Symantec IGA

Hi All,

We have implemented CA Identity Manager 14.2. The connection is secure between Identity Manager and Provisioning Server and vice versa. 
For connecting to the provisioning server on secure port we have added the provisioning server certificate taken from Identity Manager\Provisioning Server\data\tls\server folder to IDM's JBoss certificate and the connection works fine.

However, Provisioning server is not able to callback Identity Manager Server for any inbound notification. We get the below error in the trans log

20200205:144809:TID=002da8:I: Try sending payload to https://abcd:8443/iam/im/ETACALLBACK/?env=environment
20200205:144809:TID=002da8:E: FAILED(https://abcd:8443/iam/im/ETACALLBACK/?env=environment): [rc=77] error setting cert
20200205:144809:TID=002da8:E:+ificate verify locations:
20200205:144809:TID=002da8:E: CAfile: Not assigned
20200205:144809:TID=002da8:E: CApath: none
20200205:144809:TID=002da8:E: Error in notification processing: Reason: Operation failed. ALERT: Unable to contact any IMS. Processi
20200205:144809:TID=002da8:E:+ng aborted.
20200205:144809:TID=002da8:E: Originated from: .\EtaNotifyTools.cpp [1081].
20200205:144809:TID=002da8:I: DONE: Notifications Processed: 0/100+ [FAILED]

I understand that we might have to add the IDM server certificate in provisioning server for it to be able to connect to IDM using https. 

Can anyone tell me where can I add IDM Server cert in the provisioning server?

Thanks

------------------------------
Senior Security Consultant
------------------------------

Hi,

You can do it using IMPM, domain configuration section. Look at https://ca-broadcomcsm.wolkenservicedesk.com/wolken/esd/knowledgebase_search?articleId=54198, Configure the Trusted CA Bundle in the Provisioning Server

HTH

Original Message:
Sent: 02-05-2020 08:54 AM
From: Mukul Anand
Subject: Unable to callback Identity Manager from Provisioning Server

Hi All,

We have implemented CA Identity Manager 14.2. The connection is secure between Identity Manager and Provisioning Server and vice versa.
For connecting to the provisioning server on secure port we have added the provisioning server certificate taken from Identity Manager\Provisioning Server\data\tls\server folder to IDM's JBoss certificate and the connection works fine.

However, Provisioning server is not able to callback Identity Manager Server for any inbound notification. We get the below error in the trans log

20200205:144809:TID=002da8:I: Try sending payload to https://abcd:8443/iam/im/ETACALLBACK/?env=environment
20200205:144809:TID=002da8:E: FAILED(https://abcd:8443/iam/im/ETACALLBACK/?env=environment): [rc=77] error setting cert
20200205:144809:TID=002da8:E:+ificate verify locations:
20200205:144809:TID=002da8:E: CAfile: Not assigned
20200205:144809:TID=002da8:E: CApath: none
20200205:144809:TID=002da8:E: Error in notification processing: Reason: Operation failed. ALERT: Unable to contact any IMS. Processi
20200205:144809:TID=002da8:E:+ng aborted.
20200205:144809:TID=002da8:E: Originated from: .\EtaNotifyTools.cpp [1081].
20200205:144809:TID=002da8:I: DONE: Notifications Processed: 0/100+ [FAILED]

I understand that we might have to add the IDM server certificate in provisioning server for it to be able to connect to IDM using https.

Can anyone tell me where can I add IDM Server cert in the provisioning server?

Thanks

------------------------------
Senior Security Consultant
------------------------------

I am unable to open the link provided.
However, I could get to this screen. Could you tell me the steps :)



------------------------------
Senior Security Consultant
------------------------------

Original Message:
Sent: 02-05-2020 09:15 AM
From: Joffrey Lemoigne
Subject: Unable to callback Identity Manager from Provisioning Server

Hi,

You can do it using IMPM, domain configuration section. Look at https://ca-broadcomcsm.wolkenservicedesk.com/wolken/esd/knowledgebase_search?articleId=54198, Configure the Trusted CA Bundle in the Provisioning Server

HTH

Original Message:
Sent: 02-05-2020 08:54 AM
From: Mukul Anand
Subject: Unable to callback Identity Manager from Provisioning Server

Hi All,

We have implemented CA Identity Manager 14.2. The connection is secure between Identity Manager and Provisioning Server and vice versa.
For connecting to the provisioning server on secure port we have added the provisioning server certificate taken from Identity Manager\Provisioning Server\data\tls\server folder to IDM's JBoss certificate and the connection works fine.

