Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
tkp Absent Member.
Absent Member.
785 views

The global configuration for your server was not found

Can anyone share some thoughts on: "The global configuration for your server was not found. Check to make sure your ism-configuration.properties file is available."
I have done a new installation of IDG3.5. I have installed Apache-Tomcat, ActiveMQ, and Java. SSL/TLS is enabled and the server is providing the certificate when hitting the default tomcat page. After that OSP and Identity Governance is then installed. After the installation I started Tomcat and ActiveMQ. I then got:
com.netiq.iac.client.filter.RESTPathFilter doFilter - Identity Governance is not configured correctly: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
In the log. So I imported the issuing ca for the server certificate (both in cacerts and osp-truststore.pkcs12. The error is now gone, and the server starts without errors.

When I check for the running apache-tomcat I do see that the file is used:
ps aux | grep apa
root 98094 41.4 43.1 3702480 876008 pts/1 Sl 12:30 1:14 /opt/netiq/idm/apps/jre/bin/java -Djava.util.logging.config.file=/opt/netiq/idm/apps/apache-tomcat-9.0.12/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xms1024m -Xmx1024m -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -Dcom.netiq.ism.config=/opt/netiq/idm/apps/apache-tomcat-9.0.12/conf/ism-configuration.properties -Dcom.netiq.osp.ext-context-file=/opt/netiq/idm/apps/osp/lib/osp-conf-edir.jar -Dcom.netiq.idm.osp.logging.level=WARN -Dcom.netiq.idm.osp.client.host=kaba.test.rm.dk -Dcom.netiq.idm.osp.audit.enabled=false -Dcom.netiq.idm.osp.logging.file.dir=/opt/netiq/idm/apps/apache-tomcat-9.0.12/logs -Djava.awt.headless=true -Dcom.netiq.ism.config.is.jndi.env=true -Dnovell.logging.config.dir=/opt/netiq/idm/apps/apache-tomcat-9.0.12/conf -Dlog4j.configuration=file:///opt/netiq/idm/apps/apache-tomcat-9.0.12/conf/log4j.properties -Dinternal.atlaslite.jcce.xml.w3c.XMLUtil.suppressSecurityWarning=true -Dignore.endorsed.dirs= -classpath /opt/netiq/idm/apps/apache-tomcat-9.0.12/bin/bootstrap.jar:/opt/netiq/idm/apps/apache-tomcat-9.0.12/bin/tomcat-juli.jar -Dcatalina.base=/opt/netiq/idm/apps/apache-tomcat-9.0.12 -Dcatalina.home=/opt/netiq/idm/apps/apache-tomcat-9.0.12 -Djava.io.tmpdir=/opt/netiq/idm/apps/apache-tomcat-9.0.12/temp org.apache.catalina.startup.Bootstrap start

I dont see any errors in the catalina logs or osp logs. It is only shown when I try to reference the IDG login page.

Any thoughts?
0 Likes
4 Replies
Micro Focus Expert
Micro Focus Expert

Re: The global configuration for your server was not found

On 1/9/19 6:44 AM, tkp wrote:
>
> Can anyone share some thoughts on: "The global configuration for your
> server was not found. Check to make sure your
> ism-configuration.properties file is available."
> I have done a new installation of IDG3.5. I have installed
> Apache-Tomcat, ActiveMQ, and Java. SSL/TLS is enabled and the server is
> providing the certificate when hitting the default tomcat page. After
> that OSP and Identity Governance is then installed. After the
> installation I started Tomcat and ActiveMQ. I then got:
> *com.netiq.iac.client.filter.RESTPathFilter doFilter - Identity
> Governance is not configured correctly:
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
> *In the log. So I imported the issuing ca for the server certificate
> (both in cacerts and osp-truststore.pkcs12. The error is now gone, and
> the server starts without errors.
>
> When I check for the running apache-tomcat I do see that the file is
> used:
> ps aux | grep apa
> root 98094 41.4 43.1 3702480 876008 pts/1 Sl 12:30 1:14
> /opt/netiq/idm/apps/jre/bin/java
> -Djava.util.logging.config.file=/opt/netiq/idm/apps/apache-tomcat-9.0.12/conf/logging.properties
> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
> -Xms1024m -Xmx1024m -Djdk.tls.ephemeralDHKeySize=2048
> -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
> -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
> -Dcom.netiq.ism.config=/opt/netiq/idm/apps/apache-tomcat-9.0.12/conf/*ism-configuration.properties*
> -Dcom.netiq.osp.ext-context-file=/opt/netiq/idm/apps/osp/lib/osp-conf-edir.jar
> -Dcom.netiq.idm.osp.logging.level=WARN
> -Dcom.netiq.idm.osp.client.host=kaba.test.rm.dk
> -Dcom.netiq.idm.osp.audit.enabled=false
> -Dcom.netiq.idm.osp.logging.file.dir=/opt/netiq/idm/apps/apache-tomcat-9.0.12/logs
> -Djava.awt.headless=true -Dcom.netiq.ism.config.is.jndi.env=true
> -Dnovell.logging.config.dir=/opt/netiq/idm/apps/apache-tomcat-9.0.12/conf
> -Dlog4j.configuration=file:///opt/netiq/idm/apps/apache-tomcat-9.0.12/conf/log4j.properties
> -Dinternal.atlaslite.jcce.xml.w3c.XMLUtil.suppressSecurityWarning=true
> -Dignore.endorsed.dirs= -classpath
> /opt/netiq/idm/apps/apache-tomcat-9.0.12/bin/bootstrap.jar:/opt/netiq/idm/apps/apache-tomcat-9.0.12/bin/tomcat-juli.jar
> -Dcatalina.base=/opt/netiq/idm/apps/apache-tomcat-9.0.12
> -Dcatalina.home=/opt/netiq/idm/apps/apache-tomcat-9.0.12
> -Djava.io.tmpdir=/opt/netiq/idm/apps/apache-tomcat-9.0.12/temp
> org.apache.catalina.startup.Bootstrap start
>
> I dont see any errors in the catalina logs or osp logs. It is only shown
> when I try to reference the IDG login page.
>
> Any thoughts?
>
>

