded] Initiated by System, Process ID: 72d205f8c00d489b9e2ca769c2e044ba, Process Name: cn=assignroles,cn=requestdefs,cn=appconfig,cn=user application driver,cn=driver set,ou=idm,ou=services,o=xxxxxxxxx:232, Activity: SetAssignRevokeRoles, Recipient: cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx
    2022-09-14 09:07:14,207 INFO  [com.novell.soa.af.impl.LogEvent] (WORKFLOW pool-1-workflow engine-ND-thread-7) [WORKFLOW] [Workflow_Forwarded] Initiated by System, Process ID: 72d205f8c00d489b9e2ca769c2e044ba, Process Name: cn=assignroles,cn=requestdefs,cn=appconfig,cn=user application driver,cn=driver set,ou=idm,ou=services,o=xxxxxxxxx:232, Activity: IsRoleAssign, Recipient: cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx
    2022-09-14 09:07:14,651 ERROR [com.microfocus.external.client.ExternalApplicationClient] (WORKFLOW pool-1-workflow engine-ND-thread-7) [WORKFLOW] Error while processing the external application request.
    com.sun.jersey.api.client.ClientHandlerException: java.net.ConnectException: Connection refused (Connection refused)
    	at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:155)
    	at com.sun.jersey.api.client.Client.handle(Client.java:652)
    	at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682)
    	at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
    	at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:570)
    	at com.microfocus.external.client.ExternalApplicationClient.doPost(ExternalApplicationClient.java:80)
    	at com.microfocus.external.idm.IDMApplicationClientImpl.requestPermission(IDMApplicationClientImpl.java:45)
    	at com.novell.soa.af.impl.activity.RoleRequestActivity.processTarget(RoleRequestActivity.java:442)
    	at com.novell.soa.af.impl.activity.RoleRequestActivity.process(RoleRequestActivity.java:266)
    	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
    	at com.novell.soa.af.impl.core.ProcessImpl.startActivity(ProcessImpl.java:1788)
    	at com.novell.soa.af.impl.core.ProcessImpl.forward(ProcessImpl.java:1672)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:294)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:269)
    	at com.novell.soa.af.impl.activity.ConditionActivity.process(ConditionActivity.java:87)
    	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
    	at com.novell.soa.af.impl.core.ProcessImpl.startActivity(ProcessImpl.java:1788)
    	at com.novell.soa.af.impl.core.ProcessImpl.forward(ProcessImpl.java:1672)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:294)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:269)
    	at com.novell.soa.af.impl.activity.MappingActivity.process(MappingActivity.java:68)
    	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
    	at com.novell.soa.af.impl.core.ProcessImpl.startActivity(ProcessImpl.java:1788)
    	at com.novell.soa.af.impl.core.ProcessImpl.forward(ProcessImpl.java:1672)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:294)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:269)
    	at com.novell.soa.af.impl.activity.StartActivity.process(StartActivity.java:94)
    	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
    	at com.novell.soa.af.impl.activity.RunnableActivity.run(RunnableActivity.java:50)
    	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    	at java.lang.Thread.run(Thread.java:748)
    Caused by: java.net.ConnectException: Connection refused (Connection refused)
    	at java.net.PlainSocketImpl.socketConnect(Native Method)
    	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
    	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
    	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
    	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
    	at java.net.Socket.connect(Socket.java:589)
    	at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:666)
    	at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:173)
    	at sun.net.NetworkClient.doConnect(NetworkClient.java:180)
    	at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
    	at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
    	at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)
    	at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
    	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
    	at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1162)
    	at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1056)
    	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
