4.8.2 Workflow Error
We have upgraded from 4.7.4 to 4.8.2 and are testing, been trying to sort this particular error:
Submission failed. Failed to submit resource request [id = cn=edituser,cn=requestdefs,cn=appconfig,cn=userapplication,cn=driverset01,ou=servers,o=emorydev] due to:Provisioning system error:Failed to start the workflow..
In catalina the error is:
[RBPM] Workflow service is not available
org.springframework.web.client.HttpClientErrorException$Unauthorized: 401 : [<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Fault><Code><Value>Sender
</Value><Subcode><Value>Invalid</Value></Subcode></Code><Reason><Text>The authentication token represents an entity that does not have permission for the requ
Verified all info and pw's are correct. Updated ism to remove a bunch of odd entries. Anyone see something similar?
In 4.8, workflow.war is carved out of IDMProv.war and as the name suggests the Workflow stuff is moved.
Now in ISM-config there are lines for workflow and it is a new OAuth client. Make ure they are all there. Lines like:
com.microfocus.workflow.clientID = workflow
com.microfocus.workflow.clientPass._attr_obscurity = ENCRYPT
com.microfocus.workflow.clientPass = some encrypted password
com.microfocus.workflow.landing.url = workflow
com.microfocus.workflow.redirect.url = workflow
com.microfocus.workflow.response-types = client_credentials
com.netiq.wf.engine.url = https://www.acme.com/workflow
And rememer this URL has to be OAuth'ed through OSP so has to perfectly match the cert etc...
(Make sure the workflow.war is deploted in Tomcat as well. Watch Catalina.out, search for "Deploy" and look for workflow.war deploying. Maybe it fails to start?
Seems to deploy just fine.
main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/opt/netiq/idm/apps/tomcat/webapps/workflow.war] has finished in [20,946] ms
Also see this in the log:
ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (https-jsse-nio-8543-exec-6) [WORKFLOW] The authentication token represents an entity that does not have permission for the requested operation.