Greetings,

Did you have Tomcat configured for https before you installed OSP and ID
Gov?

If yes you should have been prompted at the summary screen to accept the
certificate(s) and the installer would have added them to the necessary
trust store (not the cacerts file). After that, you had to stop Tomcat
(there is a note about this in the install guide and in the Introduction
page in the installer)

If you did not have this set-up before installing, the you can run
configupdate in either GUI or Console mode and when you press ok (to
save) you will be prompted to accept the certificate(s) and configupdate
will add them to the necessary trust store (not the cacerts file)




--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
tkp Absent Member.
Absent Member.

Re: The global configuration for your server was not found

Hi Steven,

Yes https was enabled before installing OSP and IDG. It also presented me with the issued certificate - but it was for the LDAP server not the HTTPS certificate. When I imported into the OSP keystore i was informad that the certificate was already in the "sytemwide" truststore (cacerts from java/jre) But I imported it anyway. I will give the configupdate and configutil a try - but I still find it a bit odd that it says "The global configuration for your server was not found. Check to make sure your ism-configuration.properties file is available.", that does not sound like missing trust to the CA (I haven't seen that before when missing the issuing CA) But let me go through the things again (Tomorrow)

Thanks
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: The global configuration for your server was not found

On 1/9/19 10:16 AM, tkp wrote:
>
> Hi Steven,
>
> Yes https was enabled before installing OSP and IDG. It also presented
> me with the issued certificate - but it was for the LDAP server not the
> HTTPS certificate. When I imported into the OSP keystore i was informad
> that the certificate was already in the "sytemwide" truststore (cacerts
> from java/jre) But I imported it anyway. I will give the configupdate
> and configutil a try - but I still find it a bit odd that it says "The
> global configuration for your server was not found. Check to make sure
> your ism-configuration.properties file is available.", that does not
> sound like missing trust to the CA (I haven't seen that before when
> missing the issuing CA) But let me go through the things again
> (Tomorrow)
>
> Thanks
>
>

Greetings,
If tomcat was configured for https before the install, then it
sounds like you did not have tomcat running as outlined in the
documentation and the Intro screen in the installer. You would then
stop tomcat in the installer after being presented with the certificates
to accept just before the Summary screen.



Another reason why this could be seen is because the SSO client IDs and
Secrets are not correct. Normally that would be if OSP was deployed a
on different server than ID Gov.

Another reason would be that in configupdate the redirect URLs for the
ID Gov and the Request Application are not correct (the actual value is
not a URL, incorrect port, incorrect protocol ...etc).


Did you configure the environment for DNS or IP address? Make sure that
the what is used is fully resolvable. With the changes in ID Gov 3.5
and OSP 6.3 there are more checks.


Also, make sure you are not experiencing the LDAPS issue that was
covered in the thread "IG 3.5 install, LDAP schema error"




--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
Highlighted
tkp Absent Member.
Absent Member.

Re: The global configuration for your server was not found

Correct Steven, I did not notice that Tomcat had to be running.
I launched configupdate and saw a "new" keystore/truststore "/opt/netiq/idm/apps/apache-tomcat-9.0.12/conf/apps-truststore.pkcs12" in my case.
I added the issuing ca to it and tried again. Due running this in a sandbox, I could not get in touch with the issuing CA (OCSP/CRL checking) - to help others, this can be disabeed by editing catalina.sh and add:
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.net.ssl.checkRevocation=false"

Now I authenticated and next problem has shown. But that is a new issue, so the "The global configuration for your server was not found" is now resolved by fixing the ca chain in the proper keystore/truststores.

Thanks.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.