Knowledge Partner
Knowledge Partner
246 views

do-create-role token incorrectly creates US Localized Display Name

Now, I know that there is a bug open for ability to specify other language localizations than the default when using the IDM4.6+ create role token

That is OK, I don't need that right now.

Was testing the different behaviour between creating a role via a PRD with SOAP Integration Activity calling the offically suported SOAP endpoint to create a role and the do-create-role token.

So have had the PRD approach working for many years now, use it all the time. Works pretty well.

Tried the Designer create role token (latest Designer 4.7.3) against an IDM Engine recent enough to support the token - Trace as follows

 

 

 

[08/20/19 18:41:31.599]:Role-Service PT:      Action: do-set-local-variable("varRoleName",scope="policy",token-lower-case(token-dest-name())).
[08/20/19 18:41:31.599]:Role-Service PT:        arg-string(token-lower-case(token-dest-name()))
[08/20/19 18:41:31.599]:Role-Service PT:          token-lower-case(token-dest-name())
[08/20/19 18:41:31.599]:Role-Service PT:            token-lower-case(token-dest-name())
[08/20/19 18:41:31.615]:Role-Service PT:              token-dest-name()
[08/20/19 18:41:31.615]:Role-Service PT:                Token Value: "30_sg-123456789-11-bar-foo".
[08/20/19 18:41:31.615]:Role-Service PT:              Arg Value: "30_sg-123456789-11-bar-foo".
[08/20/19 18:41:31.615]:Role-Service PT:            Token Value: "30_sg-123456789-11-bar-foo".
[08/20/19 18:41:31.615]:Role-Service PT:          Arg Value: "30_sg-123456789-11-bar-foo".
[08/20/19 18:41:31.615]:Role-Service PT:      Action: do-create-role(id="$UAProvAdminLDAP$",role-name="$varRoleName$",time-out="0",url="$UAURL$",arg-password(token-named-password("UAProvAdminPassword")),token-op-attr("nrfRoleLevel"),token-op-attr("nrfLocalizedNames"),token-op-attr("nrfLocalizedDescrs"),token-op-attr("nrfRoleCategoryKey")).
[08/20/19 18:41:31.615]:Role-Service PT:        Expanded variable reference '$UAProvAdminLDAP$' to 'CN=resadmin,OU=SA,OU=Data,O=IDV'.
[08/20/19 18:41:31.615]:Role-Service PT:        Expanded variable reference '$varRoleName$' to '30_sg-123456789-11-bar-foo'.
[08/20/19 18:41:31.615]:Role-Service PT:        arg-password(token-named-password("UAProvAdminPassword"))
[08/20/19 18:41:31.615]:Role-Service PT:          token-named-password("UAProvAdminPassword")
[08/20/19 18:41:31.615]:Role-Service PT:            Retrieving password value for named password 'UAProvAdminPassword'.
[08/20/19 18:41:31.631]:Role-Service PT:            Token Value: "-- suppressed --".
[08/20/19 18:41:31.631]:Role-Service PT:          Arg Value: "-- suppressed --".
[08/20/19 18:41:31.740]:Role-Service PT:        role-level(token-op-attr("nrfRoleLevel"))
[08/20/19 18:41:31.740]:Role-Service PT:          token-op-attr("nrfRoleLevel")
[08/20/19 18:41:31.740]:Role-Service PT:            Token Value: "30".
[08/20/19 18:41:31.740]:Role-Service PT:          Arg Value: "30".
[08/20/19 18:41:31.740]:Role-Service PT:        display-name(token-op-attr("nrfLocalizedNames"))
[08/20/19 18:41:31.740]:Role-Service PT:          token-op-attr("nrfLocalizedNames")
[08/20/19 18:41:31.740]:Role-Service PT:            Token Value: "A Display Name".
[08/20/19 18:41:31.740]:Role-Service PT:          Arg Value: "A Display Name".
[08/20/19 18:41:31.740]:Role-Service PT:        description(token-op-attr("nrfLocalizedDescrs"))
[08/20/19 18:41:31.740]:Role-Service PT:          token-op-attr("nrfLocalizedDescrs")
[08/20/19 18:41:31.740]:Role-Service PT:            Token Value: "A description for level (30) role assigned to: A Display Name".
[08/20/19 18:41:31.740]:Role-Service PT:          Arg Value: "A description for level (30) role assigned to: A Display Name".
[08/20/19 18:41:31.756]:Role-Service PT:        category-key(token-op-attr("nrfRoleCategoryKey"))
[08/20/19 18:41:31.756]:Role-Service PT:          token-op-attr("nrfRoleCategoryKey")
[08/20/19 18:41:31.756]:Role-Service PT:            Token Value: "automatic".
[08/20/19 18:41:31.756]:Role-Service PT:          Arg Value: "automatic".
[08/20/19 18:41:32.302]:Role-Service PT:        
DirXML Log Event -------------------
     Driver:   \IDV-T-TREE\IDV\System\DriverSet1\Role-Service
     Channel:  Publisher
     Object:    (O=IDV\OU=System\CN=DriverSet1\CN=UserApplication\CN=AppConfig\cn=RoleConfig\cn=RoleDefs\CN=Level30\CN=30_sg-123456789-11-bar-foo)
     Status:   Success
     Message:  Requested role creation
Role DN: cn=30_sg-123456789-11-bar-foo,cn=Level30,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=DriverSet1,ou=System,o=IDV

