IBM Support

Target environment could not be modified because of NullPointerException error on Cloud Pak for Business Automation

Troubleshooting


Problem

The java.lang.NullPointerException error is encountered when opening the target environment on Case administration client.
image-20230508160116-1

Symptom

In browser network trace, you can find the action ibmAccmRetrieveProductionTargetEnvironment causes the NullPointerException error.
GET /navigator/jaxrs/plugin?server=servername&designObjectStore=DOS&connectionDefName=target_env&plugin=ICMAdminClientPlugin&action=ibmAccmRetrieveProductionTargetEnvironment&desktop=bawadmin HTTP/2
In Navigator debug logs, you can find below errors.
[4/14/23 14:26:39:178 HKT] 000002e2 SystemOutO [04/14/23 14:26:39:178 HKT] 000002e2 SystemOut O CIWEB.ICMAdminClientPlugin Error: [bpmadmin@192.168.0.1] [REQUEST 16538]
com.ibm.casemgmt.config.ContentEngineHelper.getCaseOpsUserForConnDef()() [FNRPE2131090484E]Failed to get a JAAS Subject for RPC=pejb_getSystemConfigInfo.
Root cause:com.filenet.api.exception.EngineRuntimeException: The user is not authenticated.
[4/14/23 14:26:39:183 HKT] 000002e2 SystemOutO [04/14/23 14:26:39:181 HKT] 000002e2 SystemOut O CIWEB.ICMAdminClientPlugin Error: [bpmadmin@192.168.0.1] [REQUEST 16538]
com.ibm.ecm.icm.accm.services.RetrieveProductionTargetEnvironmentService.execute() ACCM service is throwing exception
java.lang.NullPointerException

Environment

IBM Cloud Pak for Business Automation 22.0.2

Diagnosing The Problem

1. Examine workflow system in target object store and ensure the login user is a member of the workflow system administration group.
2. The issue can be worked around after clearing liberty caches by deleting the <server>/workarea folder on Navigator pod icp4adeploy-navigator-deploy.

Resolving The Problem

Specify com.filenet.authentication.wsi.AuthTokenOrder property to explicitly define the default priority order if multiple authentication token types are found by the Content Engine API. The recommendation for this issue is to change the AuthTokenOrder on pods icp4adeploy-xxxx-baw-server, icp4adeploy-cpe-deploy and icp4adeploy-navigator-deploy.
-Dcom.filenet.authentication.wsi.AuthTokenOrder=oauth,oidc,ltpa
1. On pod icp4adeploy-xxxx-baw-server, create a ${server.config.dir}/configDropins/overrides/jvm.options file with the following entry:
-Dcom.filenet.authentication.wsi.AuthTokenOrder=oauth,oidc,ltpa
2. On pod icp4adeploy-cpe-deploy, referring below documentation for the CR parameters that pertain to FileNet Content Manager.
https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/22.0.1?topic=parameters-content-platform-engine
The Content Process Engine has the identical CR parameter to allow the injection of lines into the jvm.options file:
cpe_production_setting.jvm_customize_options
Kindly have a look on the below YAML and search for "cpe_production_setting", here you found the "jvm_customize_options:".
https://github.com/ibm-ecm/container-samples/blob/5.5.8/descriptors/ibm_fncm_cr_production_FC_content.yaml
Where you can specify the JVM arguments using comma separation.
    cpe:
      cpe_production_setting:
        jvm_customize_options: "-Dcom.filenet.authentication.wsi.AuthTokenOrder=oauth,oidc,ltpa"
3. On pod icp4adeploy-navigator-deploy, apply the same setting in CR file by referring to above instruction of pod icp4adeploy-cpe-deploy.
-Dcom.filenet.authentication.wsi.AuthTokenOrder=oauth,oidc,ltpa

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBYVB","label":"IBM Cloud Pak for Business Automation"},"ARM Category":[{"code":"a8m3p000000LPqyAAG","label":"Design-\u003EBAW App Development-\u003ECase Manager"}],"ARM Case Number":"TS012384800","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"22.0.2"}]

Document Information

Modified date:
10 May 2023

UID

ibm16988903

Page Feedback