However, Provisioning server is not able to callback Identity Manager Server for any inbound notification. We get the below error in the trans log

20200205:144809:TID=002da8:I: Try sending payload to https://abcd:8443/iam/im/ETACALLBACK/?env=environment
20200205:144809:TID=002da8:E: FAILED(https://abcd:8443/iam/im/ETACALLBACK/?env=environment): [rc=77] error setting cert
20200205:144809:TID=002da8:E:+ificate verify locations:
20200205:144809:TID=002da8:E: CAfile: Not assigned
20200205:144809:TID=002da8:E: CApath: none
20200205:144809:TID=002da8:E: Error in notification processing: Reason: Operation failed. ALERT: Unable to contact any IMS. Processi
20200205:144809:TID=002da8:E:+ng aborted.
20200205:144809:TID=002da8:E: Originated from: .\EtaNotifyTools.cpp [1081].
20200205:144809:TID=002da8:I: DONE: Notifications Processed: 0/100+ [FAILED]

I understand that we might have to add the IDM server certificate in provisioning server for it to be able to connect to IDM using https.

Can anyone tell me where can I add IDM Server cert in the provisioning server?

Thanks

------------------------------
Senior Security Consultant
------------------------------

Try this URL .  Same KB Joffrey sent with new URL.

https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=54198

------------------------------
Best regards,

Scott Owens
Sr Support Engineer

------------------------------
And, as always Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.

Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at enterprisestudio@hcl.com. https://www.hcltech.com/enterprise-studio
------------------------------
------------------------------

Original Message:
Sent: 02-05-2020 09:23 AM
From: Mukul Anand
Subject: Unable to callback Identity Manager from Provisioning Server

I am unable to open the link provided.
However, I could get to this screen. Could you tell me the steps :)

------------------------------
Senior Security Consultant

Original Message:
Sent: 02-05-2020 09:15 AM
From: Joffrey Lemoigne
Subject: Unable to callback Identity Manager from Provisioning Server

Hi,

You can do it using IMPM, domain configuration section. Look at https://ca-broadcomcsm.wolkenservicedesk.com/wolken/esd/knowledgebase_search?articleId=54198, Configure the Trusted CA Bundle in the Provisioning Server

HTH

Original Message:
Sent: 02-05-2020 08:54 AM
From: Mukul Anand
Subject: Unable to callback Identity Manager from Provisioning Server

Hi All,

We have implemented CA Identity Manager 14.2. The connection is secure between Identity Manager and Provisioning Server and vice versa.
For connecting to the provisioning server on secure port we have added the provisioning server certificate taken from Identity Manager\Provisioning Server\data\tls\server folder to IDM's JBoss certificate and the connection works fine.

However, Provisioning server is not able to callback Identity Manager Server for any inbound notification. We get the below error in the trans log

20200205:144809:TID=002da8:I: Try sending payload to https://abcd:8443/iam/im/ETACALLBACK/?env=environment
20200205:144809:TID=002da8:E: FAILED(https://abcd:8443/iam/im/ETACALLBACK/?env=environment): [rc=77] error setting cert
20200205:144809:TID=002da8:E:+ificate verify locations:
20200205:144809:TID=002da8:E: CAfile: Not assigned
20200205:144809:TID=002da8:E: CApath: none
20200205:144809:TID=002da8:E: Error in notification processing: Reason: Operation failed. ALERT: Unable to contact any IMS. Processi
20200205:144809:TID=002da8:E:+ng aborted.
20200205:144809:TID=002da8:E: Originated from: .\EtaNotifyTools.cpp [1081].
20200205:144809:TID=002da8:I: DONE: Notifications Processed: 0/100+ [FAILED]

I understand that we might have to add the IDM server certificate in provisioning server for it to be able to connect to IDM using https.

Can anyone tell me where can I add IDM Server cert in the provisioning server?

Thanks

------------------------------
Senior Security Consultant
------------------------------