CA API Developer Portal: 404 Error on login

Document ID : KB000097579
Last Modified Date : 05/09/2018
Show Technical Document Details
Issue:
After running for some time you may experience a problem where you are unable to login to Portal.
Clicking the 'Login' button results in a HTTP 404 Page Not Found error.
 
Resolution:
The issue stems from the portal_apim (ingress) and portal_pssg containers. This Ingress container is ephemeral running entirely in memory. When usage maxes out it can result in stability issues. Excess memory usage can be attributed to audits being saved to the in memory database.

Similarly, excessive audits in the PSSG can cause issues as well using an in memory derby database.

While an official fix was released in 4.2.7.8 it only targeted the updates to the ingress container. The below workaround can be implemented for earlier versions and to update the pssg container on 4.2.7.8.


INGRESS CONTAINER

You will need to connect to the Ingress Gateway via Policy manager.


1) First, obtain the admin password for the Gateway by connecting to the portal host via SSH and running the below command. The value assigned to SSG_ADMIN_PASSWORD is the password we will need.

docker inspect $(docker ps --filter name=portal_apim -q) | grep SSG_ADMIN_PASSWORD

ie:

"SSG_ADMIN_PASSWORD=N2xheWVyUGFzc3dvcmQ"

2) Open Policy manager and enter the below details:

User name: admin
Password: <Password obtained from step 1>
Gateway: apim-ssg.domain.com:9443

where DOMAIN.COM should be replaced with your company domain registered during the portal installation.
If you are unable to connect be sure that you have a DNS record or local host entry for apim-ssg.

3) Navigate to TASKS > LOGGING AND AUDITING > MANAGE LOG/AUDIT SINKS
4) Click MANAGE AUDIT SINK
5) Uncheck Save audit records to Gateway database and instead select Output audit records via audit sink policy
6) Click the configure button and Create Custom Audit Sink and Lookup Policy, click finish
7) Edit the newly created [Internal Audit Sink Policy] [audit-sink] policy
8) Disable the Stop Processing assertion and add a Continue Processing assertion, save and activate the policy
9) Navigate to TASKS > GLOBAL SETTINGS -> MANAGE CLUSTER-WIDE PROPERTIES
10) Add the property audit.sink.fallbackToInternal and set the value to false

This will prevent the build up of DB Audits. However, because this runs entirely in memory these steps will need to be performed anytime the Portal is restarted.
 
PSSG CONTAINER
You will need to connect to the PSSG Gateway via Policy manager.

1. Connect to the Portal host machine via SSH and execute the below
 
docker service update --publish-add "8443:8443" portal_pssg --detach=false

2. Retrieve the PSSG Gateway password by running the below on the Portal server
 
docker inspect $(docker ps --filter name=portal_pssg -q) | grep SSG_ADMIN_PASSWORD
 
ie:

"SSG_ADMIN_PASSWORD=N2xheWVyUGFzc3dvcmQ"

3. Open a 9.2 Policy manager and enter the below details:
 
User name: admin
Password: <Password obtained from step 2 above>
Gateway: apim-.domain.com:8443

where DOMAIN.COM should be replaced with your company domain registered during the portal installation.
If you are unable to connect be sure that you have a DNS record or local host entry for apim.domain.com.

4. Navigate to TASKS > LOGGING AND AUDITING > MANAGE LOG/AUDIT SINKS
5. Click MANAGE AUDIT SINK
6. Uncheck Save audit records to Gateway database and instead select Output audit records via audit sink policy
7Click the configure button and Create Custom Audit Sink and Lookup Policy, click finish
8. Edit the newly created [Internal Audit Sink Policy] [audit-sink] policy
9. Disable the Stop Processing assertion and add a Continue Processing assertion, save and activate the policy
10. Navigate to TASKS > GLOBAL SETTINGS -> MANAGE CLUSTER-WIDE PROPERTIES
11.Add the property audit.sink.fallbackToInternal and set the value to false 
12. For security reasons be sure to remove the port published above in step 1
 
 Connect to the Portal host machine via SSH and execute the below
 docker service update --publish-rm "8443:8443" portal_pssg --detach=false