IDM 4.7 Access Review driver (Identity Governance) init bug

I have a complete IGA installation at a customer (IDM 4.7 with IG 3.0.1). I am trying to implement the Access Review driver for it (old name). Our installation has different urls for governance, identity apps and OSP. OSP is installed on the Identity Applications server. IG is installed on a different server:
- apps.customer.com:8543 with OSP and identityapps
- governance.customer.com:8543 with IG

I've deployed the driver with all options, but from trace level 10 I can see the following problem:
The shim uses the governance URL to connect to OSP which is not correct.

On driver init:

<ar-url display-name="Identity Governance Application URL">governance.customer.com:8543</ar-url>
<ar-user display-name="Identity Governance Data Administrator User Name">igadmin</ar-user>
...
<osp-url display-name="OSP Service URL">apps.customer.com:8543</osp-url>
<osp-user display-name="OSP Client Name">iac</osp-user>


But when trying to connect:

[07/13/18 14:43:11.811]:Identity Governance PT:AccessReviewConnector: Access Review URL: governance.customer.com:8543
[07/13/18 14:43:11.814]:Identity Governance PT:AccessReviewConnector: Access Review User: igadmin
[07/13/18 14:43:11.815]:Identity Governance PT:AccessReviewConnector: OSP URL: governance.customer.com:8543
[07/13/18 14:43:11.818]:Identity Governance PT:AccessReviewConnector: OSP User: iac


As you can see the driver uses the wrong GCV to connect to OSP. Is this a bug or just some form of incorrect logging. My driver now errors out with:
Message: <description>Unable to authenticate to Access Review. Validate Access Review Connection and Authentication parameters.</description>

When I change the Governance URL to a different one, this URL is displayed twice. I therefore strongly suspect that the init just references the incorrect GCV.
  • Sjoerdk;2483994 wrote:
    I have a complete IGA installation at a customer (IDM 4.7 with IG 3.0.1). I am trying to implement the Access Review driver for it (old name). Our installation has different urls for governance, identity apps and OSP. OSP is installed on the Identity Applications server. IG is installed on a different server:
    - apps.customer.com:8543 with OSP and identityapps
    - governance.customer.com:8543 with IG

    I've deployed the driver with all options, but from trace level 10 I can see the following problem:
    The shim uses the governance URL to connect to OSP which is not correct.

    On driver init:

    <ar-url display-name="Identity Governance Application URL">governance.customer.com:8543</ar-url>
    <ar-user display-name="Identity Governance Data Administrator User Name">igadmin</ar-user>
    ...
    <osp-url display-name="OSP Service URL">apps.customer.com:8543</osp-url>
    <osp-user display-name="OSP Client Name">iac</osp-user>


    But when trying to connect:

    [07/13/18 14:43:11.811]:Identity Governance PT:AccessReviewConnector: Access Review URL: governance.customer.com:8543
    [07/13/18 14:43:11.814]:Identity Governance PT:AccessReviewConnector: Access Review User: igadmin
    [07/13/18 14:43:11.815]:Identity Governance PT:AccessReviewConnector: OSP URL: governance.customer.com:8543
    [07/13/18 14:43:11.818]:Identity Governance PT:AccessReviewConnector: OSP User: iac


    As you can see the driver uses the wrong GCV to connect to OSP. Is this a bug or just some form of incorrect logging. My driver now errors out with:
    Message: <description>Unable to authenticate to Access Review. Validate Access Review Connection and Authentication parameters.</description>

    When I change the Governance URL to a different one, this URL is displayed twice. I therefore strongly suspect that the init just references the incorrect GCV.


    Looks like a bug to me.
  • dgersic;2483997 wrote:
    Looks like a bug to me.


    Yeah... the longer I try to fix it, the more clear it becomes that it's a bug... I will create a Bugzilla report...

    Edit:
    Bug 1101307 has been entered in Bugzilla...