IdStory Identity Manager: Issueshttps://redmine.czechidm.com/https://redmine.czechidm.com/themes/purplemine2/favicon/favicon.ico?16339658642023-11-03T13:51:51ZIdStory Identity Manager
Redmine IdStory Identity Manager - Defect #3473 (New): Error when two processes save the same IdmConceptR...https://redmine.czechidm.com/issues/34732023-11-03T13:51:51ZVladimír Kotýnekvladimir.kotynek@bcvsolutions.eu
<p>When approval process and provisioning-operation-retry-bulk-action process try to update the same role request a deadlock can ocure.<br /><pre>
Caused by: org.postgresql.util.PSQLException: ERROR: deadlock detected
Detail: Process 26254 waits for ShareLock on transaction 904970719; blocked by process 29145.
Process 29145 waits for ShareLock on transaction 904970824; blocked by process 26254.
Hint: See server log for query details.
Where: while updating tuple (540994,2) in relation "idm_concept_role_request"
</pre> <br />Both processes were commiting their changes to DB blocked each other (this bellow is during/after application restart).<br /><pre><code class="sql syntaxhl"><span class="n">postgres</span><span class="o">=#</span> <span class="k">select</span> <span class="o">*</span> <span class="k">from</span> <span class="n">pg_stat_activity</span> <span class="k">where</span> <span class="n">pid</span> <span class="o">=</span> <span class="mi">29145</span><span class="p">;</span>
<span class="n">datid</span> <span class="o">|</span> <span class="n">datname</span> <span class="o">|</span> <span class="n">pid</span> <span class="o">|</span> <span class="n">usesysid</span> <span class="o">|</span> <span class="n">usename</span> <span class="o">|</span> <span class="n">application_name</span> <span class="o">|</span> <span class="n">client_addr</span> <span class="o">|</span> <span class="n">client_hostname</span> <span class="o">|</span> <span class="n">client_port</span> <span class="o">|</span> <span class="n">backend_start</span> <span class="o">|</span> <span class="n">xact_start</span> <span class="o">|</span> <span class="n">query_start</span> <span class="o">|</span>
<span class="n">state_change</span> <span class="o">|</span> <span class="n">wait_event_type</span> <span class="o">|</span> <span class="n">wait_event</span> <span class="o">|</span> <span class="k">state</span> <span class="o">|</span> <span class="n">backend_xid</span> <span class="o">|</span> <span class="n">backend_xmin</span> <span class="o">|</span> <span class="n">query</span> <span class="o">|</span> <span class="n">backend_type</span>
<span class="c1">-------+----------+-------+----------+----------+------------------------+--------------+-----------------+-------------+-------------------------------+------------+-------------------------------+------</span>
<span class="c1">-------------------------+-----------------+------------+-------+-------------+--------------+--------+----------------</span>
<span class="mi">16401</span> <span class="o">|</span> <span class="n">czechidm</span> <span class="o">|</span> <span class="mi">29145</span> <span class="o">|</span> <span class="mi">16384</span> <span class="o">|</span> <span class="n">czechidm</span> <span class="o">|</span> <span class="n">PostgreSQL</span> <span class="n">JDBC</span> <span class="n">Driver</span> <span class="o">|</span> <span class="mi">10</span><span class="p">.</span><span class="mi">14</span><span class="p">.</span><span class="mi">144</span><span class="p">.</span><span class="mi">79</span> <span class="o">|</span> <span class="o">|</span> <span class="mi">47158</span> <span class="o">|</span> <span class="mi">2023</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">03</span> <span class="mi">10</span><span class="p">:</span><span class="mi">04</span><span class="p">:</span><span class="mi">58</span><span class="p">.</span><span class="mi">224087</span><span class="o">+</span><span class="mi">01</span> <span class="o">|</span> <span class="o">|</span> <span class="mi">2023</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">03</span> <span class="mi">10</span><span class="p">:</span><span class="mi">32</span><span class="p">:</span><span class="mi">41</span><span class="p">.</span><span class="mi">401508</span><span class="o">+</span><span class="mi">01</span> <span class="o">|</span> <span class="mi">2023</span><span class="o">-</span>
<span class="mi">11</span><span class="o">-</span><span class="mi">03</span> <span class="mi">10</span><span class="p">:</span><span class="mi">32</span><span class="p">:</span><span class="mi">41</span><span class="p">.</span><span class="mi">401549</span><span class="o">+</span><span class="mi">01</span> <span class="o">|</span> <span class="n">Client</span> <span class="o">|</span> <span class="n">ClientRead</span> <span class="o">|</span> <span class="n">idle</span> <span class="o">|</span> <span class="o">|</span> <span class="o">|</span> <span class="k">COMMIT</span> <span class="o">|</span> <span class="n">client</span> <span class="n">backend</span>
<span class="p">(</span><span class="mi">1</span> <span class="k">row</span><span class="p">)</span>
