Highlighted
Knowledge Partner
Knowledge Partner
132 views

Validator 1.5 against IDM 4.7.2 - TLS fails on User App

Might as well get a post up in this forum first. 

Looks like the JVM in Validator 1.5 is Java 1.7 and does not properly handle TLS 1.2 the way that the OpenJDK 1.8 _181 in User App 4.7.2 expects it to happen.

This means that after the IDM 4.72 upgrade, the User App actions and HTTP connector (I made SOAP calls for getWork and getWorkEntries for Approvals) fail to connect.

Watching a packet trace, it looks like the initial connection is started as TLS 1.2 (Good) and then during the client Hello it drops down to TLS 1.0 which fails.

I swapped the Validator JVM to use OpenJDK from my Designer 4.7.2 install and the connections work again.  Yay.  But Validator fails on all sorts of other tokens.  So not helpful per se.

Anyone else seen this, or figured out a workaround?

0 Likes
2 Replies
Micro Focus Contributor
Micro Focus Contributor

Re: Validator 1.5 against IDM 4.7.2 - TLS fails on User App

In the end the only way I could do it was to amend the server.xml for the user app tomcat (/opt/netiq/idm/apps/tomcat/conf/server.xml), changing the line

 

<Connector port="8543" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLSv1.2" keystoreFile="conf/tomcat.ks" keystorePass="****" sslEnabledProtocols="TLSv1.2" />

To

<Connector port="8543" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLSv1.2" keystoreFile="conf/tomcat.ks" keystorePass="****" sslEnabledProtocols="all" />

 

That allowed the connection and at least allowed dev testing to progress

Knowledge Partner
Knowledge Partner

Re: Validator 1.5 against IDM 4.7.2 - TLS fails on User App

So that actually worked?  My understanding was that the Azul JDK that you is used in ID Apps for Tomcat only supports TLS 1.2.

I guess that gets over the minor hump Validator is hitting when it tries a TLS1.2 connection.

Thanks for the idea. I will consider it.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.