Unable to start external provisioning workflow 'IAG Fulfillment'. Please check you external RBPM system for details

Hi,

I have a external workflow for fulfillment, but in call rest with parameters (default) return 0 in the totalSearch, and in the IGA return error "Unable to start external provisioning workflow 'IAG Fulfillment'. Please check you external RBPM system for details". Could you help-me pls.

my call rest

/api/provisioning/changeset/32?appSourceId=5&showCt=true&sortBy=change_request_item&inProgressOnly=true&indexFrom=0&size=100&provisioningType=EXTERNAL&addFulfillmentContext=true&fulfiller=cn%3DIAG+Fulfillment%2Ccn%3DRequestDefs%2Ccn%3DAppConfig%2Ccn%3DUserApplication%2...

return

[INFO] 2023-11-17 18:38:26.993 [com.microfocus.audit.serverlog.ServerLogAuditLogger] CEF:0|Micro Focus|Identity Governance|2022.4 - 3.7.3|2207|Query Data Item Contents|5|act=XDAS_AE_QUERY_DATA_ITEM_CONTENTS app=HTTP/1.1 art=2023-11-17T21:38:24.767Z cat=XDAS_AE_INVOKE_SERVICE cs3={"changesetId":4,"link":"/api/provisioning/changeset/4","status":"PENDING","startDate":1698349853164,"processId":"-1","totalSearch":0} cs3Label=HTTP Servlet Response cs6=i4TDcYWREe6NpQBQVoEf0Q cs6Label=AuthTrackingId destinationDnsDomain=iga.unitario.teste.bradesco.com.br destinationServiceName=com.netiq.iac.server.rest.ProvisioningRestService.getChangeset(4, 5, EXTERNAL, null, null, null, null, cn\=IAG Fulfillment,cn\=RequestDefs,cn\=AppConfig,cn\=UserApplication, change_request_item, true, 0, 100, null, true, true, HttpServletRequest) deviceFacility=13 dhost=hostiga dmac=00-50-56-81-1F-D1 dpid=58712 dpt=8443 dst=192.168.1.100 dtz=America/Sao_Paulo end=2023-11-17T21:38:26.993Z externalId=6fbfc484-e185-4fb1-9df5-d2a042aecd33 flexString1=GroupIds: [] Roles: [RT_ROLE_USER, RT_SODO, ADM, RT_CIF, RT_ACF] flexString1Label=Source User Privileges in=-1 msg=iag - IAG WF Proxy retrieved the changeset associated with the changeset id outcome=200 OK: the request has succeeded request=hostiga:8443/.../4

  • 0  

    Hi Edimar,

    As it looks like you are trying to run an IDM/RBPM workflow: There is an example available in IG that you can download and then deploy in IDM that provides details on how to integrate IG/IDM for workflow fulfilment.

    Here is a screenshot from IG 3.7.x where you can find it...

    It's usually best to get this example up and running and then implement your custom logic in a similar way.

    Regards,
    Philipp

  • 0 in reply to   

    Hi Philipp,

    I tried but not work for me, return total Search zero, and not appear. In IG return same error.

    {"changesetId":4,"link":"/api/provisioning/changeset/4","status":"PENDING","startDate":1698349853164,"processId":"-1","totalSearch":0}

    "Unable to start external provisioning workflow 'IAG Fulfillment'. Please check you external RBPM system for details"

  • 0

    This problem still persists in IG 4.2.

    I export the default IG workflow for fulfillment, I have it deployed in IDM 4.8.6, and still getting the same error message.

    The "automated" type fulfillment works fine.

  • 0   in reply to 

    Hi rmedeiros,

    did you check IDApps/UserApp LOGs as well?

    Please set the relevant packages to trace on UserApp (in a dev/test stage) side and see what happens there. To help you, we need to know what is happening on IG and on IDM (UserApp) side.

    Best regards,
    Philipp

  • 0   in reply to   

    Hello

    1) The IDM Workflow Fulfillment utilizes a SOAP call from Identity Governance to the Identity Application.

    2) Make sure you have the correct information in Governance -> Configuration -> Identity Manager Connection. Make sure the Test connect works and provides back responses

    3) Go to Governance -> Fulfillment -> Configuration -> Identity Manager workflow. Search for your Workflow, select and save

    4) Go to Governance -> Fulfillment -> Application Setup and make sur the Applications are mapped to the IDM Workflow fulfillment and that the correct workflow is listed.


    After this, please review the ID Apps side to make sure the SOAP call is getting there.

    NOTE: The IDM Workflow will need to call back to ID Gov 2 times via REST. Please review the sample we provided.


    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    OpenText Cybersecurity

  • 0   in reply to   

    Hello,

    "Unable to start external provisioning workflow 'IAG Fulfillment'. Please check you external RBPM system for details"

    Regarding using the Identity Manager Workflow for Fulfillment, taking the above comment (earlier in this thread)  and continuing on my response above:

    1) Identity Governance (ID Gov) will send a SOAP call to the Identity Application (ID Apps to the StartWorkflow endpoint.  Passing (a) Workflow to start based upon the one selected in the fulfillment configuration, (b) the ChangeSet ID, (c) the Application ID, (d) the User ID and Password for Authentication and to outline who started.

    2) The ID Apps will take the User ID and Password and perform an LDAP authentication to the ID Vault. 
    NOTE: there is not OSP involved with SOAP.

    3.a) If the Authentication fails the ID Apps reports back to IG accordingly and the request is put to an error state.  

    3.b) If the Authentication is successful, the ID Apps then attempts to start the requested workflow providing the ChangeSet and Application IDs.  The ID Apps then reports back to IG if this is successful or not

     

    4) Steps 1 - 3 must complete within 15 seconds

    Please review your ID Apps and eDirectory to understand why this is not completing in under 15 seconds.


    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    OpenText Cybersecurity