 

 

 

 

IDM Apps shows:

 

 

 

2019-08-20 18:41:32,013 [INFO] PasswordHelper [RBPM] [Login_Success] CN=resourceadmin,OU=SA,OU=Data,O=IDV successfully logged in.
2019-08-20 18:41:32,326 [INFO] RoleManagerService [RBPM] [Create_Role] Initiated by cn=resourceadmin,ou=SA,ou=Data,o=IDV, Role DN: cn=30_sg-123456789-11-bar-foo,cn=Level30,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=DriverSet1,ou=System,o=IDV

2019-08-20 18:41:32,373 [INFO] PasswordHelper [RBPM] [Login_Success] CN=resadmin,OU=SA,OU=Data,O=IDV successfully logged in.
2019-08-20 18:41:32,451 [INFO] RoleManagerService [RBPM] [Modify_Role] Initiated by cn=resadmin,ou=SA,ou=Data,o=IDV, Role DN: cn=30_sg-123456789-11-bar-foo,cn=Level30,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=DriverSet1,ou=System,o=IDV

 

 

 

 LDAP Shows as per example below:

 

 

 

dn: cn=30_sg-123456789-11-bar-foo,cn=Level30,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=DriverSet1,ou= System,o=IDV
objectClass: nrfRole
objectClass: Top
cn: 30_sg-123456789-11-bar-foo
nrfRoleLevel: 30
nrfLocalizedDescrs: en~A description for level (30) role assigned to: A Display Name
nrfLocalizedNames: en-US~A Display Name
nrfRoleCategoryKey: automatic
nrfStatus: 50

 

 

 

note the en-US in nrfLocalizedNames but only en in the nrfLocalizedDescrs

In IDM Apps UI (4.7.2) looking up the role by text in display name works and it displays the name correctly in the summary, but when I go to Details, Owners, and Approvals it shows the role name as blank, even if I select show languages. 

Anyone else seen this?

Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
Labels (1)
0 Likes
9 Replies
cpedersen Outstanding Contributor.
Outstanding Contributor.

Re: do-create-role token incorrectly creates US Localized Display Name

I do no longer have access, but I do believe that you have run into a known bug.

do-create-role and do-create-resource both have this specific small issue.

 

Casper

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: do-create-role token incorrectly creates US Localized Display Name

Ok. I did extensive googling before I wrote this. Could only find a post about a defect with adding additional languages other than the default. https://community.microfocus.com/t5/Identity-Manager-User/Creating-Role-with-localized-Names-and-descriptions/m-p/2328869/highlight/true#M12126 This is a case where the defaults don’t line up with each other.
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
Knowledge Partner
Knowledge Partner

Re: do-create-role token incorrectly creates US Localized Display Name

Hi,

Yes I have seen the same but didn't understand the issue. That is since I rewrite that attribute in a null driver with a swedish translation and that is what is displayed later.
So I missed the en~ problem.
0 Likes
cpedersen Outstanding Contributor.
Outstanding Contributor.

Re: do-create-role token incorrectly creates US Localized Display Name

Yup, that is the bug I was thinking. 

0 Likes
Knowledge Partner
Knowledge Partner

Re: do-create-role token incorrectly creates US Localized Display Name

I don't have the bug number, but if you can reference the SR, here is my report of the bug.

SUMMARY OF SR # 101172490081
* SR Closed Status: No Charge Refunded
* SR Product: Identity Manager 4.6
* SR Brief Description: RBPM Bug: do-create-resource token adds extra nrfLocalizedNames value
0 Likes
Knowledge Partner
Knowledge Partner

Re: do-create-role token incorrectly creates US Localized Display Name

Yeah, I finally tracked down your original forum post after I posted this new thread.

Seems identical, the workaround was ugly to say the least.

Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner
Knowledge Partner

Re: do-create-role token incorrectly creates US Localized Display Name

What was the workaround?  We usually use a PRD with an Integration Activity.

0 Likes
Knowledge Partner
Knowledge Partner

Re: do-create-role token incorrectly creates US Localized Display Name

IIRC, it was a Null driver that ripped off the offending values whenever they were added.

One of those things you shouldn't have to do, but you do it, because it works.

 

0 Likes
Knowledge Partner
Knowledge Partner

Re: do-create-role token incorrectly creates US Localized Display Name

I'm pretty sure I reported that as a bug a couple of years ago.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.