13 Replies Latest reply on Jul 13, 2020 1:34 AM by Srinath Menon-Oracle

    Secondary Entitlement Request Status : Request Failed(actually request is approved).

    4211596

      Hi All,

       

      I have an OAM-OIM 12c integrated environment.

       

      When the user is requesting for secondary entitlement from:

      Identity Manager >> Self-Service >> Request Access

       

      a request is raised which goes to a higher authority for approval. A tracking Id/request number is generated for the corresponding request which can be tracked from:

      Identity Manager >> Self-Service >> Track Requests

       

      After the request is approved, the user is granted the secondary entitlement and it is also provisioned in the target application. Also on opening the request, in Approval Details the outcome is shown as:

      APPROVED (Figure 1). Everything goes fine till here.

       

      But, in Track Request section in Identity Manager, the request status is shown as Request Failed(Figure 2).

       

      In database :

      Query: select REQUEST_ID, REQUEST_KEY, REQUEST_STATUS, REQUEST_FAILURE_REASON from REQUEST where REQUEST_ID = 375050;

      Output : REQUEST_STATUS  : Request Failed

                                  REQUEST_FAILURE_REASON  : String index out of range: -1

       

      In OIM-Diagnostic logs, the error is shown as below and Figure 3:

       

      [2020-07-04T01:20:23.686+05:30] [oim_server1] [ERROR] [IAM-0089999] [oracle.iam.platform.kernel.impl] [tid: [ACTIVE].ExecuteThread: '40' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 005eOuku4bJ56i05nzs1yZ0000kK0000mN,1:21209:11:4] [APP: oim] [partition-name: DOMAIN] [tenant-name: GLOBAL] [oracle.soa.tracking.FlowId: 2140063] [oracle.soa.tracking.InstanceId: 2260610] [oracle.soa.tracking.SCAEntityId: 1380038] [FlowId: 0000NCMCMyk56i05nzp2iZ1UzikH000013] Kernel Information: {0}[[

      oracle.iam.platform.kernel.EventFailedException: Error occured while executing Id 9 name ProvisionLDAPEntitlementPostProcessHandler

              at oracle.iam.platform.kernel.impl.OIMEvent.execute(OIMEvent.java:174)

              at oracle.iam.platform.kernel.impl.ProcessImpl.executeStage(ProcessImpl.java:223)

              at oracle.iam.platform.kernel.impl.OIMProcess.doStageExecution(OIMProcess.java:65)

              at oracle.iam.platform.kernel.impl.ProcessImpl.execute(ProcessImpl.java:182)

              at oracle.iam.platform.kernel.impl.MonitoredOIMProcess.execute(MonitoredOIMProcess.java:33)

              at oracle.iam.platform.kernel.impl.Utils.manageSyncProcessing(Utils.java:73)

              at oracle.iam.platform.kernel.impl.OrchestrationAsyncTask$2.execute(OrchestrationAsyncTask.java:101)

              at oracle.iam.platform.kernel.impl.Utils.executeInContext(Utils.java:60)

              at oracle.iam.platform.kernel.impl.Utils.executeInContext(Utils.java:46)

              at oracle.iam.platform.kernel.impl.OrchestrationAsyncTask.executeInOrchContext(OrchestrationAsyncTask.java:97)

              at oracle.iam.platform.kernel.impl.OrchestrationAsyncTask.execute(OrchestrationAsyncTask.java:74)

              at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)

              at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)

              at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)

              at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:438)

              at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:361)

              at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:297)

              at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:5107)

              at weblogic.jms.client.JMSSession.execute(JMSSession.java:4775)

              at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:4170)

              at weblogic.jms.client.JMSSession.access$000(JMSSession.java:127)

              at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5627)

              at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:670)

              at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:352)

              at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:337)

              at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:57)

              at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)

              at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:644)

              at weblogic.work.ExecuteThread.execute(ExecuteThread.java:415)

              at weblogic.work.ExecuteThread.run(ExecuteThread.java:355)

      Caused by: java.lang.StringIndexOutOfBoundsException: String index out of range: -1

              at java.lang.String.substring(String.java:1967)

              at oracle.iam.ssointg.util.SSOIntegrationUtil.parseEntitlementName(SSOIntegrationUtil.java:513)

              at oracle.iam.ssointg.impl.handlers.entitlement.ProvisionLDAPEntitlementPostProcessHandler.execute(ProvisionLDAPEntitlementPostProcessHandler.java:109)

              at oracle.iam.platform.kernel.impl.OIMEvent.executeHandlers(OIMEvent.java:224)

              at oracle.iam.platform.kernel.impl.MonitoredOIMEvent.invokeExecuteHandler(MonitoredOIMEvent.java:99)

              at oracle.iam.platform.kernel.impl.MonitoredOIMEvent.executeHandlers(MonitoredOIMEvent.java:69)

              at oracle.iam.platform.kernel.impl.OIMEvent.execute(OIMEvent.java:157)

              ... 29 more

      ]]

       

      Figure 1.png Figure 1

       

       

      Figure 2.png Figure 2

       

      Figure 3.png Figure 3.

