UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
Commodore
Commodore
265 views

User not authorized for action on this entity when trying to approve a task

Hi all,

 

IDM 4.7.4, using provisioning web services. User authenticating in WS is the portal admin, with all admin roles, configured as admin in all userapp domains and security equals to eDir admin.

 

What I did:

  • Opened a workflow using this same portal admin user as recipient.
  • Used requestID on getWorkEnries service to get task ID.
  • Used taskID on forward service with action APPROVE.

 

Following request XML used in forward service:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://www.novell.com/provisioning/service">

   <soapenv:Header/>

   <soapenv:Body>

      <ser:forwardRequest>

         <!--Optional:-->

         <ser:arg0>c7b1a90329d045418dda2e5df9609836</ser:arg0>

         <ser:Action>APPROVE</ser:Action>

         <!--Optional:-->

         <ser:arg2>

            <!--Zero or more repetitions:-->

            <ser:dataitem>

               <ser:name>fldDataSolicitacao</ser:name>

               <ser:value>

                  <!--Zero or more repetitions:-->

                  <ser:string>20190119010203000-0300</ser:string>

               </ser:value>

            </ser:dataitem>

            <ser:dataitem>

               <ser:name>fldParecer</ser:name>

               <ser:value>

                  <!--Zero or more repetitions:-->

                  <ser:string>Just a test</ser:string>

               </ser:value>

            </ser:dataitem>

         </ser:arg2>

         <!--Optional:-->

         <ser:arg3>Here we go</ser:arg3>

      </ser:forwardRequest>

   </soapenv:Body>

</soapenv:Envelope>

Error returned:

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

   <SOAP-ENV:Body>

      <SOAP-ENV:Fault>

         <faultcode>Client</faultcode>

         <faultstring>Server Error</faultstring>

         <detail>

            <ns1:AdminException xmlns="http://www.novell.com/provisioning/service" xmlns:ns1="http://www.novell.com/provisioning/service">

               <ns2:reason xmlns="http://www.novell.com/soa/af/impl/soap" xmlns:ns2="http://www.novell.com/soa/af/impl/soap">User not authorized for action on this entity.</ns2:reason>

            </ns1:AdminException>

            <stackTrace xsi:type="xsd:string">com.novell.soa.af.impl.soap.AdminException={_Reason=User not authorized for action on this entity.}

                at com.novell.soa.af.impl.soap.ProvisioningImpl.createAdminException(ProvisioningImpl.java:403)

                at com.novell.soa.af.impl.soap.ProvisioningImpl.forwardAsProxyWithDigitalSignature(ProvisioningImpl.java:2623)

                at com.novell.soa.af.impl.soap.ProvisioningImpl.forward(ProvisioningImpl.java:2496)

                at com.novell.soa.af.impl.soap.Provisioning_ServiceSkeleton._invoke(Provisioning_ServiceSkeleton.java:1944)

                at com.novell.soa.ws.server.ServletSkeleton.invokeEndPoint(ServletSkeleton.java:244)

                at com.novell.soa.ws.impl.soap.MessageHandlerInvoker.invokeServerMessageHandlers(MessageHandlerInvoker.java:348)

                at com.novell.soa.ws.impl.soap.SOAPHandler.handleServerRequest(SOAPHandler.java:84)

                at com.novell.soa.ws.impl.rpc.ServerDelegateImpl.handleServerRequest(ServerDelegateImpl.java:92)

                at com.novell.soa.ws.server.ServletSkeleton.handleRequest(ServletSkeleton.java:105)

                at com.novell.soa.ws.server.ServletSkeleton.doPost(ServletSkeleton.java:366)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

                at com.novell.common.auth.JAASFilter.doFilter(JAASFilter.java:145)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

                at com.novell.common.auth.saml.AuthTokenGeneratorFilter.doFilter(AuthTokenGeneratorFilter.java:119)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

                at com.novell.common.auth.sso.SSOFilter.doFilter(SSOFilter.java:150)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

                at com.novell.soa.common.i18n.BestLocaleServletFilter.doFilter(BestLocaleServletFilter.java:241)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

                at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

                at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

                at com.novell.common.ForceNoCacheFilter.doFilter(ForceNoCacheFilter.java:69)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

                at com.novell.common.CrossScriptingFilter.doFilter(CrossScriptingFilter.java:53)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

                at com.novell.common.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:132)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:688)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)</stackTrace>

