IG 4.2 - workflow-api: Unable to decrypt data because no keys have been supplied

Hi,
after upgrading from IG 3.7.2 to 4.2 I get an error on starting tomcat:

[SCHWERWIEGEND] 2024-01-31 13:19:17.771 [com.netiq.iac.workflow.jee.IacWorkflowServerInitListener] Error initializing logging
java.lang.IllegalStateException: Unable to decrypt data because no keys have been supplied.
        at com.netiq.ism.obfuscate.CryptoUtils.decrypt(CryptoUtils.java:437)
        at com.netiq.ism.obfuscate.CryptoUtils.decipher(CryptoUtils.java:403)
        at com.netiq.ism.config.impl.ConfigurationImpl.decode(ConfigurationImpl.java:835)
        at com.netiq.ism.config.impl.ConfigurationImpl.getString(ConfigurationImpl.java:417)
        at com.netiq.iac.common.logging.ArcLoggingConfigurator.getConfigString(ArcLoggingConfigurator.java:283)

Currently I think this happens because my system is missing configurations in ism-configuration.properties:

# fgrep wfe ism-configuration.properties
com.microfocus.wfe.consumer.url = https://abc:8443/api/wfi
com.microfocus.wfe.consumer.password._attr_obscurity = ENCRYPT

My working reference system lists:

# fgrep wfe ism-configuration.properties
com.microfocus.wfe.consumer.url = https://def:8443/api/wfi
com.microfocus.wfe.consumer.userId = workflow
com.microfocus.wfe.consumer.password._attr_obscurity = ENCRYPT
com.microfocus.wfe.consumer.password = [AES/GCM/NoPadding]6xXXX:r/Harr18/t2XXXc9fXXX==

Any ideas where this configuration is coming from? Can neither find it in configupdate.sh nore in configutil.sh.

regards
Daniel

Parents Reply Children
  • 0   in reply to 

    Hello,

    1) The workflow-api war is no longer a part of Identity Governance.  The 3.7.3 release is the last to include that war.

    2) When you upgraded 3.7.3 to 4.2
    a) Did you have External Workflow Service installed when this was 3.7.3?
    b) When you ran the IG 4.2 installer, did you select to upgrade all components (IG, RPT, Workflow Service)?
    c) When you ran the IG 4.2 installer, did you select to use the existing encryption key that was created during the OSP install or did you create a new one?

    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    OpenText Cybersecurity