Symantec IGA

 View Only
Expand all | Collapse all

Issues with CP1 for IM

  • 1.  Issues with CP1 for IM

    Posted Dec 02, 2019 01:51 AM
    Edited by William Cheang Dec 02, 2019 01:52 AM
    Hi Team,
    Identity Suite 14.3 VAPP.
    After applied with CP1 for IM, We have encountered 2 issues with my VM and customer VM.

    1. Error "FullNameHandler"- Failed to parse physical attributes. This method required the presentce of an attribute which was not provided. The attributes is named %NAME_SUFFIX%. 
    Encounter this error when testing with my Contractor Mgmt forms. 

    2. Workflow Pending approval email not sending out. I have an Admin task the link to approval workflow. 
    Email notification on pending approval is configured. After a access request is submitted, by right system should send out "Request Pending Approval". But with this CP1 for IM, it did not work.

    Note:  My forms & access request was working fine without applied CP1. 
    After encountered these 2 errors on CP1. I perform patch rollback on VAPP. 
    Now my forms & access request is working fine....

    regards,
    William


  • 2.  RE: Issues with CP1 for IM

    Broadcom Employee
    Posted Dec 02, 2019 10:27 AM
    I am not finding any specific steps after applying CP1 for the issues you are reporting.  As these issues started to occur after you applied CP1, I recommend you open a case with support so they can review for any potential issues.  Thank you.

    ------------------------------
    Best regards,

    Scott Owens
    Sr Support Engineer

    ------------------------------
    And, as always Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.

    Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at enterprisestudio@hcl.com. https://www.hcltech.com/enterprise-studio
    ------------------------------
    ------------------------------



  • 3.  RE: Issues with CP1 for IM

    Broadcom Employee
    Posted Dec 02, 2019 11:50 AM
    Hi

    Please see the implementation guide here:

    http://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-manager/14-3/release-information/Release-Notes---14_3-Cumulative-Patches.html

    Note 1:
    In Identity Manager 14.3 CP1, the following misspelled attributes,
    • LAST_MODIFED_DATE
    • BUSINEES_UNIT
    • NAME_SUFFFIX
    are replaced with the following correct attributes,
    • LAST_MODIFIED_DATE
    • BUSINESS_UNIT
    • NAME_SUFFIX
    After applying Identity Manager 14.3 CP1, ensure that you replace the misspelled well-known attributes with the correct ones in the 
    Provisioning Store Directory
    User Store Directory, Environment Settings 
    and 
    Role Definitions XML files
     and import the files back to environment.


    ------------------------------
    Itamar Budin
    Product Management Lead - Identity Suite | Enterprise Software Division
    Symantec, A Broadcom Company
    ------------------------------



  • 4.  RE: Issues with CP1 for IM

    Posted Dec 02, 2019 08:42 PM
    Thanks for the advice, Itamar. 
    We are using VAPP, this documentation steps wasn't mentioned in VAPP documentation page....


  • 5.  RE: Issues with CP1 for IM

    Broadcom Employee
    Posted Dec 03, 2019 08:20 AM
    Hi @William Cheang

    Thanks ​for letting us know, I will have the team look into updating the doc.

    Can you please confirm that note helped you?

    thanks in advance

    ------------------------------
    Itamar Budin
    Product Management Lead - Identity Suite | Enterprise Software Division
    Symantec, A Broadcom Company
    ------------------------------



  • 6.  RE: Issues with CP1 for IM

    Broadcom Employee
    Posted Dec 03, 2019 11:02 AM
    Hi,

    The Virtual Appliance 14.3 CP1 documentation is updated with the note.
    http://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-suite/14-3/release-notes/virtual-appliance-release-notes/virtual-appliance-cumulative-patches.html

    Regards
    Shamlee


  • 7.  RE: Issues with CP1 for IM

    Posted Dec 03, 2019 10:02 PM
    Hi Itamar,
    Firstly, i have reapply the CP1 and follow the steps given. So far we able to applied CP1 without error and able to submit new forms in portal without error.

    But there is 1 serious issue. 
    I tried to reject or approve my old request(submitted prior CP1), it failed with following error.
    it seem like we no longer can approve or reject old request(which contain the misspell attribute name)
    *This is problem in Production env, meaning that we have ask customer to resubmit all the request after upgrade to CP1.  

    regards,
    William


  • 8.  RE: Issues with CP1 for IM

    Broadcom Employee
    Posted Dec 04, 2019 02:25 AM
    Hi William,

    Regarding the Request Failed error, could you please confirm if you corrected the attribute names in the IP forms as well as documented in the 14.3 IP CP1 deployments instructions..

    http://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-suite/14-3/release-notes/virtual-appliance-release-notes/virtual-appliance-cumulative-patches.html#concept.dita_f166ffa1bce6f388779fd4f5a72fbe8dad4cc477_LatestCAIdentityPortalCumulativePatch


    excerpt from the doc link:

    Follow the deployment instructions mentioned in Applying a Cumulative Patch.
    Note: 
    In Identity Manager 14.3 CP1, the following misspelled attributes,
    • LAST_MODIFED_DATE
    • BUSINEES_UNIT
    • NAME_SUFFFIX
    are replaced with the following correct attributes,
    • LAST_MODIFIED_DATE
    • BUSINESS_UNIT
    • NAME_SUFFIX
    After applying Identity Manager 14.3 CP1, ensure that you reconfigure the misspelled attributes with the correct ones in all the Identity Portal 
    Forms  where these attributes are used.  

