RSA Identity Governance & Lifecycle ServiceNow connector fails with "handshake_failure"
Originally Published: 2019-09-20
Article Number
Applies To
RSA Version/Condition: 6.8.1, 6.9.1, 7.0.1, 7.0.2
Issue
The path and name of the AFX connector log file varies by installation. Typically the file is called /home/oracle/AFX/esb/logs/esb.AFX-CONN-ServiceNow.log or something very similar.
"9/01/19 12:20:12.796 PM","Error","Fulfillment","CreateServiceRequest",
"Error occured while executing the capability javax.xml.ws.WebServiceException:
Could not send Message.... ... Caused by: javax.net.ssl.SSLHandshakeException:
SSLHandshakeException invoking https://myserver.service-now.com/command.do?SOAP:
Received fatal alert: handshake_failure ....
Caused by: javax.net.ssl.SSLHandshakeException:
Received fatal alert: handshake_failure
"Error occured while executing the capability javax.xml.ws.WebServiceException:
Could not send Message.... ... Caused by: javax.net.ssl.SSLHandshakeException:
SSLHandshakeException invoking https://myserver.service-now.com/command.do?SOAP:
Received fatal alert: handshake_failure ....
Caused by: javax.net.ssl.SSLHandshakeException:
Received fatal alert: handshake_failure
This could affect RSA Identity Governance & Lifecycle ServiceNow collectors, however, at the time of writing this RSA Knowledge Base Article, there have been no such reported failures.
Cause
This failure occurs when the Web Service client, (RSA Identity Governance & Lifecycle AFX Connnector) attempts to negotiate an SSL connection using the TLS 1.0 or TLS 1.1 protocol and the Web Services server (ServiceNow) has disabled TLS 1.0 and TLS 1.1 connections and enforces SSL connections over TLS 1.2.
This is a known issue in the following versions.
- RSA Identity Governance & Lifecycle 6.8.1
- RSA Identity Governance & Lifecycle 6.9.1
- RSA Identity Governance & Lifecycle 7.0.0
- RSA Identity Governance & Lifecycle 7.0.1
Resolution
- RSA Identity Governance & Lifecycle 7.1.0
- RSA Identity Governance & Lifecycle 7.1.1
Workaround
How to upgrade Java for your specific environment (check the below versions for compatibility before attempting to upgrade Java using one of these methods):
- For Hardware Appliances, run the latest appliance updater.
- For Software installations using WebLogic and WebSphere, upgrade the Java version on your application servers to Java 1.7 build 181 or later.
- For Software Appliances using WildFly, upgrade your Java using the Java supplied in the latest patch for your RSA Identity Governance & Lifecycle version.
Versions of RSA Identity Governance & Lifecycle where Java can be upgraded:
- RSA Identity Governance & Lifecycle 6.8.1 - running Java 1.6. There are no known workarounds. TLS 1.2 is not supported by Java 1.6.
- RSA Identity Governance & Lifecycle 6.9.1 - running Java 1.6. There are no known workarounds. TLS 1.2 is not supported by Java 1.6.
- RSA Identity Governance & Lifecycle 7.0.0 - running Java 1.7 Upgrade to Java 1.7 build 181 or later. For example 1.7.0_1811.7.0_181. To do this apply the java updater upgradeJDK17_u181.tar included in 7.0.2 P15 (Do NOT apply the patch as this is a 7.0.2 patch kit.)
- RSA Identity Governance & Lifecycle 7.0.1 - running Java 1.7. Upgrade to Java 1.7 build 181 or later. For example 1.7.0_1811.7.0_181. To do this apply the java updater upgradeJDK17_u181.tar included in 7.0.2 P15 (Do NOT apply the patch as this is a 7.0.2 patch kit.)
- RSA Identity Governance & Lifecycle 7.0.2 - running Java 1.7. Apply 7.0.2 P15 and apply the java updater upgradeJDK17_u181.tar included in 7.0.2 P15.
NOTE: Java1.7.0_1811.7.0_181 is not supported and has not been tested on RSA Identity Governance & Lifecycle 7.0.0 or 7.0.1. RSA does not guarantee that other features of the product will not be affected. Caution should be used when using this work around. RSA reserves the right to request that a customer upgrade to a supported version of the product should they encounter issues.
Notes
Related Articles
!X509PEMFileRequest: wrong password or pin value given Number of Views ServiceNow - SAML IDR SSO Configuration RSA Ready Implementation Guide Number of Views ServiceNow - SAML My Page SSO Configuration - RSA Ready Implementation Guide Number of Views RSA Identity Governance and Lifecycle ServiceNow Connector Page error Number of Views ServiceNow - SAML Relying Party Configuration - RSA Ready Implementation Guide Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