    	at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1340)
    	at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1315)
    	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:264)
    	at com.sun.jersey.client.urlconnection.URLConnectionClientHandler$1$1.getOutputStream(URLConnectionClientHandler.java:238)
    	at com.sun.jersey.api.client.CommittingOutputStream.commitStream(CommittingOutputStream.java:117)
    	at com.sun.jersey.api.client.CommittingOutputStream.write(CommittingOutputStream.java:89)
    	at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
    	at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)
    	at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)
    	at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)
    	at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)
    	at java.io.BufferedWriter.flush(BufferedWriter.java:254)
    	at com.sun.jersey.core.util.ReaderWriter.writeToAsString(ReaderWriter.java:191)
    	at com.sun.jersey.core.provider.AbstractMessageReaderWriterProvider.writeToAsString(AbstractMessageReaderWriterProvider.java:128)
    	at com.sun.jersey.core.impl.provider.entity.StringProvider.writeTo(StringProvider.java:88)
    	at com.sun.jersey.core.impl.provider.entity.StringProvider.writeTo(StringProvider.java:58)
    	at com.sun.jersey.api.client.RequestWriter.writeRequestEntity(RequestWriter.java:300)
    	at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:217)
    	at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:153)
    	... 31 more
    2022-09-14 09:07:14,654 ERROR [com.novell.soa.af.impl.activity.RoleRequestActivity] (WORKFLOW pool-1-workflow engine-ND-thread-7) [WORKFLOW] Error while processing the external application request.
    com.microfocus.external.exception.ExternalClientException: Error while processing the external application request.
    	at com.microfocus.external.client.ExternalApplicationClient.doPost(ExternalApplicationClient.java:94)
    	at com.microfocus.external.idm.IDMApplicationClientImpl.requestPermission(IDMApplicationClientImpl.java:45)
    	at com.novell.soa.af.impl.activity.RoleRequestActivity.processTarget(RoleRequestActivity.java:442)
    	at com.novell.soa.af.impl.activity.RoleRequestActivity.process(RoleRequestActivity.java:266)
    	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
    	at com.novell.soa.af.impl.core.ProcessImpl.startActivity(ProcessImpl.java:1788)
    	at com.novell.soa.af.impl.core.ProcessImpl.forward(ProcessImpl.java:1672)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:294)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:269)
    	at com.novell.soa.af.impl.activity.ConditionActivity.process(ConditionActivity.java:87)
    	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
    	at com.novell.soa.af.impl.core.ProcessImpl.startActivity(ProcessImpl.java:1788)
    	at com.novell.soa.af.impl.core.ProcessImpl.forward(ProcessImpl.java:1672)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:294)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:269)
    	at com.novell.soa.af.impl.activity.MappingActivity.process(MappingActivity.java:68)
    	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
    	at com.novell.soa.af.impl.core.ProcessImpl.startActivity(ProcessImpl.java:1788)
    	at com.novell.soa.af.impl.core.ProcessImpl.forward(ProcessImpl.java:1672)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:294)
    	at com.novell.soa.af.impl.activity.ActivityNode.forward(ActivityNode.java:269)
    	at com.novell.soa.af.impl.activity.StartActivity.process(StartActivity.java:94)
    	at com.novell.soa.af.impl.activity.ActivityNode.notifyArrive(ActivityNode.java:235)
    	at com.novell.soa.af.impl.activity.RunnableActivity.run(RunnableActivity.java:50)
    	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    	at java.lang.Thread.run(Thread.java:748)
    2022-09-14 09:07:14,655 ERROR [com.novell.soa.af.impl.LogEvent] (WORKFLOW pool-1-workflow engine-ND-thread-7) [WORKFLOW] [Workflow_Error] Initiated by cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx, Error Message: Error while processing the external application request., Process ID: 72d205f8c00d489b9e2ca769c2e044ba, Process Name: cn=assignroles,cn=requestdefs,cn=appconfig,cn=user application driver,cn=driver set,ou=idm,ou=services,o=xxxxxxxxx:232, Activity: Assign Roles, Recipient: cn=xxxxSuperAdmin,ou=Users,o=xxxxxxxxx
    

    osp-idm.2022-09-14.log

    Preamble: [OSP]
    Priority Level: FINER
    Java: internal.osp.common.logging.HttpRequestLogger.log() [340] thread=https-jsse-nio-8443-exec-8
    Time: 2022-09-14T09:07:12.916-0400
    Log Data: HttpServletRequest (Number 47)
       Method: GET
       Request URL: /osp/a/idm/auth/oauth2/getattributes
       Query String: ?attributes=initials%2Croles%2Cname%2Clast_name%2Cclient%2Clanguage%2Ccacheable%2Cexpiration%2Cauth_src_id%2Cfirst_name%2Cemail&access_token=xxxxxxxx
       Scheme: https
       Context Path: /osp
       Servlet Path: /a
       Path Info: /idm/auth/oauth2/getattributes
       Server Name: provxxxx.iaglab.com
       Server Port: 443
       Locale: en
       Host IP Address: 10.10.30.55
       Remote Client IP Address: 100.64.80.11
       Headers
          host=provxxxx.iaglab.com:443
          x-forwarded-proto=https
          x-forwarded-port=443
          x-forwarded-for=10.10.30.155, 100.64.80.11
          authorization=Basic ********
          accept-charset=UTF-8
          accept=application/json
          cache-control=no-cache
          pragma=no-cache
          user-agent=Java/1.8.0_222
          via=1.0 provxxxx.iaglab.com (Access Gateway-ag-1F0138B4C5B5D16C-432656)
          x-forwarded-host=provxxxx.iaglab.com
          x-forwarded-server=provxxxx.iaglab.com
       Session
          Id: E7DE4A7AB8C1A198A99D8337F9F155F3
          Last Accessed Time: 2022-09-14T09:07:12.916-0400 (1663160832916)
       Parameters
          attributes
          access_token
       Attributes
          org.apache.tomcat.util.net.secure_protocol_version
          javax.servlet.request.key_size
          javax.servlet.request.ssl_session_mgr
          javax.servlet.request.cipher_suite
          javax.servlet.request.ssl_session_id
          OSPRequestContext
    
    Preamble: [OSP]
    Priority Level: FINEST
    Java: internal.osp.framework.servlet.OSPServlet.process() [226] thread=https-jsse-nio-8443-exec-8
    Time: 2022-09-14T09:07:12.917-0400
    Log Data: 
       Class: OSPRequestContext
          HttpServletResponse exists.
          Http request type: GET
          Request number: 47
          Tenant: For IDM and IG
          Service: For IDM and IG(id=auth)
          Path element count: 2
             Element: oauth2
             Element: getattributes
          Override locale: en
    
    Preamble: [OIDP]
    Priority Level: FINEST
    Java: internal.osp.oidp.service.servlets.handler.AuthenticationServiceRequestHandler.resolveHandler() [198] thread=https-jsse-nio-8443-exec-8
    Time: 2022-09-14T09:07:12.917-0400
    Log Data: IDP oauth2 handler to process request received for getattributes
    
    Preamble: [OIDP]
    Priority Level: FINER
    Java: internal.osp.oidp.service.session.NIDPSession.<init>() [344] thread=https-jsse-nio-8443-exec-8
    Time: 2022-09-14T09:07:12.918-0400
    Elapsed time: 84.432 microseconds
    Log Data: Creating new session:
       Identifier: 26025360342e11ed935600505694a0cc-c3aaa7aeeea2b6b7ab-CX
       Type: TEMPORARY
       Tracking identifier: JgJTYTQuEe2TVgBQVpSgzA
    
    Preamble: [OIDP]
    Priority Level: FINER
    Java: internal.osp.oidp.service.cluster.ClusterCookieContext.resolveSession() [147] thread=https-jsse-nio-8443-exec-8
    Time: 2022-09-14T09:07:12.918-0400
    Elapsed time: 279.17 microseconds
    Log Data: Session will be created because the request is not a user request and no cookie accompanied the request.
    