         </detail>

      </SOAP-ENV:Fault>

   </SOAP-ENV:Body>

</SOAP-ENV:Envelope>

 

Same error is displayed on Catalina.out. So, I tried to forward with an regular user, activity addressee and got new error:

<SOAP-ENV:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">

   <SOAP-ENV:Header/>

   <SOAP-ENV:Body>

      <SOAP-ENV:Fault>

         <faultcode>SOAP-ENV:Server</faultcode>

         <faultstring>no serializer found for "java.lang.IllegalStateException"</faultstring>

         <detail>

            <ns1:stackTrace xsi:type="ns1:stackTrace" xmlns:ns1="http://www.novell.com/wssdk">

               <ns1:dump xsi:type="xsd:string">com.novell.soa.ws.binding.MarshalerNotFoundException: no serializer found for "java.lang.IllegalStateException"

                at com.novell.soa.ws.impl.soap.LiteralEncodingStyle.writeObject(LiteralEncodingStyle.java:414)

                at com.novell.soa.ws.impl.xml.OutputStreamImpl.writeObject(OutputStreamImpl.java:122)

                at com.novell.soa.ws.impl.soap.ServerResponseImpl.writeException(ServerResponseImpl.java:81)

                at com.novell.soa.af.impl.soap.Provisioning_ServiceSkeleton._invoke(Provisioning_ServiceSkeleton.java:2659)

                at com.novell.soa.ws.server.ServletSkeleton.invokeEndPoint(ServletSkeleton.java:244)

                at com.novell.soa.ws.impl.soap.MessageHandlerInvoker.invokeServerMessageHandlers(MessageHandlerInvoker.java:348)

                at com.novell.soa.ws.impl.soap.SOAPHandler.handleServerRequest(SOAPHandler.java:84)

                at com.novell.soa.ws.impl.rpc.ServerDelegateImpl.handleServerRequest(ServerDelegateImpl.java:92)

                at com.novell.soa.ws.server.ServletSkeleton.handleRequest(ServletSkeleton.java:105)

                at com.novell.soa.ws.server.ServletSkeleton.doPost(ServletSkeleton.java:366)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

                at com.novell.common.auth.JAASFilter.doFilter(JAASFilter.java:145)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

                at com.novell.common.auth.saml.AuthTokenGeneratorFilter.doFilter(AuthTokenGeneratorFilter.java:119)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

                at com.novell.common.auth.sso.SSOFilter.doFilter(SSOFilter.java:150)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

                at com.novell.soa.common.i18n.BestLocaleServletFilter.doFilter(BestLocaleServletFilter.java:241)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

                at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

                at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

                at com.novell.common.ForceNoCacheFilter.doFilter(ForceNoCacheFilter.java:69)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

                at com.novell.common.CrossScriptingFilter.doFilter(CrossScriptingFilter.java:53)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

                at com.novell.common.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:132)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:688)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)</ns1:dump>

            </ns1:stackTrace>

         </detail>

      </SOAP-ENV:Fault>

   </SOAP-ENV:Body>

</SOAP-ENV:Envelope>

Got same error when claimed activity through idmdash and executed forward service again.

 

So, what I’m doing wrong here?

0 Likes
5 Replies
Commodore
Commodore

Hi Norbert,

 

This property was not in the file. I put it there and restarted tomcat, same problem using admin user to approve. Addressee is approving, but a service/admin user must do.

0 Likes
Micro Focus Expert
Micro Focus Expert

Is the service/admin user you are using a Provisioning Administrator?

--
Norbert
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

I don't remember this API and the docs are pretty poor on this topic, but ought not the <ser:name> fields to be LDAP DNs and not simple name values?

 

If so, user not authorized would make sense as this is not a user, thus not authorized.

0 Likes
Commodore
Commodore

Hi guys, thanks for answers.

Everything working fine now, the problem was “Exclude Requestor” property set to true. I’m using same service user to open and approval. So… even being an valid user with all rights can’t do this. That’s it.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.