[WARNING] 2024-08-29 11:51:46.218 [com.netiq.persist.json.JsonDataLoader] [IG-SERVER] 1 items from file ar3.6.2-data/deleteAuthRoleMappings.json were not deleted

Hello Everyone,

I am having some trouble with a 3.7.0 service that is not correctly starting up. When I try to log in with igadmin it throws

Checking the logs the only concerning warning I can find is this one when deploying the API war:


[WARNING] 2024-08-29 11:51:46.218 [com.netiq.persist.json.JsonDataLoader] [IG-SERVER] 1 items from file ar3.6.2-data/deleteAuthRoleMappings.json were not deleted 
[WARNING] 2024-08-29 11:51:48.620 [com.netiq.persist.json.JsonDataLoader] [IG-SERVER] 4 items from file ar3.6.3-data/deleteAuthRoleMappings.json were not deleted

Any ideas? Thanks

  • 0  

    Hello,

    Is an OSP integration configured with Identity Governance?
    How is the “Bootstrap” admin configured, as a file or LDAP? If as LDAP, is the user present in the IDM?
    In Catalina.out-<date> is no longer there?

    Have you followed the instructions for the bootstrap administrator? https://www.microfocus.com/documentation/identity-governance/3.7/pdfdoc/install-guide/install-guide.pdf (chapter 15.2)

    BR

    Tobias

  • 0 in reply to   

    Hello!

    Thanks for your answer Tobias!

    Yes, an OSP integration is configured locally in the same machine as IG. The OSP is integrated with Active Directory. But the bootstrap admin is configured as a file. For more context, this install was working just fine a few months ago (this is QA and hasn't been used that much), according to my customer they have done nothing to it but an OS patch, We tried yesterday restoring the snapshot previous to the patch but it had the same error, so we discarded the posibility of it being an issue.

    The Catalina.out looks fine and the Catalina.timestamp only has those warings.

    The bootstrap admin was created during the installation and used to work perfectly.



  • 0 in reply to   

    The customer finally send me the OSP Log to check it out and it seems to be an error with the bootstrap configuration

    Preamble: [OSP]
    Priority Level: SEVERE
    Java: internal.osp.framework.servlet.OSPServletContext.<init>() [115] thread=main
    Time: 2024-09-04T18:28:34.003-0400
    Log Data: Configuration load failed. An empty configuration will be used.: internal.atlaslite.jcce.exception.CoreExceptionWithOutcome: Loading system configuration named 'current' failed. Reason: Loading bootstrap properties.
    =>internal.atlaslite.jcce.validation.ValidationException: java.lang.NoClassDefFoundError: Could not initialize class com.netiq.ism.config.ConfigurationFactory
    Validation messages (2):
    1) Error:

    java.lang.NoClassDefFoundError: Could not initialize class com.netiq.ism.config.ConfigurationFactory
    2) Error:

    Unable to obtain properties from bootstrap configuration.



  • 0   in reply to 

    That NoClassDefFoudError is a good indicator you are missing a library or a jar file or something.

    Does the configutil or configupdate scripts work?  Can you connect to the configuration in the backend?

    --Jim

  • 0 in reply to   

    Already checked both scripts and they work fine. Not sure how to connect to the configuration in the backend.

    We tried stopping the service today, moving every folder in Webapps to a backup folder, the same for the work/catalina/localhost folder, and deleting the temp folder content before finally starting the service again.

    Now It is not throwing the java.lang.NoClassDefFoundError but the OSP log has a lot of warnings:

