stevehani Absent Member.
Absent Member.
269 views

User App Driver Error (intermittent)


Hi Guys,

I'm trying to troubleshoot a non-functioning workflow and came across
the following error in the User App driver log:

[03/21/16 16:26:35.711]:UserAppDriver ST:
DirXML Log Event -------------------
Driver: \IDV-XXX-DEV\system\driverset\UserApplication
Channel: Subscriber
Object:
\IDV-XXX-DEV\system\driverset\UserApplication\AppConfig\DirectoryModel
Status: Error
Message: com.sssw.b2b.rt.GNVException: rt007005:Error encountered
executing WSDL Action:;
---> nested java.lang.RuntimeException:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: KeyUsage does not allow
digital signatures

Anybody know what is causing it?

Regards
Steve


--
stevehani
------------------------------------------------------------------------
stevehani's Profile: https://forums.netiq.com/member.php?userid=11062
View this thread: https://forums.netiq.com/showthread.php?t=55594

Labels (1)
0 Likes
2 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: User App Driver Error (intermittent)

Could you share some other information about your environment, such as IDM
version, Patch level,, etc.?

Is this production, QA, dev, etc.?

Has this ever worked?

Do other workflows work?

Have you done any customization to the SSL certificate used by the
UserApp, such as set one up (it comes without any security by default)
within Tomcat or whatever application service?

When minting a certificate the user chooses what that certificate can do,
such as encryption, signing, or even being a CA itself. The error
literally means that Java is trying to use a certificate for signing that
was not meant to be used for signing, but I have no idea how you managed
to get to that spot. I'm only guessing that it's the UserApp cert, but
that seems odd too since enabling signing is pretty normal.

Any other logs before this one that could help? Was there a full stack
available, or was this all of the error presented?

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
stevehani Absent Member.
Absent Member.

Re: User App Driver Error (intermittent)


Hi ab,

Thanks for your response... Let me first warn you that I am a newbie to
IDM, so am still finding my feet...

Please see responses to your questions...

ab;266284 Wrote:
> Could you share some other information about your environment, such as
> IDM
> version, Patch level,, etc.?
> IDM v4.5.3, OSP 6.0.0.3, SSPR v3.3.1, eDir 8.8 SP8
>
> Is this production, QA, dev, etc.? Dev
>
> Has this ever worked? Yes, prior to upgrading environment from IDM4.5.1
> and OSP to 6.0.0.3
>
> Do other workflows work? I have created a PRD (workflow) to extend a
> user's account expiration date and that seems to be working ok.
>
> Have you done any customization to the SSL certificate used by the
> UserApp, such as set one up (it comes without any security by default)
> within Tomcat or whatever application service?
>
> I have created an SSL cert for OSP and the User App. As OSP and User App
> run on the same server it has made the certificate use a bit convoluted.
>
> OSP seems to be communicating ok and there is a Private Key Entry in the
> osp.jks cert store for osp.
> Tomcat7 (for iManager) uses an SSL cert generated by our internal CA
> Tomcat (for User App) uses a different SSL cert generated by our
> internal CA
>
> When minting a certificate the user chooses what that certificate can
> do,
> such as encryption, signing, or even being a CA itself. The error
> literally means that Java is trying to use a certificate for signing
> that
> was not meant to be used for signing, but I have no idea how you managed
> to get to that spot. I'm only guessing that it's the UserApp cert, but
> that seems odd too since enabling signing is pretty normal.
>
> Any other logs before this one that could help? Was there a full stack
> available, or was this all of the error presented? No, the only other
> error I could see that may be related... appears in the Roles &
> Resources Driver log
>
> DirXML Log Event -------------------
> Driver: \IDV-XXX-DEV\system\driverset\Role and Resource Service
> Channel: Subscriber
> Status: Error
> Message: Unable to start Approval Workflow
> Workflow DN:
> cn=XXXRoleApproval,cn=RequestDefs,cn=AppConfig,cn=UserApplication,cn=driverset,o=system
> Reason: java.lang.RuntimeException:
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: KeyUsage does not allow
> digital signatures
>
> I am convinced it is a certificate issue but not sure which certs are
> used for which components. I have exported public key certs in every
> keystore.
>
> Any help is greatly appreciated.
> --
> Good luck.
>
> If you find this post helpful and are logged into the web interface,
> show your appreciation and click on the star below...



--
stevehani
------------------------------------------------------------------------
stevehani's Profile: https://forums.netiq.com/member.php?userid=11062
View this thread: https://forums.netiq.com/showthread.php?t=55594

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.