Environment
Novell Identity Audit
Novell Identity Audit 1.0.0.1 (1.0.0.0 Hotfix 1)
Situation
After a restart of the Novell Identity Audit server, it is not
possible to connect to the Identity Audit Web Interface. When using
the shipping version of Identity Audit, Tomcat doesn't even start.
If Hotfix 1 is installed, then the login prompt is presented, but
the server claims that the User name and Password are
incorrect.
The issue happens only if the system has a JVM installed other than the one provided with Identity Audit. It can be either a Sun JRE or an IBM JRE.
The issue happens only if the system has a JVM installed other than the one provided with Identity Audit. It can be either a Sun JRE or an IBM JRE.
Resolution
The problem is a known issue with Identity Audit. When installing a
new JRE in the system, the environment variable JRE_HOME is set. If
this value is set, Identity Audit uses this Java Virtual Machine to
try to start up Tomcat. With the shipping version of Identity
Audit, this would cause Tomcat to not initialize completely.
When the Hotfix is applied, Tomcat starts up correctly but fails to connect to the message bus and for this reason is unable to authenticate the admin user in the Web Interface.
The issue is scheduled to be fixed in an upcoming release of Identity Audit. In the meantime it can be solved by modifying the/opt/novell/identity_audit_1.0_x86-64/bin/setenv.sh script. Locate the line
export JAVA_HOME
and add the following two lines just after it:
JRE_HOME=$JAVA_HOME
export JRE_HOME
When the Hotfix is applied, Tomcat starts up correctly but fails to connect to the message bus and for this reason is unable to authenticate the admin user in the Web Interface.
The issue is scheduled to be fixed in an upcoming release of Identity Audit. In the meantime it can be solved by modifying the/opt/novell/identity_audit_1.0_x86-64/bin/setenv.sh script. Locate the line
export JAVA_HOME
and add the following two lines just after it:
JRE_HOME=$JAVA_HOME
export JRE_HOME
Additional Information
In the Catalina log, the following errors were seen in a system
with Hotfix 1 applied. The timeout of the admin login would be
reported as:
Sep 7, 2009 9:46:05 AM esecurity.base.datamodel.service.ServiceManager execute
WARNING: Synchronous call for request ID F755C110-7DAF-102C-A282-005056AD5FE6 method loginUser of SessionServices timed out
On another, unrelated section of the catalina log, this message indicates that Tomcat is not able to communicate with the ActiveMQ message bus:
Sep 7, 2009 9:51:43 AM com.esecurity.common.communication.strategy.jmsstrategy.TopicConnection connect
SEVERE: ; Exception Error initializing SSl keys from keystore: ../config/.activemqclientkeystore.jks; java.lang.RuntimeException; ; Caused by SunX509 KeyManagerFactory not available; java.security.NoSuchAlgorithmException;
Sep 7, 2009 9:46:05 AM esecurity.base.datamodel.service.ServiceManager execute
WARNING: Synchronous call for request ID F755C110-7DAF-102C-A282-005056AD5FE6 method loginUser of SessionServices timed out
On another, unrelated section of the catalina log, this message indicates that Tomcat is not able to communicate with the ActiveMQ message bus:
Sep 7, 2009 9:51:43 AM com.esecurity.common.communication.strategy.jmsstrategy.TopicConnection connect
SEVERE: ; Exception Error initializing SSl keys from keystore: ../config/.activemqclientkeystore.jks; java.lang.RuntimeException; ; Caused by SunX509 KeyManagerFactory not available; java.security.NoSuchAlgorithmException;