    Preamble: [OIDP]
    Priority Level: FINEST
    Java: internal.osp.oidp.service.session.NIDPSession.checkAuthenticated() [2738] thread=https-jsse-nio-8443-exec-8
    Time: 2022-09-14T09:07:12.918-0400
    Elapsed time: 16.561 microseconds
    Log Data: Session authenticated?
       Identifier: 26025360342e11ed935600505694a0cc-c3aaa7aeeea2b6b7ab
       Zero consumed authentications.
       Authenticated: false
    
    Preamble: [OIDP]
    Priority Level: FINER
    Java: internal.osp.oidp.service.session.NIDPSession.getSessionData() [811] thread=https-jsse-nio-8443-exec-8
    Time: 2022-09-14T09:07:12.918-0400
    Elapsed time: 21.293 microseconds
    Log Data: Get session data based on request:
       Creating new session data; id: 0
    
    Preamble: [OIDP]
    Priority Level: FINEST
    Java: internal.osp.oidp.service.attributes.cache.CacheAttributeSource.addAttributes() [146] thread=https-jsse-nio-8443-exec-8
    Time: 2022-09-14T09:07:12.919-0400
    Elapsed time: 26.901 microseconds
    Log Data: Adding cached attributes:
       access-token-ttl
       auth-grants
       encryption-key-id
       grant-types
       hmac-algorithm
       hmac-key-id
       id
       open-id-connect
       redirect-urls
       refresh-token-ttl
       scripted-mode
       secondary-naming-attr
       session-revocation-ttl
       supports-refresh-tokens
       type
       use-session-token-revocation
       use-token-revocation
    
    Preamble: [OIDP]
    Priority Level: FINER
    Java: internal.osp.oidp.service.session.authentication.NIDPAuthentication.<init>() [114] thread=https-jsse-nio-8443-exec-8
    Time: 2022-09-14T09:07:12.920-0400
    Elapsed time: 35.111 microseconds
    Log Data: Created new authentication:
       Class: NIDPLocalAuthentication
       Type: Local
       Origin: consumed
    
    Preamble: [OIDP]
    Priority Level: FINEST
    Java: internal.osp.oidp.service.session.authentication.NIDPAuthentication.addAuthnContext() [410] thread=https-jsse-nio-8443-exec-8
    Time: 2022-09-14T09:07:12.920-0400
    Log Data: Class: NIDPLocalAuthentication
       Identity Id: rbpm
       Display Text: OAuth2 Access Token Authentication
       Consumed: true
       AuthnContext Objects:
             Class: NIDPAuthnContext
                Auth instant: 2022-09-14T09:07:12.920-0400 (1663160832920), elapsed: 0 (0)
                Last used time: 2022-09-14T09:07:12.920-0400 (1663160832920), elapsed: 0 (0)
                Authentication types: Token
                Mag Context: false
                Class: OAuth2AuthnContext
                   Class Ref: OAuth2ClassRef
                   Decl Ref: OAuth2DeclRef
                   Authentication Authority: rbpm
    
    Preamble: [OIDP]
    Priority Level: FINER
    Java: internal.osp.oidp.service.principal.NIDPPrincipal.getSessions() [1453] thread=https-jsse-nio-8443-exec-8
    Time: 2022-09-14T09:07:12.920-0400
    Log Data: Removing uncached session from principal: '26025360342e11ed935600505694a0cc-c3aaa7aeeea2b6b7ab'.
    
    Preamble: [OIDP]
    Priority Level: FINER
    Java: internal.osp.oidp.service.session.NIDPSession.setAuthPrincipal() [1624] thread=https-jsse-nio-8443-exec-8
    Time: 2022-09-14T09:07:12.920-0400
    Elapsed time: 166.877 microseconds
    Log Data: Setting the authenticated principal:
       Candidate principal:
          User identifier: rbpm
          Authentication source: oauth2
          Type: OAuth2ClientPrincipal
          GUID: rbpm
          Cached attribute count: 17
          Identities count: 0
       No existing principal found; Candidate principal set in session: 26025360342e11ed935600505694a0cc-c3aaa7aeeea2b6b7ab
    
    Preamble: [OIDP]
    Priority Level: FINER
    Java: internal.osp.oidp.service.session.NIDPSession.authenticate() [3107] thread=https-jsse-nio-8443-exec-8
    Time: 2022-09-14T09:07:12.920-0400
    Elapsed time: 88.46 microseconds
    Log Data: Authenticating session:
       Identifier: 26025360342e11ed935600505694a0cc-c3aaa7aeeea2b6b7ab-CX
       Type: TEMPORARY
       Add new local authentication: true
    
