Troubleshooting

If you encounter any of the following issues or errors, SailPoint recommends that you follow the guidance provided below to resolve the error before contacting SailPoint Support.

Error: The following error displays when testing the connection:

Test Connection failed: ; nested exception is: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Resolution: Ensure that a valid TLS certificate is present in the correct directory.

Error: The following error displays when the test connection fails:

Test Connection failed: ; nested exception is: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Resolution: Ensure that a valid TLS certificate is present in the correct directory.

Error: The following error displays when the test connection fails:

Test Connection failed: Could not access HTTP invoker remote service; nested exception is javax.net.ssl.SSLPeerUnverifiedException: Host name does not match the certificate subject provided by the peer

If the source is configured with IP, the enableHostNameVerification is enabled, and certificate subject has FQDN, then test connection fails with this error.

Resolution: If enableHostNameVerification is enabled, FQDN/IP that is configured in the source must be present in the Certificate subject name

Error : The following error displays when testing the connection fails:

Test Connection failed: Could not found the realm

Resolution: Ensure that relevant permissions are assigned to the service account. Required Permissions

Error: Account aggregation does not retrieve all accounts from the configured Active Directory identity source.

Resolution: Verify if the load balancer is configured between RSA and Active Directory, if it is there, it must be removed.

Error: The following error displays during aggregation:

Session not found exception

Resolution: Set the following values in RSA Authentication Manager:

  • Time out idle sessions: 90min

  • Limit session lifetime: 12hrs

Error: The following error displays during provisioning:

java.lang.IncompatibleClassChangeError: Found interface org.iscreen.ValidationFailure, but class was expected

During provisioning this message appears due to an issue with RSA SDK. This issue arises only when the GUID for the object provided is not appropriate or is an empty string.

Resolution: Verify the nativeIdentity populated within the provisioning plan. Ensure that the nativeIdentity is not an empty string or invalid GUID.

Error: The following error displays during provisioning:

Create user failed: Identity Source <Source Name>' is read-only. Failed to create account!

Resolution: You may be trying to provision to an external data source. The RSA connector only supports provisioning to an internal source.