Knowledge Partner
Knowledge Partner
144 views

User Service: iac is authenticated and logged in, but does not haveaccess to the Identity Governance application.

IDG 3.5.1 OSP 6.3.1 on Tomcat 9.0.12 with recommended Azul rev on Red
Hat with Oracle 12c.

I have eDir as Identity (User/Group) source. I have AD as a
Account/Permission source.

Set up a schedule to collect Identity and Application. Kicked it off.

It ran for about 25 min, (Takes about 4 hours total) and then I get the
message in the Web GUI. I was just sitting there at the Activity page.

User Service: iac is authenticated and logged in, but does not have
access to the Identity Governance application.

Catalina.out shows:

[WARNING] 2019-05-16 16:09:24 com.netiq.iac.server.j2ee.AuthFilter
doFilter - [IG-SERVER] User Service: iac (null) is authenticated and
logged in, but does not have access to the Identity Govern
ance application.



And it aborts my ID collection with some error:
[SEVERE] 2019-05-16 16:09:41
com.netiq.iac.persistence.dcs.dce.thread.DataCollectionServiceThread
call - [IG-DTP] DaaS connector returned error during collection: Command
failure: Type: find+chunked: [Non-DaaS exception:
[com.netiq.daas.common.DaaSException: idvprd-1.acme.com:636; socket closed]]

But I get 20 of the User Service error message, before this error
message. My AD collection seems to continue.

Logged out, and logged back in, GUI looks good, then a moment later,
same iac error.

Now iac, looks like the oauth secret for the IG Server to me. The
logging class is com.netiq.iac all over the place.

I had our DBA increase our connections count up to 100 from 20, so it
seems unlikely it is referring to the DBA.

Any ideas?
0 Likes
2 Replies
Micro Focus Expert
Micro Focus Expert

Re: User Service: iac is authenticated and logged in, but does nothave access to the Identity Governance application.

On 5/16/19 5:28 PM, Geoffrey Carman wrote:
> IDG 3.5.1 OSP 6.3.1 on Tomcat 9.0.12 with recommended Azul rev on Red
> Hat with Oracle 12c.
>
> I have eDir as Identity (User/Group) source. I have AD as a
> Account/Permission source.
>
> Set up a schedule to collect Identity and Application. Kicked it off.
>
> It ran for about 25 min, (Takes about 4 hours total) and then I get the
> message in the Web GUI. I was just sitting there at the Activity page.
>
> User Service: iac is authenticated and logged in, but does not have
> access to the Identity Governance application.
>
> Catalina.out shows:
>
> [WARNING] 2019-05-16 16:09:24 com.netiq.iac.server.j2ee.AuthFilter
> doFilter - [IG-SERVER] User Service: iac (null) is authenticated and
> logged in, but does not have access to the Identity Govern
> ance application.
>
>
>
> And it aborts my ID collection with some error:
> [SEVERE] 2019-05-16 16:09:41
> com.netiq.iac.persistence.dcs.dce.thread.DataCollectionServiceThread
> call - [IG-DTP] DaaS connector returned error during collection: Command
> failure: Type: find+chunked: [Non-DaaS exception:
> [com.netiq.daas.common.DaaSException: idvprd-1.acme.com:636; socket
> closed]]
>
> But I get 20 of the User Service error message, before this error
> message.  My AD collection seems to continue.
>
> Logged out, and logged back in, GUI looks good, then a moment later,
> same iac error.
>
> Now iac, looks like the oauth secret for the IG Server to me. The
> logging class is com.netiq.iac all over the place.
>
> I had our DBA increase our connections count up to 100 from 20, so it
> seems unlikely it is referring to the DBA.
>
> Any ideas?


Greetings,

1) Where is OSP deployed? Is it on the same server as ID Gov or Remote?
If it is Remote, is it with ID App 4.7.x?

2) In the Identity Collector (eDir or IDM), are you using paging or VLV?

3) What is the exact version of eDirectory?

--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
Knowledge Partner
Knowledge Partner

Re: User Service: iac is authenticated and logged in, but does nothave access to the Identity Governance application.

On 5/17/2019 5:46 AM, Steven Williams wrote:
> On 5/16/19 5:28 PM, Geoffrey Carman wrote:
>> IDG 3.5.1 OSP 6.3.1 on Tomcat 9.0.12 with recommended Azul rev on Red
>> Hat with Oracle 12c.
>>
>>
>> User Service: iac is authenticated and logged in, but does not have
>> access to the Identity Governance application.
>>
>> Catalina.out shows:
>>
>> [WARNING] 2019-05-16 16:09:24 com.netiq.iac.server.j2ee.AuthFilter
>> doFilter - [IG-SERVER] User Service: iac (null) is authenticated and
>> logged in, but does not have access to the Identity Govern
>> ance application.
>>


> 1) Where is OSP deployed?  Is it on the same server as ID Gov or Remote?
>  If it is Remote, is it with ID App 4.7.x?


OSP is co-resident on the same box, in the same Tomcat app server. Not
connected with ID Apps at all.

> 2) In the Identity Collector (eDir or IDM), are you using paging or VLV?


eDir, not with changes, simply eDir to get started.

VLV is NOT enabled. (Should it be?)

Batch size limit = 0
Batch collection Session timeout = 120
LDAP PRead timeout = 20


> 3) What is the exact version of eDirectory?


8.8.8 (20807.09)

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.