sjoerdk Super Contributor.
Super Contributor.
559 views

IDM 4.7 Access Review driver (Identity Governance) init bug

I have a complete IGA installation at a customer (IDM 4.7 with IG 3.0.1). I am trying to implement the Access Review driver for it (old name). Our installation has different urls for governance, identity apps and OSP. OSP is installed on the Identity Applications server. IG is installed on a different server:
- apps.customer.com:8543 with OSP and identityapps
- governance.customer.com:8543 with IG

I've deployed the driver with all options, but from trace level 10 I can see the following problem:
The shim uses the governance URL to connect to OSP which is not correct.

On driver init:

<ar-url display-name="Identity Governance Application URL">https://governance.customer.com:8543</ar-url>
<ar-user display-name="Identity Governance Data Administrator User Name">igadmin</ar-user>
...
<osp-url display-name="OSP Service URL">https://apps.customer.com:8543</osp-url>
<osp-user display-name="OSP Client Name">iac</osp-user>


But when trying to connect:

[07/13/18 14:43:11.811]:Identity Governance PT:AccessReviewConnector: Access Review URL: https://governance.customer.com:8543
[07/13/18 14:43:11.814]:Identity Governance PT:AccessReviewConnector: Access Review User: igadmin
[07/13/18 14:43:11.815]:Identity Governance PT:AccessReviewConnector: OSP URL: https://governance.customer.com:8543
[07/13/18 14:43:11.818]:Identity Governance PT:AccessReviewConnector: OSP User: iac


As you can see the driver uses the wrong GCV to connect to OSP. Is this a bug or just some form of incorrect logging. My driver now errors out with:
Message: <description>Unable to authenticate to Access Review. Validate Access Review Connection and Authentication parameters.</description>

When I change the Governance URL to a different one, this URL is displayed twice. I therefore strongly suspect that the init just references the incorrect GCV.
Labels (1)
0 Likes
2 Replies
Knowledge Partner
Knowledge Partner

Re: IDM 4.7 Access Review driver (Identity Governance) init

Sjoerdk;2483994 wrote:
I have a complete IGA installation at a customer (IDM 4.7 with IG 3.0.1). I am trying to implement the Access Review driver for it (old name). Our installation has different urls for governance, identity apps and OSP. OSP is installed on the Identity Applications server. IG is installed on a different server:
- apps.customer.com:8543 with OSP and identityapps
- governance.customer.com:8543 with IG

I've deployed the driver with all options, but from trace level 10 I can see the following problem:
The shim uses the governance URL to connect to OSP which is not correct.

On driver init:

<ar-url display-name="Identity Governance Application URL">https://governance.customer.com:8543</ar-url>
<ar-user display-name="Identity Governance Data Administrator User Name">igadmin</ar-user>
...
<osp-url display-name="OSP Service URL">https://apps.customer.com:8543</osp-url>
<osp-user display-name="OSP Client Name">iac</osp-user>


But when trying to connect:

[07/13/18 14:43:11.811]:Identity Governance PT:AccessReviewConnector: Access Review URL: https://governance.customer.com:8543
[07/13/18 14:43:11.814]:Identity Governance PT:AccessReviewConnector: Access Review User: igadmin
[07/13/18 14:43:11.815]:Identity Governance PT:AccessReviewConnector: OSP URL: https://governance.customer.com:8543
[07/13/18 14:43:11.818]:Identity Governance PT:AccessReviewConnector: OSP User: iac


As you can see the driver uses the wrong GCV to connect to OSP. Is this a bug or just some form of incorrect logging. My driver now errors out with:
Message: <description>Unable to authenticate to Access Review. Validate Access Review Connection and Authentication parameters.</description>

When I change the Governance URL to a different one, this URL is displayed twice. I therefore strongly suspect that the init just references the incorrect GCV.


Looks like a bug to me.
0 Likes
sjoerdk Super Contributor.
Super Contributor.

Re: IDM 4.7 Access Review driver (Identity Governance) init

dgersic;2483997 wrote:
Looks like a bug to me.


Yeah... the longer I try to fix it, the more clear it becomes that it's a bug... I will create a Bugzilla report...

Edit:
Bug 1101307 has been entered in Bugzilla...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.