Okta Provisioning agent error - getConnectorConfig failed for action rpc::app.onprem_provisioning.agent.reply.op1-apiapp04b//1493212647043//19e06410-556e-4d0c-b1ca-f1fbac3e8691 getConnectorConfig failed for action rpc::app.onprem_provisioning.agent.reply. Skip to main content
https://support.okta.com/help/answers?id=9062a000000xzhbqaw&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Balaji ParameswaranBalaji Parameswaran 

Okta Provisioning agent error - getConnectorConfig failed for action rpc::app.onprem_provisioning.agent.reply.op1-apiapp04b//1493212647043//19e06410-556e-4d0c-b1ca-f1fbac3e8691 getConnectorConfig failed for action rpc::app.onprem_provisioning.agent.reply.


The following steps have been done by me,
1. Implement the example-server project and implement my logic (Connector).
2. Test the connector with tester jar.
3. Created Okta dev login to provision the connector to the apps configured.
4. Install the Okta provisioning agent in my system.
5. Configure the provisioning for the apps installed through my login.

In the provisioning tab in the application, configure SCIM connector is given and the URL of the above system where the connector is running is given. The following error comes when the "test connector configuration" is clicked - 
The connector configuration could not be tested. Make sure that the URL, Authentication Parameters are correct and that there is an implementation available at the URL provided. API error: The Provisioning Agent call to getConnectorConfig failed. Error code: 1, error: Server chose TLSv1, but that protocol version is not enabled or not supported by the client.

OKta error log 
javax.net.ssl.SSLHandshakeException: Server chose TLSv1, but that protocol version is not enabled or not supported by the client.
        at sun.security.ssl.ClientHandshaker.serverHello(Unknown Source) ~[na:1.7.0_79]
        at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[na:1.7.0_79]
        at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.7.0_79]
        at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[na:1.7.0_79]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_79]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[na:1.7.0_79]
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[na:1.7.0_79]
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[na:1.7.0_79]
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:275) ~[OktaProvisioningAgent.jar:na]
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:254) ~[OktaProvisioningAgent.jar:na]
        at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:123) ~[OktaProvisioningAgent.jar:na]
        at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:318) ~[OktaProvisioningAgent.jar:na]
        at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363) ~[OktaProvisioningAgent.jar:na]
        at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219) ~[OktaProvisioningAgent.jar:na]
        at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195) ~[OktaProvisioningAgent.jar:na]
        at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108) ~[OktaProvisioningAgent.jar:na]
        at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) ~[OktaProvisioningAgent.jar:na]
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) ~[OktaProvisioningAgent.jar:na]
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106) ~[OktaProvisioningAgent.jar:na]
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57) ~[OktaProvisioningAgent.jar:na]
        at com.okta.scim.ScimClientImpl.makeRequest(ScimClientImpl.java:364) ~[OktaProvisioningAgent.jar:na]
        at com.okta.scim.ScimClientImpl.performGet(ScimClientImpl.java:241) ~[OktaProvisioningAgent.jar:na]
        at com.okta.scim.ScimClientImpl.getServiceProviderConfigs(ScimClientImpl.java:213) ~[OktaProvisioningAgent.jar:na]
        at com.okta.opp.connectors.scim.ScimConnectorExecutorImpl.getConnectorConfig(ScimConnectorExecutorImpl.java:372) ~[OktaProvisioningAgent.jar:na]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_79]
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[na:1.7.0_79]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[na:1.7.0_79]
        at java.lang.reflect.Method.invoke(Unknown Source) ~[na:1.7.0_79]
        at com.okta.opp.handlers.ExecuteScriptActionHandler.performAction(ExecuteScriptActionHandler.java:63) [OktaProvisioningAgent.jar:na]
        at com.okta.agent.OktaAgent$2.run(OktaAgent.java:160) [OktaProvisioningAgent.jar:na]
        at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) [na:1.7.0_79]
        at java.util.concurrent.FutureTask.run(Unknown Source) [na:1.7.0_79]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.7.0_79]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.7.0_79]
 
Best Answer chosen by Balaji Parameswaran
Balaji ParameswaranBalaji Parameswaran
Enable the TLSV1 in your client Apache to resolve this issue.

In the file httpd-ssl.conf

--Added the below lines to resolve this issue.
SSLProtocol  -ALL +TLSv1 +TLSv1.1 +TLSv1.2

SSLCipherSuite EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:!aNULL:!eNULL:!EXP:!MEDIUM:!LOW:!MD5
SSLHonorCipherOrder on
SSLCompression Off