Salesforce AFX Connector provisioning fails with 'Error occured while generating access token from refresh token' and INVALID_SESSION_ID in RSA Identity Governance & Lifecycle
2 years ago
Originally Published: 2020-04-30
Article Number
000044938
Applies To
RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.1.1, 7.2.0
 
Issue
After creating a Salesforce AFX Connector and verifying that a test of the connector successfully obtains an OAuth2 token as in the example below, provisioning to the endpoint using the new SalesForce AFX Connector fails when used the next day.
 
User-added image



The AFX connector log file ($AFX_HOME/esb/logs/esb.AFX-CONN-SalesforceConnector_<date>.log) has the following error: 
2020-02-20 15:54:10.705 [ERROR] com.aveksa.AFX.server.runtime.esb.salesforce.service.UserSalesforceServiceImpl:361 - 
Add Account to group failed due to following error: com.aveksa.AFX.server.runtime.esb.salesforce.service.SalesforceException: Unauthorized User: 
Error code returned:  401  [{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]
com.aveksa.AFX.server.runtime.esb.salesforce.service.SalesforceException: Unauthorized User: 
Error code returned:  401  [{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]
	at com.aveksa.AFX.server.runtime.esb.salesforce.service.SalesforceService.getStream(SalesforceService.java:277)
	at com.aveksa.AFX.server.runtime.esb.salesforce.service.SalesforceService.getEntityIdByName(SalesforceService.java:331)
	at com.aveksa.AFX.server.runtime.esb.salesforce.service.UserSalesforceServiceImpl.addAccountToGroup(UserSalesforceServiceImpl.java:178)
	at com.aveksa.AFX.server.runtime.esb.salesforce.esb.SalesforceComponent.onCall(SalesforceComponent.java:105)
	at org.mule.model.resolvers.CallableEntryPointResolver.invoke(CallableEntryPointResolver.java:46)
	at org.mule.model.resolvers.DefaultEntryPointResolverSet.invoke(DefaultEntryPointResolverSet.java:36)
	at org.mule.component.DefaultComponentLifecycleAdapter.invoke(DefaultComponentLifecycleAdapter.java:339)
	at org.mule.component.AbstractJavaComponent.invokeComponentInstance(AbstractJavaComponent.java:82)
	at org.mule.component.AbstractJavaComponent.doInvoke(AbstractJavaComponent.java:73)
	at org.mule.component.AbstractComponent.invokeInternal(AbstractComponent.java:122)
	at org.mule.component.AbstractComponent.access$000(AbstractComponent.java:57)
	at org.mule.component.AbstractComponent$1$1.process(AbstractComponent.java:238)


The aveksaServer.log file ($AVEKSA_HOME/wildfly/standalone/log/aveksaServer.log) has a related error: 
02/27/2020 09:29:56.618 ERROR (pool-700-thread-1) [com.aveksa.server.core.oauth2.OAuth2Handler] 
Error occured while generating access token from refresh token
java.net.ConnectException: Connection timed out (Connection timed out)
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
    at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
    at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
    at java.net.Socket.connect(Socket.java:589)
    at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:673)
    at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:477)
    at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:153)
    at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:81)
    at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:126)
    at com.aveksa.common.tls.CustomSecureProtocolSocketFactory.createSocket(CustomSecureProtocolSocketFactory.java:57)
    at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:706)
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:386)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
    at com.aveksa.server.core.oauth2.OAuth2Handler.getTokenFromRefreshToken(OAuth2Handler.java:192)
    at com.aveksa.server.core.oauth2.OAuth2ServiceProvider.getAccessTokenUsingRefreshToken(OAuth2ServiceProvider.java:158)
    at com.aveksa.gui.util.oauth2.TokenExpiryHandler.run(TokenExpiryHandler.java:50)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)

(...)

Please refer to RSA Knowledge Base Article 000030327 -- Artifacts to gather in RSA Identity Governance & Lifecycle to find the location of the aveksaServer.log file for your specific deployment if you are on a WildFly cluster or a non-WildFly platform. The aveksaServer.log may also be downloaded from the RSA Identity Governance & Lifecycle user interface (Admin > System > Server Nodes tab > under Logs.)
 
Cause
This is a known issue reported in engineering ticket ACM-104033.
 
Resolution
This issue is resolved in the following RSA Identity Governance & Lifecycle patch levels: 
  • RSA Identity Governance & Lifecycle 7.1.1 P08
  • RSA Identity Governance & Lifecycle 7.2.0 P02

 

Related Articles

Trending Articles

Don't see what you're looking for?