cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Error when submitting GRC request from IDM

Go to solution
Former Member

on ‎12-06-2011 2:55 PM

0 Kudos

Hello GRC gurus,

We were running into an issue when trying to set up our IDM - GRC integration; when submitting a request to GRC via the AC Validation task the "Submit AC Request" task always encounters an error, but in spite of which the request still gets created on the GRC end; weirdly enough, 2 requests get created each time:<br>


putNextEntry failed storingcn=TESTUSER,ou=submitrequest,o=grc

Exception from Add operation:javax.naming.CommunicationException: [LDAP: error code 2 - (GRC Submit Request:2:oracle.jdbc.driver.OracleDriver)]; remaining name 'cn=TESTUSER,ou=submitrequest,o=grc'

<br>

On the GRC end we noticed that we are getting the following error:<br>


2011-12-05 20:21:32,046 [SAPEngine_Application_Thread[impl:3]_30] ERROR com.sap.security.api.NoSuchUserAccountException: Cannot find user when logonid is null!
com.virsa.ae.service.umi.UMIException: com.sap.security.api.NoSuchUserAccountException: Cannot find user when logonid is null!
	at com.virsa.ae.service.umi.ume.UMESearchUser.getUserById(UMESearchUser.java:304)
	at com.virsa.ae.search.bo.SearchUserBO.getUserById(SearchUserBO.java:198)
	at com.virsa.ae.ejbutil.submitrequest.RequestSubmissionBean.submitRequest(RequestSubmissionBean.java:564)
	at com.virsa.ae.ejb.submitrequest.SubmitRequestEJBBean.getSubmitRequest(SubmitRequestEJBBean.java:45)
	at com.virsa.ae.ejb.submitrequest.SubmitRequestEJBObjectImpl0_0.getSubmitRequest(SubmitRequestEJBObjectImpl0_0.java:119)

2011-12-05 20:21:32,064 [SAPEngine_Application_Thread[impl:3]_30] ERROR com.virsa.ae.core.BOException:  Error in Searching Users... 
com.virsa.ae.core.BOException:  Error in Searching Users... 
	at com.virsa.ae.search.bo.SearchUserBO.getUserById(SearchUserBO.java:201)
	at com.virsa.ae.ejbutil.submitrequest.RequestSubmissionBean.submitRequest(RequestSubmissionBean.java:564)
	at com.virsa.ae.ejb.submitrequest.SubmitRequestEJBBean.getSubmitRequest(SubmitRequestEJBBean.java:45)
	at com.virsa.ae.ejb.submitrequest.SubmitRequestEJBObjectImpl0_0.getSubmitRequest(SubmitRequestEJBObjectImpl0_0.java:119)

As a result of this error GRC AC Submit request never completes successfully and so the polling task never starts, instead immediately the pending values are skipped and removed from the user in question.<br>

<br>

What are we supposed to set the User data source as within CUP? Is there something else we should be doing to fix this?<br>

<br>

Would greatly appreciate your help with trying to fix this!<br>

<br>

Thanks a lot in advance!<br>

<br>

Best regards,

Sandeep

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-06-2011 4:27 PM
0 Kudos

Hi,

There're some restrictions regarding GRC -IDM integration. What's your GRC version? What's your IDM Version? What system are you trying to provision to?

Cheers,

Diego.

Show replies
Show replies
Former Member
‎12-06-2011 4:39 PM
0 Kudos

Thank you for the quick responses Frank & Diego!

Frank,

We are now using SAP UME as the user data source and the previously posted error is now gone; we are now encountering a different set of errors:


2011-12-06 15:54:52,897 [SAPEngine_Application_Thread[impl:3]_16] ERROR com.virsa.ae.service.messaging.MessageNotFoundException: Code: '9920', Locale: 'en'
com.virsa.ae.service.messaging.MessageNotFoundException: Code: '9920', Locale: 'en'
	at com.virsa.ae.service.messaging.MessageFormatter.formatAsText(MessageFormatter.java:103)
	at com.virsa.ae.search.po.RequestHistoryPO.getDisplayString(RequestHistoryPO.java:112)
	at jsp_show_audit_info1322932433534._jspService(jsp_show_audit_info1322932433534.java:110)
	at com.sap.engine.services.servlets_jsp.server.jsp.JspBase.service(JspBase.java:112)
	at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:566)
	at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:190)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
	at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
.......................................
2011-12-06 15:54:53,095 [SAPEngine_Application_Thread[impl:3]_16] ERROR com.virsa.ae.service.messaging.MessageNotFoundException: Code: '9906', Locale: 'en'
com.virsa.ae.service.messaging.MessageNotFoundException: Code: '9906', Locale: 'en'
	at com.virsa.ae.service.messaging.MessageFormatter.formatAsText(MessageFormatter.java:103)
	at com.virsa.ae.search.po.RequestHistoryPO.getDisplayString(RequestHistoryPO.java:112)
	at jsp_show_audit_info1322932433534._jspService(jsp_show_audit_info1322932433534.java:98)
	at com.sap.engine.services.servlets_jsp.server.jsp.JspBase.service(JspBase.java:112)
	at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:566)
	at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:190)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
	at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
.................................
2011-12-06 15:54:53,109 [SAPEngine_Application_Thread[impl:3]_16] ERROR com.virsa.ae.service.messaging.MessageNotFoundException: Code: '9940', Locale: 'en'
com.virsa.ae.service.messaging.MessageNotFoundException: Code: '9940', Locale: 'en'
	at com.virsa.ae.service.messaging.MessageFormatter.formatAsText(MessageFormatter.java:103)
	at com.virsa.ae.search.po.RequestHistoryPO.getDisplayString(RequestHistoryPO.java:112)
	at jsp_show_audit_info1322932433534._jspService(jsp_show_audit_info1322932433534.java:110)
	at com.sap.engine.services.servlets_jsp.server.jsp.JspBase.service(JspBase.java:112)
	at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:566)
	at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:190)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
	at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)

