Commodore
Commodore
247 views

4.8.2 Workflow Error

We have upgraded from 4.7.4 to 4.8.2 and are testing,  been trying to sort this particular error:

Submission failed. Failed to submit resource request [id = cn=edituser,cn=requestdefs,cn=appconfig,cn=userapplication,cn=driverset01,ou=servers,o=emorydev] due to:Provisioning system error:Failed to start the workflow..

 

In catalina the error is:

[RBPM] Workflow service is not available
org.springframework.web.client.HttpClientErrorException$Unauthorized: 401 : [<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Fault><Code><Value>Sender
</Value><Subcode><Value>Invalid</Value></Subcode></Code><Reason><Text>The authentication token represents an entity that does not have permission for the requ
ested operation.</Text></Reason></Fault>]

 

Verified all info and pw's are correct.  Updated ism to remove a bunch of odd entries. Anyone see something similar?

Labels (1)
5 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

In 4.8, workflow.war is carved out of IDMProv.war and as the name suggests the Workflow stuff is moved.

Now in ISM-config there are lines for workflow and it is a new OAuth client.  Make ure they are all there. Lines like:

com.microfocus.workflow.clientID = workflow
com.microfocus.workflow.clientPass._attr_obscurity = ENCRYPT
com.microfocus.workflow.clientPass = some encrypted password
com.microfocus.workflow.landing.url = workflow
com.microfocus.workflow.redirect.url = workflow
com.microfocus.workflow.response-types = client_credentials

com.netiq.wf.engine.url = https://www.acme.com/workflow

And rememer this URL has to be OAuth'ed through OSP so has to perfectly match the cert etc...

(Make sure the workflow.war is deploted in Tomcat as well. Watch Catalina.out, search for "Deploy" and look for workflow.war deploying. Maybe it fails to start?

Commodore
Commodore

Seems to deploy just fine. 

 

main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/opt/netiq/idm/apps/tomcat/webapps/workflow.war] has finished in [20,946] ms

0 Likes
Commodore
Commodore

Also see this in the log:

ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (https-jsse-nio-8543-exec-6) [WORKFLOW] The authentication token represents an entity that does not have permission for the requested operation.

0 Likes
Vice Admiral
Vice Admiral

I read this wrong.. deleting my post.

0 Likes
Commodore
Commodore

It seems that we are not able to communicate with the workflow engine at all even though the war deploys and the tables are written to the database something isn't connecting properly.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.