    Preamble: [OIDP]
    Priority Level: FINEST
    Java: internal.osp.oidp.service.attributes.cache.CacheAttributeSource.addAttributes() [146] thread=https-jsse-nio-8443-exec-8
    Time: 2022-09-14T09:07:12.920-0400
    Elapsed time: 7.217 microseconds
    Log Data: Adding cached attributes:
       AccessToken
    
    Preamble: [OIDP]
    Priority Level: INFO
    Java: internal.osp.oidp.service.session.NIDPSession.authenticate() [1479] thread=https-jsse-nio-8443-exec-8
    Time: 2022-09-14T09:07:12.920-0400
    Log Data: Authenticated user rbpm in User Store Automatically-generated OAuth2 Client Authentication Source with roles <Roles>:
    
    Preamble: [OIDP]
    Priority Level: FINEST
    Java: internal.osp.oidp.service.oauth2.handler.GetUserInfoBase.handle() [204] thread=https-jsse-nio-8443-exec-8
    Time: 2022-09-14T09:07:12.921-0400
    Log Data: Completed authenticating a TEMPORARY session for attribute reads.
    
    Preamble: [OIDP]
    Priority Level: FINER
    Java: internal.osp.oidp.service.attributes.AttributeManager.getAttributes() [468] thread=https-jsse-nio-8443-exec-8
    Time: 2022-09-14T09:07:12.921-0400
    Elapsed time: 231.263 microseconds
    Log Data: Attribute manager get attributes:
       Names: initials,roles,userDN,last_name,{$oauth-app-id},language,cacheable,{$oauth-valid-to},{$oauth-auth-src-id},first_name,mail
       Session type: TEMPORARY
          Session authenticated?
       Identifier: 26025360342e11ed935600505694a0cc-c3aaa7aeeea2b6b7ab
             Initial consumed authentications count: 1
                The local authentication has at least one existing AuthnContext
                Local: true
                Remote: false
             Authenticated: true
       Session authenticated: true
       Requested attribute count: 11
       Attribute source count: 2
          Source: Cache for principal(id=oauth2)
             Priority: 0
             Attribute count: 18
             Attributes: access-token-ttl, AccessToken, auth-grants, encryption-key-id, grant-types, hmac-algorithm, hmac-key-id, id, open-id-connect, redirect-urls, refresh-token-ttl, scripted-mode, secondary-naming-attr, session-revocation-ttl, supports-refresh-tokens, type, use-session-token-revocation, use-token-revocation
          Source: Transient attribute source for OAuth2 token.(id=ACCESS)
             Priority: 1
             Attribute count: 14
             Attributes: aud, auth_time, exp, iat, iss, sub, {$oauth-app-id}, {$oauth-auth-src-id}, {$oauth-auth-tracking-id}, {$oauth-client-type}, {$oauth-time-to-live}, {$oauth-valid-from}, {$oauth-valid-to}, {$PrincipalUserId}
       Source: Transient attribute source for OAuth2 token.(id=ACCESS)
          Names to read: {$oauth-app-id},{$oauth-auth-src-id},{$oauth-valid-to}
          Value found for: {$oauth-app-id}
             Empty: false
             Multi-valued: false
             Adding cached attribute: {$oauth-app-id}
          Value found for: {$oauth-auth-src-id}
             Empty: false
             Multi-valued: false
             Adding cached attribute: {$oauth-auth-src-id}
          Value found for: {$oauth-valid-to}
             Empty: false
             Multi-valued: false
             Adding cached attribute: {$oauth-valid-to}
       Result set count: 3
          Attribute: {$oauth-app-id}
             Empty: false
             Multi-valued: false
             Cachable: false
          Attribute: {$oauth-auth-src-id}
             Empty: false
             Multi-valued: false
             Cachable: false
          Attribute: {$oauth-valid-to}
             Empty: false
             Multi-valued: false
             Cachable: false
          Attributes without values:
             cacheable
             first_name
             initials
             language
             last_name
             mail
             roles
             userDN
    
