Generic REST Collector fails with 'Access token has expired' error in RSA Identity Governance & Lifecycle

2 years ago

Originally Published: 2020-04-22

Article Number

000044944

Applies To

RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.2.0

Issue

A working Generic REST Collector fails (Collectors > Collector Type > Collector Name > Collect button.)

The following errors are seen in the aveksaServer.log file ($AVEKSA_HOME/wildfly/standalone/log/aveksaServer.log):

com.aveksa.server.runtime.ServerException: Test request failed with response: com.aveksa.server.runtime.ServerException: 
com.aveksa.common.DataReadException: com.aveksa.client.genericrest.GenericRestException: 
CONNECTION_FAILED_WITH_STATUS_CODE 401 { "error": { "code": "InvalidAuthenticationToken", "message": "Access token has expired.", 
"innerError": { "request-id": "b25694d1-4b31-4e1c-91f7-2c716db96bb6", "date": "2020-04-13T16:03:39" } } } . 
Caused by com.aveksa.client.genericrest.GenericRestException: 
CONNECTION_FAILED_WITH_STATUS_CODE 401 { "error": { "code": "InvalidAuthenticationToken", "message": "Access token has expired.", 
"innerError": { "request-id": "b25694d1-4b31-4e1c-91f7-2c716db96bb6", "date": "2020-04-13T16:03:39" } } } Caused By Stack 
com.aveksa.common.DataReadException: com.aveksa.client.genericrest.GenericRestException: 
CONNECTION_FAILED_WITH_STATUS_CODE 401 { "error": { "code": "InvalidAuthenticationToken", "message": "Access token has expired.", 
"innerError": { "request-id": "b25694d1-4b31-4e1c-91f7-2c716db96bb6", "date": "2020-04-13T16:03:39" } } } 
at com.aveksa.collector.generic.rest.adc.GenericRESTAccountDataIterator.next(GenericRESTAccountDataIterator.java:71) 
at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.collectData(AccountDataCollector.java:422) 
at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.collect(AccountDataCollector.java:302) 
at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.
collectTestData(AccountDataCollector.java:277) 
at com.aveksa.client.datacollector.framework.DataCollectorManager.collect(DataCollectorManager.java:481) 
at com.aveksa.client.component.collector.DefaultCollectorManager.actUpon(DefaultCollectorManager.java:204) 
at com.aveksa.client.component.collector.DefaultCollectorManager.handle(DefaultCollectorManager.java:102) 
at com.aveksa.client.component.event.DefaultEventManager.handle(DefaultEventManager.java:75) 
at com.aveksa.client.datacollector.framework.SimpleEventSource.notifyListeners(SimpleEventSource.java:67) 
at com.aveksa.client.component.communication.DefaultCommunicationManager.notifyEvent(DefaultCommunicationManager.java:377) 
at com.aveksa.client.component.communication.ChangeListHandler.applyChanges(ChangeListHandler.java:364) 
at com.aveksa.client.component.communication.ChangeListHandler.access$300(ChangeListHandler.java:58) 
at com.aveksa.client.component.communication.ChangeListHandler$ChangeApplyingRunnable.run(ChangeListHandler.java:275) 
at java.lang.Thread.run(Thread.java:748) Caused by: com.aveksa.client.genericrest.GenericRestException: 
CONNECTION_FAILED_WITH_STATUS_CODE 401 { "error": { "code": "InvalidAuthenticationToken", "message": "Access token has expired.", 
"innerError": { "request-id": "b25694d1-4b31-4e1c-91f7-2c716db96bb6", "date": "2020-04-13T16:03:39" } } } 
at com.aveksa.client.genericrest.GenericRestException.connectionError(GenericRestException.java:108) 
at com.aveksa.client.genericrest.postprocessor.impl.GenericRESTPostprocessorImpl.
validateResponse(GenericRESTPostprocessorImpl.java:204) 
at com.aveksa.client.genericrest.postprocessor.impl.GenericRESTPostprocessorImpl.
getParsedData(GenericRESTPostprocessorImpl.java:89) 
at com.aveksa.client.genericrest.GenericRESTClient.executeTestCollection(GenericRESTClient.java:173) 
at com.aveksa.collector.generic.rest.adc.GenericRESTAccountDataIterator.collectAccountData(GenericRESTAccountDataIterator.java:155) 
at com.aveksa.collector.generic.rest.adc.GenericRESTAccountDataIterator.next(GenericRESTAccountDataIterator.java:68) ... 13 more 
End Stack

Please refer to RSA Knowledge Base Article 000067335 -- Artifacts to gather in RSA Identity Governance & Lifecycle to find the location of the aveksaServer.log for your specific deployment if you are on a WildFly cluster or a non-WildFly platform. The aveksaServer.log may also be downloaded from the RSA Identity Governance & Lifecycle user interface (Admin > System > Server Nodes tab > under Logs.)

Cause

This is a known issue. The collector fails to refresh the OAuth token after the previous token has expired due to the Response Timeout setting defined in:

(Collectors > {Collector Type} > {Collector Name} > Edit > Next > Connection Details > Response Timeout (milliseconds)

Resolution

This issue is resolved in the following versions:

RSA Identity Governance & Lifecycle 7.2.0 P06
RSA Identity Governance & Lifecycle 7.2.1 P02
RSA Identity Governance & Lifecycle 7.5.0

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles