do-create-role token incorrectly creates US Localized Display Name

Now, I know that there is a bug open for ability to specify other language localizations than the default when using the IDM4.6 create role token

That is OK, I don't need that right now.

Was testing the different behaviour between creating a role via a PRD with SOAP Integration Activity calling the offically suported SOAP endpoint to create a role and the do-create-role token.

So have had the PRD approach working for many years now, use it all the time. Works pretty well.

Tried the Designer create role token (latest Designer 4.7.3) against an IDM Engine recent enough to support the token - Trace as follows

 

 

 

[08/20/19 18:41:31.599]:Role-Service PT: Action: do-set-local-variable("varRoleName",scope="policy",token-lower-case(token-dest-name())). [08/20/19 18:41:31.599]:Role-Service PT: arg-string(token-lower-case(token-dest-name())) [08/20/19 18:41:31.599]:Role-Service PT: token-lower-case(token-dest-name()) [08/20/19 18:41:31.599]:Role-Service PT: token-lower-case(token-dest-name()) [08/20/19 18:41:31.615]:Role-Service PT: token-dest-name() [08/20/19 18:41:31.615]:Role-Service PT: Token Value: "30_sg-123456789-11-bar-foo". [08/20/19 18:41:31.615]:Role-Service PT: Arg Value: "30_sg-123456789-11-bar-foo". [08/20/19 18:41:31.615]:Role-Service PT: Token Value: "30_sg-123456789-11-bar-foo". [08/20/19 18:41:31.615]:Role-Service PT: Arg Value: "30_sg-123456789-11-bar-foo". [08/20/19 18:41:31.615]:Role-Service PT: Action: do-create-role(id="$UAProvAdminLDAP$",role-name="$varRoleName$",time-out="0",url="$UAURL$",arg-password(token-named-password("UAProvAdminPassword")),token-op-attr("nrfRoleLevel"),token-op-attr("nrfLocalizedNames"),token-op-attr("nrfLocalizedDescrs"),token-op-attr("nrfRoleCategoryKey")). [08/20/19 18:41:31.615]:Role-Service PT: Expanded variable reference '$UAProvAdminLDAP$' to 'CN=resadmin,OU=SA,OU=Data,O=IDV'. [08/20/19 18:41:31.615]:Role-Service PT: Expanded variable reference '$varRoleName$' to '30_sg-123456789-11-bar-foo'. [08/20/19 18:41:31.615]:Role-Service PT: arg-password(token-named-password("UAProvAdminPassword")) [08/20/19 18:41:31.615]:Role-Service PT: token-named-password("UAProvAdminPassword") [08/20/19 18:41:31.615]:Role-Service PT: Retrieving password value for named password 'UAProvAdminPassword'. [08/20/19 18:41:31.631]:Role-Service PT: Token Value: "-- suppressed --". [08/20/19 18:41:31.631]:Role-Service PT: Arg Value: "-- suppressed --". [08/20/19 18:41:31.740]:Role-Service PT: role-level(token-op-attr("nrfRoleLevel")) [08/20/19 18:41:31.740]:Role-Service PT: token-op-attr("nrfRoleLevel") [08/20/19 18:41:31.740]:Role-Service PT: Token Value: "30". [08/20/19 18:41:31.740]:Role-Service PT: Arg Value: "30". [08/20/19 18:41:31.740]:Role-Service PT: display-name(token-op-attr("nrfLocalizedNames")) [08/20/19 18:41:31.740]:Role-Service PT: token-op-attr("nrfLocalizedNames") [08/20/19 18:41:31.740]:Role-Service PT: Token Value: "A Display Name". [08/20/19 18:41:31.740]:Role-Service PT: Arg Value: "A Display Name". [08/20/19 18:41:31.740]:Role-Service PT: description(token-op-attr("nrfLocalizedDescrs")) [08/20/19 18:41:31.740]:Role-Service PT: token-op-attr("nrfLocalizedDescrs") [08/20/19 18:41:31.740]:Role-Service PT: Token Value: "A description for level (30) role assigned to: A Display Name". [08/20/19 18:41:31.740]:Role-Service PT: Arg Value: "A description for level (30) role assigned to: A Display Name". [08/20/19 18:41:31.756]:Role-Service PT: category-key(token-op-attr("nrfRoleCategoryKey")) [08/20/19 18:41:31.756]:Role-Service PT: token-op-attr("nrfRoleCategoryKey") [08/20/19 18:41:31.756]:Role-Service PT: Token Value: "automatic". [08/20/19 18:41:31.756]:Role-Service PT: Arg Value: "automatic". [08/20/19 18:41:32.302]:Role-Service PT: DirXML Log Event ------------------- Driver: \IDV-T-TREE\IDV\System\DriverSet1\Role-Service Channel: Publisher Object: (O=IDV\OU=System\CN=DriverSet1\CN=UserApplication\CN=AppConfig\cn=RoleConfig\cn=RoleDefs\CN=Level30\CN=30_sg-123456789-11-bar-foo) Status: Success Message: Requested role creation Role DN: cn=30_sg-123456789-11-bar-foo,cn=Level30,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=DriverSet1,ou=System,o=IDV

 

 

 

 

IDM Apps shows:

 

 

 

2019-08-20 18:41:32,013 [INFO] PasswordHelper [RBPM] [Login_Success] CN=resourceadmin,OU=SA,OU=Data,O=IDV successfully logged in. 2019-08-20 18:41:32,326 [INFO] RoleManagerService [RBPM] [Create_Role] Initiated by cn=resourceadmin,ou=SA,ou=Data,o=IDV, Role DN: cn=30_sg-123456789-11-bar-foo,cn=Level30,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=DriverSet1,ou=System,o=IDV 2019-08-20 18:41:32,373 [INFO] PasswordHelper [RBPM] [Login_Success] CN=resadmin,OU=SA,OU=Data,O=IDV successfully logged in. 2019-08-20 18:41:32,451 [INFO] RoleManagerService [RBPM] [Modify_Role] Initiated by cn=resadmin,ou=SA,ou=Data,o=IDV, Role DN: cn=30_sg-123456789-11-bar-foo,cn=Level30,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=DriverSet1,ou=System,o=IDV

 

 

 

 LDAP Shows as per example below:

 

 

 

dn: cn=30_sg-123456789-11-bar-foo,cn=Level30,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=DriverSet1,ou= System,o=IDV objectClass: nrfRole objectClass: Top cn: 30_sg-123456789-11-bar-foo nrfRoleLevel: 30 nrfLocalizedDescrs: en~A description for level (30) role assigned to: A Display Name nrfLocalizedNames: en-US~A Display Name nrfRoleCategoryKey: automatic nrfStatus: 50

 

 

 

note the en-US in nrfLocalizedNames but only en in the nrfLocalizedDescrs

In IDM Apps UI (4.7.2) looking up the role by text in display name works and it displays the name correctly in the summary, but when I go to Details, Owners, and Approvals it shows the role name as blank, even if I select show languages. 

Anyone else seen this?