cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Provisioning to Java system not working

Go to solution
Henrik1
Participant

on ‎06-20-2014 1:23 AM

0 Kudos

Hi,

I have hooked up a java portal to our IdM system, and I can read in the data no problem.

I can also provision users to the system, and all is good.

The problem is, as soon as I try to provision any roles or groups, nothing happens. And I mean nothing! No entries in the job log, no errors.

If I change data on the user, such as name or email, it gets provisioned through as expected.

Provisioning to ABAP systems works as intended...

Does anyone have any idea what is wrong?

Cheers,

Henrik

On version 7.2 SP6

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Henrik1
Participant
‎07-03-2014 5:26 AM
0 Kudos

Hi,

sorry for the inactivity here - Was waiting for the change to LDAP based UME for the portal.

Unfortunately that did nothing for me, and my ability to provision roles.

@Tero: Yes, the the provisioning task is set to inherited

@Jack: Role assignments are done in UME, rather than LDAP - at least I can do it manually in the UME, so I should be able to do it from IdM.

I have even tried changing the system user in IdM to my own account, just to make sure it wasn't any strange permission issues - same result

@Steffi: Standard provisioning framework, and the hook tasks are set up as you say.

Still, nothing shows up in the provisioning queue, and the task for assigning roles to java user is not even triggered. In spite of this, the status of the assignment is "OK" when I look at the user, so IdM obviously think that all is good.

Really strange one...

Show replies
Show replies
karthikeyan_viswanathan2
Explorer
‎07-03-2014 6:23 AM
0 Kudos

Hi Henrik,

Did you configure and run the Delta loads for JAVA Server by any chance? .

Regards,

Karthik

Henrik1
Participant
‎07-03-2014 6:34 AM
0 Kudos

Hi Karthik,

Yes, both initial load, and subsequent delta loads works fine... I can read fine from java - just can't provision...

It's not permissions, as I can do it manually - or at least, I assume that's the case...

karthikeyan_viswanathan2
Explorer
‎07-03-2014 6:39 AM
0 Kudos

Hi Henrik,

Please note that for the delta load write jobs, need to edit them to change from -1 to {D}. If this is not done then the provisioning actions will not be triggered


Just check if you have done this.

Regards,

Karthik

Henrik1
Participant
‎07-03-2014 6:52 AM
0 Kudos

Was not set like that.

I have changed it now - but not sure how that relates to the actual provisioning.

But - That being said, the data is flowing now! I can now provision roles

thank you very much!

terovirta
Active Contributor
‎07-03-2014 7:14 AM
0 Kudos

Your provisioning tasks (add task and validate add task) were set to "none" in the screen shot, by the delta or incomplete run of initial load. That's why provisioning was disabled.

regards, Tero

Answers (1)

Answers (1)

Steffi_Warnecke
Active Contributor
‎06-20-2014 7:45 AM
0 Kudos

Hello Hendrik,

can you at least see the provisioning queue grow in the admin-monitoring-tab? May there is no dispatcher assigned? Are you using the standard provisioning framework or have you done some customization?

Regards,

Steffi.

Show replies
Show replies
Henrik1
Participant
‎06-20-2014 8:18 AM
0 Kudos

Hi Steffi,

Nothing happens - the dispatchers are running, and I can create and delete users no problem.

I did a few modifications, but purely on the logon alias. I reverted those changes, but now I can't provision users or groups at all...

/h

Steffi_Warnecke
Active Contributor
‎06-20-2014 9:04 AM
0 Kudos

Yeah, you should probably customize that back.

Hmm, what could it be? Did you set the hook tasks in the repository constants of your portal? #4 and #5 should point to your "Assign User Membership to AS Java"-task and "Revoke User Membership To AS Java"-task respectivly.

Henrik1
Participant
‎06-20-2014 9:09 AM
0 Kudos

I was playing around with getting the alias as the login name in the portal, as it will be the name used. But we are moving to AD based UME, so I don't need that anyway 🙂

The hook tasks are all set correctly - that part wasn't changed, and it worked correctly.

This one is really throwing me for a loop...

thanks for taking time out to help me!

/h

Steffi_Warnecke
Active Contributor
‎06-20-2014 9:22 AM
0 Kudos

You're welcome! But I don't know how helpful I can be here. But luckily enough, there are some really knowledgeable people in this space, so I think, together we'll get this going. ^^

Do you use the standard framework and tasks for the provisioning? Or did you copy them to your custom framework? Are the provisioning dispatchers assigned to the tasks?

It's strange that nothing is triggered. You could activate the trace and then see what is going on, when you assign another portal-privilege.

Former Member
‎06-23-2014 9:58 AM
0 Kudos

Hi Henrik,

I notice you point user data source to AD. Do you store Java roles in UME or in AD?

Best Regards

Jack Xiong

terovirta
Active Contributor
‎06-23-2014 12:20 PM
0 Kudos

Apart from what Steffi pointed out, does the AS Java-privileges have the provisioning tasks set to "inherited from repository"? (easiest way to confirm that is to navigate to the metadata under the Id Store in MMC and filtering for the privileges you're testing with).

regards, Tero

Ask a Question