Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
mjuricek1 Absent Member.
Absent Member.
771 views

4.7 - entitlement without value

Hi,

are the entitlements without value not supported in the new IDM 4.7?

I have ApacheDS connected by IDM 4.7 and Account entitlement is configured as entitlement without values.

When I trying to create new resource and add this entitlement, I cannot, because new "idmadmin" interface required a value. Therefore I created a resource in the old good IDMProv and assigned the entitlement from my LDAP driver to the resource. Then I created new role and assigned the resource to the role.
But when I try to assign the role to user, I am getting error (see below).

It looks that value in entitlement is always required. Isn't a bug?



[03/07/18 17:49:27.764]:Role and Resource driver :
DirXML Log Event -------------------
Driver: \LINUX_82AN_TREE\system\driverset1\Role and Resource driver
Status: Error
Message: Thread ID:116 Unable to add assigned role to identity
Role: O=system\CN=driverset1\CN=User Application Driver\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PR-ACME-User
Identity: O=data\OU=users\CN=mjuricek
Reason: java.lang.Exception: Thread ID:116 Error. Entitlement parameter value is not in the expected JSON format, defined by the entitlement configuration setting named parameter-format. This can occur from malformed JSON in the parameter value, or an entitlement was provisioned with a legacy parameter value before the entitlement parameter support was upgraded to IDM4.
DN: O=system\CN=driverset1\CN=LDAP-ApacheDS\CN=Account
Agent: UA
Parameter Value:
Labels (1)
Tags (1)
0 Likes
5 Replies
Knowledge Partner
Knowledge Partner

Re: 4.7 - entitlement without value

mjuricek <mjuricek@no-mx.forums.microfocus.com> wrote:
>

Hi,
>
> are the entitlements without value not supported in the new IDM 4.7?
>
> I have ApacheDS connected by IDM 4.7 and Account entitlement is

configured as entitlement without values.
>
> When I trying to create new resource and add this entitlement, I cannot,

because new "idmadmin" interface required a value. Therefore I created a
resource in the old good IDMProv and assigned the entitlement from my
LDAP driver to the resource. Then I created new role and assigned the
resource to the role.
> But when I try to assign the role to user, I am getting error (see

below).
>
> It looks that value in entitlement is always required. Isn't a bug?
>


Are you using IDM4 style entitlements or the old style?

This used to be something that was defined in the entitlementconfig object.
I doubt that this has changed dramatically in 4.7.

Pretty sure the new style entitlements have never supported valueless.
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
mjuricek1 Absent Member.
Absent Member.

Re: 4.7 - entitlement without value

I am using IDM4 entitlements but i selected "No values" in the entitlement configuration and this does not work. Value must be provided.
you are right.

thx.
0 Likes
Knowledge Partner
Knowledge Partner

Re: 4.7 - entitlement without value

On 3/7/2018 1:46 PM, mjuricek wrote:
>
> I am using IDM4 entitlements but i selected "No values" in the
> entitlement configuration and this does not work. Value must be
> provided.
> you are right.


{} is sufficient as a null value.

0 Likes
Knowledge Partner
Knowledge Partner

Re: 4.7 - entitlement without value

Geoffrey Carman wrote:

> On 3/7/2018 1:46 PM, mjuricek wrote:
> >
> > I am using IDM4 entitlements but i selected "No values" in the
> > entitlement configuration and this does not work. Value must be
> > provided.
> > you are right.

>
> {} is sufficient as a null value.


That is actually an empty collection (object). Null should be represented as
null.

I once came across a JSON app that returned just: null - think this is
technically allowed.

However the parsing code from NetIQ might choke on these options. Worth testing.
I suggest you make it return something compliant. If you ever end up using any
of the reporting stuff, nice to have not designed yourself into a problem.
--
If you find this post helpful, and are viewing this using the web, please show
your appreciation by clicking on the star below
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner
Knowledge Partner

Re: 4.7 - entitlement without value

On 3/8/2018 2:57 AM, Alex McHugh wrote:
> Geoffrey Carman wrote:
>
>> On 3/7/2018 1:46 PM, mjuricek wrote:
>>>
>>> I am using IDM4 entitlements but i selected "No values" in the
>>> entitlement configuration and this does not work. Value must be
>>> provided.
>>> you are right.

>>
>> {} is sufficient as a null value.

>
> That is actually an empty collection (object). Null should be represented as
> null.


Agreed null should suffice, but as you note, it don't. 🙂

But I think it just does not handle null at all. It must have a value
even an empty value suffices, but not null.


> I once came across a JSON app that returned just: null - think this is
> technically allowed.
>
> However the parsing code from NetIQ might choke on these options. Worth testing.
> I suggest you make it return something compliant. If you ever end up using any
> of the reporting stuff, nice to have not designed yourself into a problem.
>


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.