Diego,

We are using GRC 5.3 SP13 and IDM 7.1 SP5. We are trying to provision to an ECC 6 ABAP system.

Thanks a lot in advance for your help!

Best regards,

Sandeep

Former Member
‎12-06-2011 4:58 PM
0 Kudos

Well, regarding this error: com.virsa.ae.service.messaging.MessageNotFoundException: Code: '9906', Locale: 'en'

Have you uploaded the corresponding XML CUP files??

Cheers,

Diego.

Former Member
‎12-06-2011 5:08 PM
0 Kudos

Yes Diego; we had originally done so and we also uploaded them again this afternoon.

Cheers,

Sandeep

Former Member
‎12-06-2011 7:13 PM
0 Kudos

Sandeep,

Have you followed this procedure: Note 1507749 - After CUP SP13, Logo, About, and Logoff buttons are missing

You should see the messages according to the file "AE_init_clean_and_insert_data.xml";. If you open this file you'll be able to find the text for these messages codes.

Cheers,

Diego.

Former Member
‎12-14-2011 8:32 AM
0 Kudos

Hi Diego,

Thanks a lot for your quick response! Sorry for the delay in responding; I was travelling.

Uploading the new files from the Note you mentioned allowed us to view what the actual errors were; but we've started running into new errors now; when looking at the operation logs for VDS, I see that the webservice actually returns an operation result of SUCCESS also quoting that "Finished add operation"; which is why the request does in fact get created in CUP but a couple of log entries later after the webservice returns the request number I encounter the following error within VDS:


Exception in GRC WS API call:oracle.jdbc.driver.OracleDriver

Here's the error found in sequence within a set of other operational log messages within VDS:


Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
End element SOAP-ENV:Envelope
 
Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
org.apache.axis.i18n.resource::handleGetObject(empty00)
 
Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
NSPop (empty)
 
Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
org.apache.axis.i18n.resource::handleGetObject(setMsgForm)
 
Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Setting current message form to: FORM_OPTIMIZED (currentMessage is now org.apache.axis.utils.ByteArray)
 
Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Exit: SOAPPart::saveChanges(): org.apache.axis.utils.ByteArray@7ecd78
 
Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Operations result is:SUCCESS
 
Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Additional message = msgcode=000;msgdescription=Request Created;msgtype=SUCCESS;requestno=92
 
Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Requst number: 92
 
Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Exception in GRC WS API call:oracle.jdbc.driver.OracleDriver
 
Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
*** Fetch result code ***
 
Time: Tue Dec 13 18:01:43 GMT 2011  Level: Info  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Operation result: 2
 
Time: Tue Dec 13 18:01:43 GMT 2011  Level: Warning  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Exception: (GRC Submit Request:2:oracle.jdbc.driver.OracleDriver)
 
Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Returning: opResult:2,info: ((GRC Submit Request:2:oracle.jdbc.driver.OracleDriver))
 
Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Finished add operation
 
Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
Sending operation result
 
Time: Tue Dec 13 18:01:43 GMT 2011  Level: All  Thread: Thread[3,3,LDAP 
Sessions:main_listener_4389] Logger: Plain Message:
Sending response to socket: 63621
 
Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
LDAP Session continues ...

It's the strangest thing, because it seems to send the request across successfully which is how the request is getting created in CUP but after it succeeds it encounters the exception with the GRC WebService call from the API; any ideas why this is happening? how can we possibly fix this?

Would greatly appreciate any insight / advice on this!

Cheers,

Sandeep

Former Member
‎12-16-2011 1:47 PM
0 Kudos

Hi Diego,

We finally got this fixed; the issue happened to be that the folder containing the OJDBC driver didn't have sufficient permissions for access by VDS; it finally worked and came back to IDM successfully and the privilege was automatically approved, thereby successfully testing what we needed.

Thanks a lot for your help Diego and Frank!

Best regards,

Sandeep

Former Member
‎12-16-2011 1:51 PM
0 Kudos

Sandeep,

Is nice to know that your problem has been solved. Thank you for sharing the solution with the community.

Cheers,

Diego.

Answers (1)

Answers (1)

koehntopp
Product and Topic Expert
Product and Topic Expert
‎12-06-2011 4:14 PM
0 Kudos

Hi Sandeep,

the general answer is: you need to use the user source that is able to find all the user IDs in your request.

Probably LDAP via UME is your best choice.

Frank.

Show replies
Show replies
Ask a Question