    Preamble: [OIDP]
    Priority Level: INFO
    Java: internal.osp.oidp.service.oauth2.handler.GetUserInfoBase.audit() [430] thread=https-jsse-nio-8443-exec-8
    Time: 2022-09-14T09:07:12.921-0400
    Log Data: OAuthGetAttributes
    
    Preamble: [OIDP]
    Priority Level: FINER
    Java: internal.osp.framework.UIResponder$Response.setResponse() [1693] thread=https-jsse-nio-8443-exec-8
    Time: 2022-09-14T09:07:12.922-0400
    Elapsed time: 301.717 microseconds
    Log Data: Set response:
       JSON content.
    
    Preamble: [OSP]
    Priority Level: FINER
    Java: internal.osp.common.logging.HttpResponseLogger.log() [115] thread=https-jsse-nio-8443-exec-8
    Time: 2022-09-14T09:07:12.922-0400
    Log Data: HttpServletResponse (Number 47)
       Duration (seconds): 0.7
       Status: 200
       Content type: application/json;charset=UTF-8
       Character encoding: UTF-8
       Locale: en
       Buffer size: 8192
    
    Preamble: [OSP]
    Priority Level: FINER
    Java: internal.osp.common.logging.HttpRequestLogger.log() [340] thread=https-jsse-nio-8443-exec-5
    Time: 2022-09-14T09:07:14.330-0400
    Log Data: HttpServletRequest (Number 48)
       Method: POST
       Request URL: /osp/a/idm/auth/oauth2/grant
       Query String: ?grant_type=client_credentials&client_id=workflow&client_secret=iag12345
       Scheme: https
       Context Path: /osp
       Servlet Path: /a
       Path Info: /idm/auth/oauth2/grant
       Server Name: provxxxx.iaglab.com
       Server Port: 443
       Content Type: application/x-www-form-urlencoded
       Locale: en
       Host IP Address: 10.10.30.55
       Remote Client IP Address: 100.64.80.11
       Headers
          host=provxxxx.iaglab.com:443
          x-forwarded-proto=https
          x-forwarded-port=443
          x-forwarded-for=10.10.30.155, 100.64.80.11
          accept-charset=UTF-8
          accept=application/json
          content-type=application/x-www-form-urlencoded
          cache-control=no-cache
          pragma=no-cache
          user-agent=Java/1.8.0_222
          via=1.0 provxxxx.iaglab.com (Access Gateway-ag-1F0138B4C5B5D16C-432657)
          x-forwarded-host=provxxxx.iaglab.com
          x-forwarded-server=provxxxx.iaglab.com
       Session
          Id: E0134AC4DF8F86CFC8AC6FD882993C55
          Last Accessed Time: 2022-09-14T09:07:14.330-0400 (1663160834330)
       Parameters
          grant_type
          client_id
          client_secret
       Attributes
          org.apache.tomcat.util.net.secure_protocol_version
          javax.servlet.request.key_size
          javax.servlet.request.ssl_session_mgr
          javax.servlet.request.cipher_suite
          javax.servlet.request.ssl_session_id
          OSPRequestContext
    
    Preamble: [OSP]
    Priority Level: FINEST
    Java: internal.osp.framework.servlet.OSPServlet.process() [226] thread=https-jsse-nio-8443-exec-5
    Time: 2022-09-14T09:07:14.331-0400
    Log Data: 
       Class: OSPRequestContext
          HttpServletResponse exists.
          Http request type: POST
          Request number: 48
          Tenant: For IDM and IG
          Service: For IDM and IG(id=auth)
          Path element count: 2
             Element: oauth2
             Element: grant
          Override locale: en
    
    Preamble: [OIDP]
    Priority Level: FINEST
    Java: internal.osp.oidp.service.servlets.handler.AuthenticationServiceRequestHandler.resolveHandler() [198] thread=https-jsse-nio-8443-exec-5
    Time: 2022-09-14T09:07:14.331-0400
    Log Data: IDP oauth2 handler to process request received for grant
    
