Highlighted
Knowledge Partner
Knowledge Partner

Re: AzureAD Driver IDM 4.7 Roles query fails , status 400

Jump to solution

Interesting.  That feels like the query which had no root object or object reference returning an error about a missing object reference.  I am not sure how to fix it, well, maybe...  Consider how the EntitlementConfiguration object looks and how the query is defined there.

 

Hmm, my last Azure driver had this:

<entitlement data-collection="true" dn="CN=Role,CN=AzureDev2,CN=DriverSet,OU=idm,dc=acme,dc=net" parameter-format="idm4" resource-mapping="true" role-mapping="true">
<type category="role" id="role" name="role">
<display-name>
<value langCode="de">Rolle</value>
<value langCode="en">Role</value>
</display-name>
</type>
<parameters>
<parameter mandatory="true" name="ID" source="read-attr" source-name="objectId"/>
</parameters>
<member-assignment-query>
<query-xml>
<nds dtdversion="2.0">
<input>
<query class-name="DirectoryRole" scope="subtree">
<search-class class-name="DirectoryRole"/>
<read-attr attr-name="displayName"/>
<read-attr attr-name="description"/>
</query>
</input>
</nds>
</query-xml>
</member-assignment-query>
<query-extensions>
<query-xml>
<read-attr attr-name="displayName"/>
<operation-data data-collection-query="true"/>
</query-xml>
</query-extensions>
</entitlement>

 

That seems to suggest a query from root (or absence of a DN).

 

Not sure that is helpful, sorry.

0 Likes
Highlighted
Respected Contributor.
Respected Contributor.

Re: AzureAD Driver IDM 4.7 Roles query fails , status 400

Jump to solution

I would guess somehow ExchangeSevice do not get "domain" names correctly as method parameter;

 

 IDMExchServer.ExchServer.GetRoles(String domain)

 

But again what roles these are ?  If i turn off Exchange Service, Azure AD Driver works fine and all the AzureAD directoryRoles just works as normal issues.  Why hack its querying Roles? 🙂 and what Roles are these?

 

I have this is ony GCVS seen from Imanager ( i have trimmed the Diverset and servers names for confidentiality) and I have alos removed "Roles" Entitlement query, just to try, but same behavior as with

demo.png

 

 

 

 

 

 

0 Likes
Highlighted
Micro Focus Contributor
Micro Focus Contributor

Re: AzureAD Driver IDM 4.7 Roles query fails , status 400

Jump to solution

I've been following this post has there been a resolution? 

View solution in original post

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: AzureAD Driver IDM 4.7 Roles query fails , status 400

Jump to solution

Looks like the AZureAD patch 5.1.2.0 fixes this,

 

  • Bug 1145835 - The driver does not fail to start anymore when Exchange service is enabled and Exchange online is disabled

Tracing it out, the Shim sends a <init-params> then the RL starts the Main() class.  This then starts Sub/Pub channels.  Then it starts two sub drivers, both REST, one for Graph API and the second for ExchService.

It queries Azure for SKUs, DirectoryRoles.  Then it queries ExchangeService for Roles and that is where it died.

I am trying to get more info on the above bug, but it seems like this is the fix for the issue, since the Roles query fails.  Once you patch it, it succeeds.

Go figure.

And Geez, this patch came out April 1, 2020.

Also if you change your settinsg you would get this to work.  But just not in that one configuration.

Annoying.

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.