       

      Please suggest.

      Thanks in advance.

        • 1. Re: Secondary Entitlement Request Status : Request Failed(actually request is approved).
          Sunil_Sharma

          Hi,

           

          Is the entitlement is provisioned to user in OIM entitlement tab?
          Have to checked SOA work flow in EM console if it has any error?

          Have you tried with multiple users? and got the same result?

          Anything in SOA logs?

           

          Looking at error above, it looks like that the event handler which is responsible for setting the request status to completed/failure is not working properly.

           

           

          Thanks,
          Sunil Sharma

          • 2. Re: Secondary Entitlement Request Status : Request Failed(actually request is approved).
            4211596

            Sunil_Sharma, Thanks for the reply..

             

            Is the entitlement is provisioned to user in OIM entitlement tab?  --> Yes, the entitlement is provisioned to the user.

            Have to checked SOA work flow in EM console if it has any error?  --> Yes, I checked. There are no errors in the workflow getting generated.

            Anything in SOA logs?  -->  No, SOA logs are empty. Logs are observed in only OIM-Diagnostic logs.

             

            Yes, the mentioned error reflects the error is due to failure of a post process event handler of OIM, but on searching in internet, I am unable to find anything about this handler class.

             

            Please suggest where to check for this handler class, seems to be inbuilt handler class of OIM.

            Thanks in advance.

             

            Also, for another user :

            Have you tried with multiple users? and got the same result?  --> I tried with another user, The status now is "Request Approved Fulfilment Failed" and the error shown is CONNECTOR_EXCEPTION. However, the role is provisioned to the user.

             

             

            • 3. Re: Secondary Entitlement Request Status : Request Failed(actually request is approved).
              Sunil_Sharma

              Also, for another user :

              Have you tried with multiple users? and got the same result?  --> I tried with another user, The status now is "Request Approved Fulfilment Failed" and the error shown is CONNECTOR_EXCEPTION. However, the role is provisioned to the user.-------------Does it mean that entitlement is not provisioned to user in entitlement tab? If yes can you retry the task?

               

              Thanks,

              Sunil Sharma

              • 4. Re: Secondary Entitlement Request Status : Request Failed(actually request is approved).
                4211596

                Entitlement is being provisioned to the user in entitlement tab in all cases.

                It is only that the status of the request is not "Request Completed" as it should have been. It is either Request Failed or Request Approved Fulfilment Failed".

                 

                Tried multiple times....getting same result.

                • 5. Re: Secondary Entitlement Request Status : Request Failed(actually request is approved).
                  Sunil_Sharma

                  Hi,

                   

                  Can you try the step mentioned in below oracle document id. Though it belongs to OIM R1.

                   

                  Users/Roles Creation Request Stays at Pending Status Due to Slow OIM Server Performance (Doc ID 1627108.1)

                   

                  Thanks,
                  Sunil Sharma

                  • 6. Re: Secondary Entitlement Request Status : Request Failed(actually request is approved).
                    Srinath Menon-Oracle

                    But, in Track Request section in Identity Manager, the request status is shown as Request Failed(Figure 2).

                     

                    In database :

                    Query: select REQUEST_ID, REQUEST_KEY, REQUEST_STATUS, REQUEST_FAILURE_REASON from REQUEST where REQUEST_ID = 375050;

                    Output : REQUEST_STATUS  : Request Failed

                                                REQUEST_FAILURE_REASON  : String index out of range: -1

                     

                    This is something strange that the entities are provisioned to requesting users but error is seen in request details page. Does the same issue happen for a single stage approval process instead of multiple ones? Or for a direct approval scenario?

                     

                    Please upload lsinventory output of this environment for review.

                     

                    Connector_Exception - this looks different from the earlier error , assuming it was captured for the same test case but different users.

                     

                    What is the LDAP being used in the integration? OUD, OID or AD? Which version?

                    Also, can you give a brief summary how the entire set up is done? In terms of flow and architecture?

                    • 7. Re: Secondary Entitlement Request Status : Request Failed(actually request is approved).
                      4211596

                      Also, can you give a brief summary how the entire set up is done? In terms of flow and architecture?