    Preamble: [OIDP]
    Priority Level: FINER
    Java: internal.osp.oidp.service.oauth2.handler.Grant.getCommand() [198] thread=https-jsse-nio-8443-exec-5
    Time: 2022-09-14T09:07:14.331-0400
    Elapsed time: 13.143 microseconds
    Log Data: Parse OAuth 2.0 response_type or grant_type:
       grant_type: client_credentials
       Maps to: Client Credentials Grant profile
    
    Preamble: [OIDP]
    Priority Level: FINER
    Java: internal.osp.oidp.service.session.NIDPSession.<init>() [344] thread=https-jsse-nio-8443-exec-5
    Time: 2022-09-14T09:07:14.332-0400
    Elapsed time: 81.772 microseconds
    Log Data: Creating new session:
       Identifier: 26da15c0342e11ed935600505694a0cc-4d242920602c383925-CX
       Type: TEMPORARY
       Tracking identifier: JtoVwTQuEe2TVgBQVpSgzA
    
    Preamble: [OIDP]
    Priority Level: FINER
    Java: internal.osp.oidp.service.cluster.ClusterCookieContext.resolveSession() [147] thread=https-jsse-nio-8443-exec-5
    Time: 2022-09-14T09:07:14.332-0400
    Elapsed time: 307.255 microseconds
    Log Data: Session will be created because the request is not a user request and no cookie accompanied the request.
    
    Preamble: [OIDP]
    Priority Level: FINEST
    Java: internal.osp.oidp.service.session.NIDPSession.checkAuthenticated() [2738] thread=https-jsse-nio-8443-exec-5
    Time: 2022-09-14T09:07:14.332-0400
    Elapsed time: 23.302 microseconds
    Log Data: Session authenticated?
       Identifier: 26da15c0342e11ed935600505694a0cc-4d242920602c383925
       Zero consumed authentications.
       Authenticated: false
    
    Preamble: [OIDP]
    Priority Level: FINER
    Java: internal.osp.oidp.service.session.NIDPSession.getSessionData() [811] thread=https-jsse-nio-8443-exec-5
    Time: 2022-09-14T09:07:14.333-0400
    Elapsed time: 84.783 microseconds
    Log Data: Get session data based on request:
       Creating new session data; id: 0
    
    Preamble: [OIDP]
    Priority Level: FINEST
    Java: internal.osp.oidp.service.attributes.cache.CacheAttributeSource.addAttributes() [146] thread=https-jsse-nio-8443-exec-5
    Time: 2022-09-14T09:07:14.333-0400
    Elapsed time: 14.174 microseconds
    Log Data: Adding cached attributes:
       access-token-ttl
       auth-grants
       encryption-key-id
       grant-types
       hmac-algorithm
       hmac-key-id
       id
       open-id-connect
       redirect-urls
       refresh-token-ttl
       scripted-mode
       secondary-naming-attr
       session-revocation-ttl
       supports-refresh-tokens
       type
       use-session-token-revocation
       use-token-revocation
    
    Preamble: [OIDP]
    Priority Level: FINEST
    Java: internal.osp.oidp.service.attributes.cache.CacheAttributeSource.getAttributes() [320] thread=https-jsse-nio-8443-exec-5
    Time: 2022-09-14T09:07:14.333-0400
    Elapsed time: 43.57 microseconds
    Log Data: Requested Attributes: access-token-ttl, auth-grants, encryption-key-id, grant-types, hmac-algorithm, hmac-key-id, id, open-id-connect, redirect-urls, refresh-token-ttl, scripted-mode, secondary-naming-attr, session-revocation-ttl, supports-refresh-tokens, type, use-session-token-revocation, use-token-revocation
       Cached Attribute Value: #1: empty: false, multi-valued: false
       Cached Attribute Value: #2: empty: false, multi-valued: false
       Cached Attribute Value: #3: empty: false, multi-valued: false
       Cached Attribute Value: #4: empty: false, multi-valued: false
       Cached Attribute Value: #5: empty: false, multi-valued: false
       Cached Attribute Value: #6: empty: false, multi-valued: false
       Cached Attribute Value: #7: empty: false, multi-valued: false
       Cached Attribute Value: #8: empty: false, multi-valued: false
       Cached Attribute Value: #9: empty: false, multi-valued: false
       Cached Attribute Value: #10: empty: false, multi-valued: false
       Cached Attribute Value: #11: empty: false, multi-valued: false
       Cached Attribute Value: #12: empty: false, multi-valued: false
       Cached Attribute Value: #13: empty: false, multi-valued: false
       Cached Attribute Value: #14: empty: false, multi-valued: false
       Cached Attribute Value: #15: empty: false, multi-valued: false
       Cached Attribute Value: #16: empty: false, multi-valued: false
       Cached Attribute Value: #17: empty: false, multi-valued: false
    