    Preamble: [OIDP]
    Priority Level: WARNING
    Java: internal.osp.oidp.service.configuration.ConfigurationManager.initialize() [332] thread=main
    Elapsed time: 657.753 microseconds
    Time: 2024-10-14T11:25:16.139-0300
    Log Data: Validation of authentication service configuration resulted in one or more warnings:
          Validation messages (14):
             1) Warning:
                   AuthenticationService[OSP Configuration (id=auth)]/Authentication
                   The default contract decorator value "defaultContract" is deprecated and support for the value will be removed. Use instead "default" as the decorator value.
             2) Warning:
                   AuthenticationService[OSP Configuration (id=auth)]/Authentication
                   The default contract decorator value "defaultContractNP" is deprecated and support for the value will be removed. Use instead "Password" as the decorator value.
             3) Warning:
                   AuthenticationService[OSP Configuration (id=auth)]/Authentication/AuthContract[User Name/Password Login (id=np-contract)]
                   Unrecognized attribute 'showExpiredPwdUI'
             4) Warning:
                   AuthenticationService[OSP Configuration (id=auth)]/Authentication/AuthContract[OAuth2 Resource Owner Credentials Login (id=ro-np-contract)]
                   Unrecognized attribute 'showExpiredPwdUI'
             5) Warning:
                   AuthenticationService[OSP Configuration (id=auth)]/Authentication/Protocols/OAuth2Protocol/OAuth2Clients/Client[id=formbuilder,uri=https://igqa.bice.cl:8443/formbuilder/oauth.html]
                   This public client is set to allow non-user-interactive authorization grants. This is not recommended by RFC 6819 section 5.2.3.2.
             6) Warning:
                   AuthenticationService[OSP Configuration (id=auth)]/Authentication/Protocols/OAuth2Protocol/OAuth2Clients/Client[id=rptw,uri=https://igqa.bice.cl:8443/IDMRPT/oauth.html]
                   This public client is set to allow non-user-interactive authorization grants. This is not recommended by RFC 6819 section 5.2.3.2.
             7) Warning:
                   AuthenticationService[OSP Configuration (id=auth)]/Authentication/Protocols/OAuth2Protocol/OAuth2Clients/Client[id=cx,uri=https://igqa.bice.cl:8443/cx/oauth.html]
                   This public client is set to allow non-user-interactive authorization grants. This is not recommended by RFC 6819 section 5.2.3.2.
             8) Warning:
                   AuthenticationService[OSP Configuration (id=auth)]/Authentication/Protocols/OAuth2Protocol/OAuth2Clients/Client[id=ig,uri=https://igqa.bice.cl:8443/oauth.html]
                   This public client is set to allow non-user-interactive authorization grants. This is not recommended by RFC 6819 section 5.2.3.2.
             9) Information:
                   AuthenticationService[OSP Configuration (id=auth)]/LDAPDataSource[LDAP Directory Data Source (id=idm_idv)]/Server[SRVADCQA1.BICEQA.LOCAL:636]
                   The LDAP data store configured LDAP bind timeout value will be used.
             10) Information:
                   AuthenticationService[OSP Configuration (id=auth)]/LDAPDataSource[LDAP Directory Data Source (id=idm_idv)]/Server[SRVADCQA1.BICEQA.LOCAL:636]
                   The LDAP data store configured read timeout value will be used.
             11) Information:
                   AuthenticationService[OSP Configuration (id=auth)]/LDAPDataSource[LDAP Directory Data Source (id=idm_idv)]
                   The OSP system LDAP bind timeout value will be used.
             12) Information:
                   AuthenticationService[OSP Configuration (id=auth)]/LDAPDataSource[LDAP Directory Data Source (id=idm_idv)]
                   The OSP system LDAP read timeout value will be used.
             13) Information:
                   AuthenticationService[OSP Configuration (id=auth)]/FileDataSource[CSV File Data Source (id=firstFile)]
                   No filename specified; assuming path specifies both path and filename.
             14) Information:
                   AuthenticationService[OSP Configuration (id=auth)]/JDBCIDataSource[File User Instance Datasource (id=ds-file-instance-data)]
                   No JNDI environment context name; JNDI datasource name specifies both context and name.
    
    Preamble: [OIDP]
    Priority Level: WARNING
    Java: internal.osp.oidp.service.source.AuthPluginManager.autoConfigure() [338] thread=main
    Time: 2024-10-14T11:25:16.262-0300
    Log Data: Unable to auto configure authentication plugins for 'Authentication Source for File Users' Instance Data(id=as-file-instance-data)' because no suitable authentication plugins were found.


    the line that says "Unable to auto configure authentication plugins for 'Authentication Source for File Users' Instance Data(id=as-file-instance-data)' because no suitable authentication plugins were found." really calls my attention  

    Have you ever encountered this error?

  • 0   in reply to 

    Hello,

    Please be advised that you have outlined two (2) different situations/problems and they should be tracked as two (2) different threads.


    1) Related to the following warnings:
    [WARNING] 2024-08-29 11:51:46.218 [com.netiq.persist.json.JsonDataLoader] [IG-SERVER] 1 items from file ar3.6.2-data/deleteAuthRoleMappings.json were not deleted 
    [WARNING] 2024-08-29 11:51:48.620 [com.netiq.persist.json.JsonDataLoader] [IG-SERVER] 4 items from file ar3.6.3-data/deleteAuthRoleMappings.json were not deleted

    What version of IG was installed before you upgraded to 3.7.0?  
    NOTE: One should have upgraded to 3.7.3 and not to 3.7.0.


    2) Make sure the files and folders are owned by novlua and not root or some other account.

     

    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    OpenText Cybersecurity

  • 0 in reply to   

    Thanks for your advice Steve, I'll open another thread for these new findings.

    As for the IG version we are trying to get the QA environment back up and then proceed with the upgrade to IG 4.2 but we are encountering these errors that are preventing us from moving forward.

    Currently, every file and folder I've checked has the user novlua as the owner, but, are there any files in particular that I have to check?