                      The end user registers in the system using a self registration form which is custom designed. A tracking id is generated using which the user can track the status of the registration. A two-level or one-level approval SOA workflow is generated based on the designation of the user.

                      On approval, user is created in OIM and is provisioned to LDAP. The user is provisioned to the target application using a WebService Connector.

                       

                      Architecture wise, OAM-OIM-OID 12c integrated setup along with OHS.

                       

                      What is the LDAP being used in the integration? OUD, OID or AD? Which version?

                      LDAP being used is OID, 12c version. OIM, OAM versions are also 12c.

                       

                      Connector_Exception - this looks different from the earlier error , assuming it was captured for the same test case but different users.

                      This is actually sorted. The WebService Connector for provisioning user secondary role to target application was not working.

                       

                      Does the same issue happen for a single stage approval process instead of multiple ones? Or for a direct approval scenario?

                      The single stage approval as well as two stage approval flow gives same error. The approval workflow in SOA is custom designed.

                      However, I have tested for both default(in which user request goes to superuser for approval) and custom workflows, both test cases are giving same results. This also proves that the issue is from OIM end and not from SOA end(also because the workflow generating is error free and complete). Even on testing for provisioning to multiple target applications, I am getting same errors.

                       

                      Please upload lsinventory output of this environment for review.

                      Can you please provide a little insight on what this is and how get it from the setup.

                       

                      Thanks.

                      • 8. Re: Secondary Entitlement Request Status : Request Failed(actually request is approved).
                        Srinath Menon-Oracle
                        Can you please provide a little insight on what this is and how get it from the setup.

                        Set ORACLE_HOME=<path where oim is installed>

                         

                        For eg :

                         

                        I have installed oim under : /home/identity/oim12c

                         

                        So,ORACLE_HOME=/home/identity/oim12c

                         

                        Then run the following command :

                        $ORACLE_HOME/OPatch/opatch lsinventory > patch.txt

                         

                        Once it is completed,upload patch.txt here for review.

                         

                        However, I have tested for both default(in which user request goes to superuser for approval) and custom workflows, both test cases are giving same results.

                        Which OOTB WF was tested?

                        • 9. Re: Secondary Entitlement Request Status : Request Failed(actually request is approved).
                          4211596

                          Srinath Menon-Oracle, thanks for the reply.

                           

                          Which OOTB WF was tested?

                          > DefaultOperationApproval was tested for this.

                           

                          Content of patch.txt file is below:

                           

                          ================================= Content of opatch.txt file starts ===================================

                          Oracle Interim Patch Installer version 13.9.2.0.0

                          Copyright (c) 2020, Oracle Corporation.  All rights reserved.

                           

                           

                           

                           

                          Oracle Home       : /u01/oracle/products/OIG_HOME

                          Central Inventory : /home/oracle/oraInventory

                             from           : /u01/oracle/products/OIG_HOME/oraInst.loc

                          OPatch version    : 13.9.2.0.0

                          OUI version       : 13.9.2.0.0

                          Log file location : /u01/oracle/products/OIG_HOME/cfgtoollogs/opatch/opatch2020-07-09_15-55-59PM_1.log

                           

                           

                           

                           

                          OPatch detects the Middleware Home as "/u01/oracle/products/OIG_HOME"

                           

                           

                          Lsinventory Output file location : /u01/oracle/products/OIG_HOME/cfgtoollogs/opatch/lsinv/lsinventory2020-07-09_15-55-59PM.txt

                           

                           

                          --------------------------------------------------------------------------------

                          Local Machine Information::

                          Hostname: <hostname_of_the_machine>

                          ARU platform id: 226

                          ARU platform description:: Linux x86-64

                           

                           

                           

                           

                          Interim patches (5) :

                           

                           

                          Patch  29192545     : applied on Sat Apr 20 02:06:34 IST 2019

                          Unique Patch ID:  22670133

                          Patch description:  "OIM BUNDLE PATCH 12.2.1.3.0(ID:20190109045141)"

                             Created on 9 Jan 2019, 06:14:11 hrs PST8PDT

                             Bugs fixed:

