Environment
Identity Governance (Access Review) 3.5
Situation
When upgrading from an earlier version of IG which has been
configured to use SSL. The settings used for the SSL tomcat connector are not
being accepted and the following error is seen in the Catalina log…
17-Jan-2019 00:10:00.096 SEVERE [main]
org.apache.catalina.connector.Connector.<init> Protocol handler
instantiation failed
java.lang.ClassNotFoundException:
org.apache.coyote.http11.Http11Protocol
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:264)
at org.apache.catalina.connector.Connector.<init>(Connector.java:101)
at
org.apache.catalina.startup.ConnectorCreateRule.begin(ConnectorCreateRule.java:64)
at org.apache.tomcat.util.digester.Digester.startElement(Digester.java:1174)
at
com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:509)
at com.sun.org.apache.xerces.internal.parsers.AbstractXMLDocumentParser.emptyElement(AbstractXMLDocumentParser.java:182)
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:1339)
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2784)
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:602)
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:505)
at
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:842)
at
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
at
com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213)
at
com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643)
at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1439)
at org.apache.catalina.startup.Catalina.load(Catalina.java:605)
at org.apache.catalina.startup.Catalina.load(Catalina.java:656)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:306)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:491)
Resolution
There have been changes to the parameters used for SSL. The
following show the existing and the modified to work with 3.5…
OLD
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150"
SSLEnabled="true" scheme="https" secure="true"
clientAuth="false"
sslProtocol="TLSv1.1"
keystoreFile="/opt/netiq/idm/apps/osp/ospcacerts"
keystorePass="changeit"
alias="ig"/>
NEW
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true" maxThreads="150" scheme="https"
secure="true" clientAuth="false"
sslProtocol="TLS" sslEnabledProtocols="TLSv1.2" keystoreFile="/opt/netiq/idm/apps/ospcacerts"
keyAlias="ig" keystorePass="changeit" />