KB-1957 Verification error when deploying component plug-ins

Symptoms

Deploying a component plug-in fails with the following error printed in the application server log:

[Appian Plugin Hot Deploy] ERROR com.appiancorp.plugins.LoggingPluginEventListener - Failed to load Component Plug-in 'com.appian.richtext': Component plug-in approval verification failed. Please contact Appian for approval process

The error includes no stack trace or other information.

Cause

This issue can have two underlying causes:

1. The component plug-in is a development copy that was not signed by Appian.
2. The component plug-in was signed, and the file was modified or extracted and re-compressed after signing.

Action

The correct action depends on whether the component plug-in is signed or not. To verify if a plug-in is signed, check that the META-INF directory in the plug-in .zip file contains the following files:

• MANIFEST.MF
• APPIAN.SF
• APPIAN.RSA

If all three files are present, the component plug-in is signed.

Unsigned Plug-ins

Development and testing of component plug-ins requires a registered developer instance. In order to deploy unsigned plug-ins, follow the instructions in the Appian Documentation to register any Appian instances used for development and testing. After successfully completing the registration process, unsigned component plug-ins can be deployed on the environment.

Note: Production instances should not be registered under the developer program in order to circumvent signing requirements. Once development is complete, component plug-ins should be submitted to Appian for signing so they can be deployed on production instances.

Signed Plug-ins

If the error is encountered with a signed component plug-in downloaded from the Appian AppMarket, the likely cause of the issue is corruption of the file during the process of downloading or deploying the plug-in. Actions such as e-mailing, FTP transfers and otherwise copying files may introduce unintended changes to a file. To verify whether the file was modified, the MD5 checksums of the files can be compared using the following command.

Validating File Integrity

Windows

certutil -hashfile "<FULL_PATH_TO_PLUGIN_ZIP>" MD5

Linux/Mac

md5sum "<FULL_PATH_TO_PLUGIN_ZIP>"

Both commands will output a 128-bit hash checksum of the file, such as 93dfaf7e0e08fe41f88dda2aee4c6ab9. To verify if changes occurred to the plug-in file, do the following:

1. Download the component plug-in from the Appian AppMarket to your computer.
2. Immediately after downloading, compute the MD5 checksum as outlined above.
3. On the server where the plug-in was deployed, compute the MD5 checksum of the deployed plug-in in <APPIAN_HOME>/_admin/plugins.
4. Compare the two checksums.

If the two hashes do not match exactly, the file was modified during download or transfer.

Redeploying the Plug-in

If the plug-in's MD5 checksum does not match the plug-in package downloaded from the AppMarket, the plug-in needs to be redeployed. To redeploy the plug-in, take the following steps:

1. On a computer with SSH or virtual desktop access to the Appian server, download the plug-in from the AppMarket.
2. Copy the downloaded plug-in to the server.
3. Verify that the MD5 checksums now match.
4. Deploy the plug-in by moving it into <APPIAN_HOME>/_admin/plugins.

If the checksums match, and the error persists, submit a new support case to Appian Technical Support with the plug-in .zip file attached, as well as the link to the plug-in in the Appian AppMarket.

Affected Versions

This article applies to self-managed installations of Appian 19.1 and later.

Last Reviewed: June 2019