AWS Connector with IIQ

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Which IIQ version are you inquiring about?

[8.3p4]

Please share any images or screenshots, if relevant.

[

image
image942×125 8.53 KB

]

Please share any other relevant files that may be required (for example, logs).

*[2024-10-09T09:29:04,874 DEBUG https-jsse-nio-443-exec-6 http.impl.conn.PoolingHttpClientConnectionManager:267 - Connection request: [route: {s}->https://sts.amazonaws.com:443][total available: 0; route allocated: 0 of 50; total allocated: 0 of 50]
2024-10-09T09:29:04,906 DEBUG https-jsse-nio-443-exec-6 http.impl.conn.PoolingHttpClientConnectionManager:312 - Connection leased: [id: 0][route: {s}->https://sts.amazonaws.com:443][total available: 0; route allocated: 1 of 50; total allocated: 1 of 50]
2024-10-09T09:29:04,921 DEBUG https-jsse-nio-443-exec-6 http.impl.execchain.MainClientExec:234 - Opening connection {s}->https://sts.amazonaws.com:443
2024-10-09T09:29:04,968 DEBUG https-jsse-nio-443-exec-6 http.impl.conn.DefaultHttpClientConnectionOperator:139 - Connecting to sts.amazonaws.com/209.54.177.164:443
2024-10-09T09:29:04,968 DEBUG https-jsse-nio-443-exec-6 http.conn.ssl.SdkTLSSocketFactory:137 - connecting to sts.amazonaws.com/209.54.177.164:443
2024-10-09T09:29:04,968 DEBUG https-jsse-nio-443-exec-6 http.conn.ssl.SdkTLSSocketFactory:366 - Connecting socket to sts.amazonaws.com/209.54.177.164:443 with timeout 10000
2024-10-09T09:29:04,999 DEBUG https-jsse-nio-443-exec-6 http.conn.ssl.SdkTLSSocketFactory:430 - Enabled protocols: [TLSv1.3, TLSv1.2]
2024-10-09T09:29:04,999 DEBUG https-jsse-nio-443-exec-6 http.conn.ssl.SdkTLSSocketFactory:431 - Enabled cipher suites:[TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
2024-10-09T09:29:04,999 DEBUG https-jsse-nio-443-exec-6 http.conn.ssl.SdkTLSSocketFactory:84 - socket.getSupportedProtocols(): [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, SSLv3, SSLv2Hello], socket.getEnabledProtocols(): [TLSv1.3, TLSv1.2]
2024-10-09T09:29:04,999 DEBUG https-jsse-nio-443-exec-6 http.conn.ssl.SdkTLSSocketFactory:112 - TLS protocol enabled for SSL handshake: [TLSv1.2, TLSv1.1, TLSv1, TLSv1.3]
2024-10-09T09:29:04,999 DEBUG https-jsse-nio-443-exec-6 http.conn.ssl.SdkTLSSocketFactory:435 - Starting handshake
2024-10-09T09:29:09,823 DEBUG https-jsse-nio-443-exec-6 amazonaws.http.conn.ClientConnectionManagerFactory:82 - 
java.lang.reflect.InvocationTargetException: null
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[?:?]
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
	at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
	at com.amazonaws.http.conn.ClientConnectionManagerFactory$Handler.invoke(ClientConnectionManagerFactory.java:76) [connector-bundle-webservices.jar:8.3p4]
	at com.amazonaws.http.conn.$Proxy128.connect(Unknown Source) [?:8.3p4]
	at com.amazonaws.thirdparty.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) [connector-bundle-webservices.jar:8.3p4]
]*

Share all details about your problem, including any error messages you may have received.

[I am trying AWS connector first time and I followed the connector guide to set up the IAM user Prerequisites. I have opened the connectivity via proxy to URLs (https://iam.amazonaws.com & https://sts.amazonaws.com). I am still getting the specified error above. I am not quite sure, however, I have installed all 5 root CAs mentioned Amazon Trust Services Repository into the java trust store. Any thoughts what I am missing here and why I am getting connectivity error.]

2

Hi @venus

Check whether you have connectivity from sailpoint iiq task servers to the aws system. Check it via curl or telnet

Check the connectivity user that you are using to connect have proper permissions at aws end

Once you confirm connectivity is good then you can try running the test connection.

3

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.