Sailpoint iiq keystore

vasas · October 12, 2024, 4:11am

Which IIQ version are you inquiring about?

8.4

Share all details about your problem, including any error messages you may have received.

Hi,

I followed documentation https://documentation.sailpoint.com/identityiq/help/systemconfig/key_creation.html

to generate new encryption key for credential management in iiq keystore. The new key was generated successfully as iiq.dat and iiq.cfg inside the /WEB-INF/classes directory.

Restarted the application server : systemctl restart tomcat

But when I try to test decrypt using the context.decrypt() function through a custom rule, the below error message comes.

Exception running rule: The application script threw an exception: sailpoint.tools.GeneralException: There is a problem with the keystore installed on this system. BSF info: Decrypt at line: 0 column: columnNo

Below points are the fixes that I tried.

Manually mentioned /opt/tomcat/webapps/ROOT/WEB-INF/classes/iiq.dat and iiq.cfg in the iiq.properties file.
Moved the iiq.dat and iiq.cfg files to a different location and mentioned that in the iiq.properties file.

Both these did not help in fixing the issue.

Please let me know what could be the issue here.

enistri_devo · October 12, 2024, 7:44am

Hi @vasas,

this error appears when IIQ cant decrypt the pwds and there is a problem with the keystore.

In iiq.properties, have uncomment the path for cfg and dat files?
Do you have generate the keystore from another environment and havo in import on this one?

vasas · October 12, 2024, 12:15pm

Hey Emmanuele,

I tried the above two points mentioned in the post

enistri_devo · October 12, 2024, 12:33pm

I asked something different.

other question: have you fallow only the Key Creation page or all the procedure?

vasas · October 12, 2024, 1:50pm

Hi Emanuele,

In iiq.properties, have uncomment the path for cfg and dat files?

Yes

Do you have generate the keystore from another environment and havo in import on this one?

It was generated in this environment

have you fallow only the Key Creation page or all the procedure?

I have followed only the key creation, I have not done any re-encyptions yet as I am testing with the new key.

system · December 11, 2024, 1:51pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Manage KEYSTORE,IIQ.DAT and IIQ.CFG file in IIQ IIQ Discussion and Questions identityiq	1	62	October 26, 2025
IIQ - Given final block not properly padded. Such issues can arise if a bad key is used during decryption error while executing any aggregation task IIQ Discussion and Questions aggregation , identityiq , certifications , connectors	9	656	December 8, 2024
Encryption Key not Registering IIQ Discussion and Questions identityiq	2	87	November 22, 2024
IIQ encrypt and decrypt IIQ Discussion and Questions identityiq , plugins	2	116	October 23, 2025
If is possible to create a rule to decrypt the password from iiq.properties - mysql db? IIQ Discussion and Questions rules , identityiq	5	1667	January 2, 2024

Sailpoint iiq keystore

Which IIQ version are you inquiring about?

Share all details about your problem, including any error messages you may have received.

Related topics