                               23110063, 23337308, 25323654, 25540355, 25996056, 26164709, 26165573

                               26186971, 26188366, 26288324, 26418875, 26427097, 26434476, 26474713

                               26500524, 26522972, 26556110, 26592805, 26615293, 26616250, 26625354

                               26639196, 26663859, 26670135, 26681376, 26729272, 26732357, 26785853

                               26808282, 26811926, 26860614, 26863966, 26865173, 26895672, 26932665

                               26935680, 26935701, 26957145, 26967104, 26967178, 26982896, 27000479

                               27024554, 27025473, 27025966, 27026427, 27037128, 27067961, 27078300

                               27098131, 27100241, 27110896, 27112593, 27113693, 27119830, 27119849

                               27133948, 27139528, 27145500, 27166581, 27168000, 27175826, 27177740

                               27181614, 27196097, 27200817, 27203691, 27241253, 27273838, 27279346

                               27298564, 27300245, 27302510, 27311536, 27313843, 27337702, 27350190

                               27366933, 27384225, 27423854, 27423992, 27438385, 27439501, 27466871

                               27479814, 27486132, 27498869, 27510030, 27558461, 27564325, 27564429

                               27567130, 27567365, 27567443, 27581965, 27607542, 27617132, 27617274

                               27624103, 27624252, 27626291, 27626487, 27629691, 27638151, 27638236

                               27656612, 27675628, 27697060, 27712069, 27712164, 27719473, 27733085

                               27762094, 27763398, 27771411, 27772143, 27777600, 27779926, 27799154

                               27806091, 27806960, 27817160, 27828814, 27833180, 27860018, 27920700

                               27927397, 27931832, 27939257, 27986715, 28031831, 28056465, 28142729

                               28155722, 28186972, 28238704, 28239186, 28297906, 28316082, 28354933

                               28366280, 28369024, 28377433, 28433832, 28542619, 28891498, 28961310

                               29006080, 29044105

                           

                           

                          Patch  26355633     : applied on Fri Apr 19 17:22:59 IST 2019

                          Unique Patch ID:  21447583

                          Patch description:  "One-off"

                             Created on 1 Aug 2017, 21:40:20 hrs UTC

                             Bugs fixed:

                               26355633

                           

                           

                          Patch  26287183     : applied on Fri Apr 19 17:22:38 IST 2019

                          Unique Patch ID:  21447582

                          Patch description:  "One-off"

                             Created on 1 Aug 2017, 21:41:27 hrs UTC

                             Bugs fixed:

                               26287183

                           

                           

                          Patch  26261906     : applied on Fri Apr 19 17:22:08 IST 2019

                          Unique Patch ID:  21344506

                          Patch description:  "One-off"

                             Created on 12 Jun 2017, 23:36:08 hrs UTC

                             Bugs fixed:

                               25559137, 25232931, 24811916

                           

                           

                          Patch  26051289     : applied on Fri Apr 19 17:21:49 IST 2019

                          Unique Patch ID:  21455037

                          Patch description:  "One-off"

                             Created on 31 Jul 2017, 22:11:57 hrs UTC

                             Bugs fixed:

                               26051289

                           

                           

                           

                           

                           

                           

                          --------------------------------------------------------------------------------

                           

                           

                          OPatch succeeded.

                           

                          ================================= Content of opatch.txt file ends ===================================

                          • 11. Re: Secondary Entitlement Request Status : Request Failed(actually request is approved).
                            Srinath Menon-Oracle

                            I am quite out of ideas on this case. Would suggest you to raise a Service Request so more details / information can be collected for analysis.

                            • 13. Re: Secondary Entitlement Request Status : Request Failed(actually request is approved).
                              4211596

                              Hi,

                               

                              Srinath Menon-Oracle, Sunil_Sharma...got the solution for this issue.

                               

                              Rolled back the Patch  29192545(this patch was applied at the initial stage of setting up the environment) and applied two new patches:

                               

                              IDM SUITE BUNDLE PATCH 12.2.1.3.180116 (Patch)

                              (OIM patch number : 27363471) - (https://support.oracle.com/epmos/faces/PatchDetail?patchId=27363471&requestId=21862880)

                               

                              and

                               

                               

                              REVOKELDAPENTITLEMENTPOSTPROCESSHANDLER FAILING WHILE PARSING THE ENT NAME(Patch 28027119)

                              (https://support.oracle.com/epmos/faces/PatchDetail?patchId=28027119&languageId=0&platformId=2000&requestId=22366558)

                               

                              Actually the patch number 28027119 is the main patch which was required and the patch number 27363471 is a pre-requisite for the patch 28027119.

                               

                              First I tried with directly applying the patch 28027119, but it was failing to apply and was demanding patch 27363471 to be installed as pre-requisite.

                               

                              On applying the patch 27363471, it was conflicting with already applied OIM patch bundle 29192545. So, first I rolled back OIM patch bundle 29192545 and then applied the other two patches and the issue was resolved.

                              1 person found this helpful
                              • 14. Re: Secondary Entitlement Request Status : Request Failed(actually request is approved).
                                Srinath Menon-Oracle

                                Glad to know the issue is resolved and thanks for posting the solution.