Troubleshooting
Problem
Users with "irregular" top-level domains (TLDs) cannot authenticate with IBM QRadar SOAR or might have trouble resetting their password. It might also be impossible to invite a user to IBM QRadar SOAR and a "bad request" message returned to the UI.
Symptom
Users see an error such as "Invalid email address" when trying to reset their password, authenticate, regardless of whether they are local, LDAP, or SAML users, or when creating a user by using sudo resutil newuser.
Cause
IBM QRadar SOAR defines a list of "typical" TLDs that caters for most of TLDs that our clients use. There are cases where clients use TLDs that are not supported by IBM QRadar SOAR.
Diagnosing The Problem
Here is an example of an LDAP user who is successfully authenticated by Active Directory but IBM QRadar SOAR doesn't allow the user to log in because of the irregular .zz domain. It can be seen in the client.log.
06:55:17.662 [http-bio-443-exec-170] INFO com.co3.userauth.UserAuthentication - LDAP User cn=user1,ou=users,ou=corp accounts,dc=corp,dc=domain,dc=zz authenticated
06:55:17.725 [http-bio-443-exec-170] WARN c.c.web.servlet.Co3ServletFilterBase - Servlet Exception
org.apache.jasper.JasperException: java.lang.IllegalArgumentException: Invalid email address user1@domain.zz
This excerpt from the client.log shows an error when a user with the domain .qa tries to reset their password.
11:58:34.655 [https-jsse-nio2-443-exec-22] INFO [] com.monaco.ui.server.core.SessionContext - Received password reset request for user2@domain.qa
11:58:34.665 [https-jsse-nio2-443-exec-22] ERROR [] com.co3.web.servlet.Co3ServletFilterBase - Error processing request POST:/include/ajax_reset.jsp
java.lang.RuntimeException: org.apache.jasper.JasperException: An exception occurred processing [/include/ajax_reset.jsp] at line [8]
5: <%
6: boolean ok = false;
7: if(email != null) {
8: ok = SessionContext.reset(email, (HttpServletRequest) pageContext.getRequest());
9: }
10: %>{"success": <%= ok %>}
Stacktrace:
at com.co3.web.servlet.Co3ServletFilterBase.handleAuthenticatedRequests(Co3ServletFilterBase.java:412)
at com.co3.web.servlet.Co3ServletFilterBase.doFilterImpl(Co3ServletFilterBase.java:375)
at com.co3.web.servlet.Co3ServletFilterBase.lambda$doFilterWithRetry$3(Co3ServletFilterBase.java:319)
at com.co3.web.servlet.Co3ServletFilterBase$$Lambda$677/0x000000008b7b15d0.run(Unknown Source)
Resolving The Problem
Check whether additional TLDs are configured.
sudo resutil configget -additionaltlds
If nothing is returned, then additional TLDs are not configured.
To add a comma-separated list of additional TLDs such as domain.qa and domain.zz, run the following command
sudo resutil configset -additionaltlds qa, zz
Restart IBM QRadar SOAR
sudo systemctl restart resilient-messaging
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSA230","label":"IBM Security QRadar SOAR"},"ARM Category":[{"code":"a8m0z000000cvfWAAQ","label":"Authentication"}],"ARM Case Number":"TS009106062","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEGM63","label":"IBM Security QRadar SOAR on Cloud"},"ARM Category":[{"code":"a8m0z000000cvfWAAQ","label":"Authentication"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
20 April 2022
UID
ibm16573683