    Regards,
    Badhra Ambati


  • 9.  RE: Issues with CP1 for IM

    Broadcom Employee
    Posted Dec 04, 2019 02:26 AM
    Hi William,

    Please ignore my previous posts..we are looking into these issues..

    Regards,
    Badhra Ambati


  • 10.  RE: Issues with CP1 for IM

    Broadcom Employee
    Posted Dec 04, 2019 06:09 AM
    Hi William,

    We did a quick check (on 14.3 vapp cp1) and were not able to reproduce the issue with mis-spelled attributes in the IP forms (both new requests and ones carried forward from the pre-cp1 state).  If you have already corrected mis-spelledd attribute names in all the forms in IP and IM and restarting the connector , then please open support issue so that we can work on this problem through that issue. 

    Even for the other issue about Approver previews, please open a support issue. Maybe a webex session would be helpful in taking a closer look at your environment..

    Regards,
    Badhra Ambati


  • 11.  RE: Issues with CP1 for IM

    Posted Dec 04, 2019 09:05 PM
    Edited by William Cheang Dec 04, 2019 09:11 PM
    Hi Badhra,
    Am using the OOTB Register Contractor form, prior apply CP1. 
    This contractor form uses the misspelled attribute name LAST_MODIFED_DATE.
    Requester submitted a register contractor form, when into approval workflow(pending approval). So this Request still "storing" the misspelled attribute name  LAST_MODIFED_DATE, agreed ?

    Now, we perform upgrade to CP1 then run the steps to correct the attribute name to LAST_MODIFIED_DATE.
    Now on the system, attribute names are corrected. System recognize with corrected attribute name.

    Because the Request submitted is pending approval. Now Manager go and approve the "Old Request which contain misspelled attribute". 
    Manager click Reject or Approve, hit with the error 
    Approval action failed - method required presence of an attribute which was not provided

    Old request form still contain misspelled attribute name %LAST_MODIFED_DATE%
    When approve/reject, system tried to find this misspelled attribute but  system already have corrected the attribute name). 

    do u get my point ??

    I already reported the issue no= 20128855.

    regards,
    William







  • 12.  RE: Issues with CP1 for IM
    Best Answer

    Posted Dec 03, 2019 03:26 AM
    Hi William,

    We have upgraded to CP1 in our ST and AT environments, and noticed that while notification emails and correctly sent for approvals for Create user events, they are not sent for Modify user events - and we have confirmed that this is due to the application of CP1.  For whatever reason, when you modify a user with approval it creates both a modify user event and a PX event in VST, and the PX event which concerns sending the notification email only completes after the item has actually been approved (the approval item appears in the work list of the identified approver) - so the email is sent but after the work has been done.  We have a support case open for this.

    Another issue we identified, either in going to 14.3 or applying 14.3 CP1 (we didn't spot this one until too late) was that when an Approver previews the form for the request (in the Tasks module) e.g. create user, the Manager field displays incorrectly in certain circumstances - if the manager field and the person doing the approving are the same person then everything works fine and the Manager field contains a display name e.g. Michael Manager while if the manager and the person doing the approval are different people we are seeing the UID of the manager displayed in the preview form, and a very short time after the form is loaded this field adds the message <uid> not found.  We have a case open for this as well.

    This might be worth looking at in your 14.3 env to see what you get in the preview form when creating users.

    Cheers,
    Adrian


  • 13.  RE: Issues with CP1 for IM

    Posted Dec 03, 2019 03:58 AM
    Hi Adrian,
    Thanks for sharing the information. On the second issue that u mentioned, we also faced the similar issue(after upgrade to CP1)
    where in the My Request/Approval task module, in Timeline->the Approver name wasn't display correctly, mine displayed as "N/A"

    We have hold back the patch deployment(CP1) into UAT & PROD, due to recent issues found..
    We will do more testing on this CP1...

    regards,
    William


  • 14.  RE: Issues with CP1 for IM

    Posted Jan 07, 2020 08:32 PM
    Hi Adrian,
    Can you share the case id on this issue "noticed that while notification emails and correctly sent for approvals for Create user events, they are not sent for Modify user events" ? 

    regards,
    William



  • 15.  RE: Issues with CP1 for IM

    Posted Jan 08, 2020 02:50 AM
    I've mailed this to you


  • 16.  RE: Issues with CP1 for IM

    Posted Jan 08, 2020 03:20 AM
    Thanks Adrian, I have received ur email.