Novell Identity Audit fails to connect to the administrative interface

  • 7004505
  • 23-Sep-2009
  • 26-Apr-2012

Environment


Novell Identity Audit
Novell Identity Audit 1.0.0.1 (1.0.0.0 Hotfix 1)

Situation

After a restart of the Novell Identity Audit server, it is not possible to connect to the Identity Audit Web Interface. When using the shipping version of Identity Audit, Tomcat doesn't even start. If Hotfix 1 is installed, then the login prompt is presented, but the server claims that the User name and Password are incorrect.

The issue happens only if the system has a JVM installed other than the one provided with Identity Audit. It can be either a Sun JRE or an IBM JRE.

Resolution

The problem is a known issue with Identity Audit. When installing a new JRE in the system, the environment variable JRE_HOME is set. If this value is set, Identity Audit uses this Java Virtual Machine to try to start up Tomcat. With the shipping version of Identity Audit, this would cause Tomcat to not initialize completely.
When the Hotfix is applied, Tomcat starts up correctly but fails to connect to the message bus and for this reason is unable to authenticate the admin user in the Web Interface.

The issue is scheduled to be fixed in an upcoming release of Identity Audit. In the meantime it can be solved by modifying the/opt/novell/identity_audit_1.0_x86-64/bin/setenv.sh script. Locate the line
        export JAVA_HOME

and add the following two lines just after it:
        JRE_HOME=$JAVA_HOME
        export JRE_HOME


Additional Information

In the Catalina log, the following errors were seen in a system with Hotfix 1 applied. The timeout of the admin login would be reported as:
Sep 7, 2009 9:46:05 AM esecurity.base.datamodel.service.ServiceManager execute
WARNING: Synchronous call for request ID F755C110-7DAF-102C-A282-005056AD5FE6 method loginUser of SessionServices timed out

On another, unrelated section of the catalina log, this message indicates that Tomcat is not able to communicate with the ActiveMQ message bus:
Sep 7, 2009 9:51:43 AM com.esecurity.common.communication.strategy.jmsstrategy.TopicConnection connect
SEVERE: ; Exception Error initializing SSl keys from keystore: ../config/.activemqclientkeystore.jks; java.lang.RuntimeException; ; Caused by SunX509 KeyManagerFactory not available; java.security.NoSuchAlgorithmException;