    Preamble: [OIDP]
    Priority Level: INFO
    Java: internal.osp.oidp.service.oauth2.handler.TokenRequestHandlerBase.auditTokenCreation() [435] thread=https-jsse-nio-8443-exec-5
    Time: 2022-09-14T09:07:14.334-0400
    Log Data: IssueOAuthToken
    
    Preamble: [OIDP]
    Priority Level: FINER
    Java: internal.osp.framework.UIResponder$Response.setResponse() [1693] thread=https-jsse-nio-8443-exec-5
    Time: 2022-09-14T09:07:14.334-0400
    Elapsed time: 296.115 microseconds
    Log Data: Set response:
       JSON content.
    
    Preamble: [OSP]
    Priority Level: FINER
    Java: internal.osp.common.logging.HttpResponseLogger.log() [115] thread=https-jsse-nio-8443-exec-5
    Time: 2022-09-14T09:07:14.335-0400
    Log Data: HttpServletResponse (Number 48)
       Duration (seconds): 0.6
       Status: 200
       Content type: application/json;charset=UTF-8
       Character encoding: UTF-8
       Locale: en
       Buffer size: 8192
    
    

    localhost_access_log.2022-09-14.txt

    100.64.80.11 - - [14/Sep/2022:09:07:12 -0400] "POST /IDMProv/UIQuery?service=vdm&uasess=-7258577517771232780 HTTP/1.0" 200 483
    100.64.80.11 - - [14/Sep/2022:09:07:12 -0400] "POST /IDMProv/UIQuery?service=vdm&uasess=-7258577517771232780 HTTP/1.0" 200 436
    100.64.80.11 - - [14/Sep/2022:09:07:12 -0400] "POST /IDMProv/UIQuery?service=vdm&uasess=-7258577517771232780 HTTP/1.0" 200 396
    100.64.80.11 - - [14/Sep/2022:09:07:12 -0400] "GET /osp/a/idm/auth/oauth2/getattributes?attributes=initials%2Croles%2Cname%2Clast_name%2Cclient%2Clanguage%2Ccacheable%2Cexpiration%2Cauth_src_id%2Cfirst_name%2Cemail&access_token=eH8AIKIM6vC2hXdG_NNp0q7xEZMJMokYI8uwus7dwr6ZV5kU-4L1fJJdcxLX1D87CjZyt3_zS6HFxdwHZRPvyagyob0OII8xqFjAMkhENOEmWS8sz9aN0fRJq3JzJ2XArN-YggZBPRJ93Dj7b9d55ExPUQNpjFkA1rTW95IBOzziw4EP HTTP/1.0" 200 69
    100.64.80.11 - - [14/Sep/2022:09:07:13 -0400] "POST /workflow/request HTTP/1.0" 200 36
    100.64.80.11 - - [14/Sep/2022:09:07:14 -0400] "POST /IDMProv/createAFResourceRequest.do HTTP/1.0" 200 10656
    100.64.80.11 - - [14/Sep/2022:09:07:14 -0400] "POST /osp/a/idm/auth/oauth2/grant?grant_type=client_credentials&client_id=workflow&client_secret=iag12345 HTTP/1.0" 200 256
    

  • can you please help here to find the solution of this issue.