<span class="n">postgres</span><span class="o">=#</span> <span class="k">select</span> <span class="o">*</span> <span class="k">from</span> <span class="n">pg_stat_activity</span> <span class="k">where</span> <span class="n">pid</span> <span class="o">=</span> <span class="mi">26254</span><span class="p">;</span>
<span class="n">datid</span> <span class="o">|</span> <span class="n">datname</span> <span class="o">|</span> <span class="n">pid</span> <span class="o">|</span> <span class="n">usesysid</span> <span class="o">|</span> <span class="n">usename</span> <span class="o">|</span> <span class="n">application_name</span> <span class="o">|</span> <span class="n">client_addr</span> <span class="o">|</span> <span class="n">client_hostname</span> <span class="o">|</span> <span class="n">client_port</span> <span class="o">|</span> <span class="n">backend_start</span> <span class="o">|</span> <span class="n">xact_start</span> <span class="o">|</span> <span class="n">query_start</span> <span class="o">|</span>
<span class="n">state_change</span> <span class="o">|</span> <span class="n">wait_event_type</span> <span class="o">|</span> <span class="n">wait_event</span> <span class="o">|</span> <span class="k">state</span> <span class="o">|</span> <span class="n">backend_xid</span> <span class="o">|</span> <span class="n">backend_xmin</span> <span class="o">|</span> <span class="n">query</span> <span class="o">|</span> <span class="n">backend_type</span>
<span class="c1">-------+----------+-------+----------+----------+------------------------+--------------+-----------------+-------------+-------------------------------+------------+-------------------------------+------</span>
<span class="c1">-------------------------+-----------------+------------+-------+-------------+--------------+--------+----------------</span>
<span class="mi">16401</span> <span class="o">|</span> <span class="n">czechidm</span> <span class="o">|</span> <span class="mi">26254</span> <span class="o">|</span> <span class="mi">16384</span> <span class="o">|</span> <span class="n">czechidm</span> <span class="o">|</span> <span class="n">PostgreSQL</span> <span class="n">JDBC</span> <span class="n">Driver</span> <span class="o">|</span> <span class="mi">10</span><span class="p">.</span><span class="mi">14</span><span class="p">.</span><span class="mi">144</span><span class="p">.</span><span class="mi">79</span> <span class="o">|</span> <span class="o">|</span> <span class="mi">45892</span> <span class="o">|</span> <span class="mi">2023</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">03</span> <span class="mi">09</span><span class="p">:</span><span class="mi">58</span><span class="p">:</span><span class="mi">17</span><span class="p">.</span><span class="mi">807327</span><span class="o">+</span><span class="mi">01</span> <span class="o">|</span> <span class="o">|</span> <span class="mi">2023</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">03</span> <span class="mi">10</span><span class="p">:</span><span class="mi">26</span><span class="p">:</span><span class="mi">58</span><span class="p">.</span><span class="mi">046104</span><span class="o">+</span><span class="mi">01</span> <span class="o">|</span> <span class="mi">2023</span><span class="o">-</span>
<span class="mi">11</span><span class="o">-</span><span class="mi">03</span> <span class="mi">10</span><span class="p">:</span><span class="mi">26</span><span class="p">:</span><span class="mi">58</span><span class="p">.</span><span class="mi">046144</span><span class="o">+</span><span class="mi">01</span> <span class="o">|</span> <span class="n">Client</span> <span class="o">|</span> <span class="n">ClientRead</span> <span class="o">|</span> <span class="n">idle</span> <span class="o">|</span> <span class="o">|</span> <span class="o">|</span> <span class="k">COMMIT</span> <span class="o">|</span> <span class="n">client</span> <span class="n">backend</span>
<span class="p">(</span><span class="mi">1</span> <span class="k">row</span><span class="p">)</span>
</code></pre></p> IdStory Identity Manager - Defect #3465 (New): Attribute with validation in projection is always ...https://redmine.czechidm.com/issues/34652023-10-30T16:02:08ZVladimír Kotýnekvladimir.kotynek@bcvsolutions.eu
How to reproduce:
<ol>
<li>create new projection</li>
<li>add identity EAV attribute to projection</li>
<li>add validation to this EAV attribute</li>
<li>save projection</li>
<li>create new user with this projection</li>
<li>create new role with permissions:
<ul>
<li>IdmFormAttribute autocomplete BasePermissionEvaluator</li>
<li>IdmFormDefinition autocomplete BasePermissionEvaluator</li>
<li>IdmIdentityContractFormValue read,count,autocomplete IdentityContractFormValueEvaluator for default definition</li>
<li>IdmIdentityFormValue read,count,autocomplete IdentityFormValueEvaluator for default definition</li>
<li>IdmIdentity read,count,autocomplete IdentityByFormProjectionEvaluator for this new projection</li>
<li>IdmIdentityContract read,count,autocomplete IdentityContractByIdentityEvaluator COUNT,READ,AUTOCOMPLETE</li>
<li>IdmTreeNode autocomplete BasePermissionEvaluator</li>
<li>IdmTreeType autocomplete BasePermissionEvaluator</li>
</ul>
</li>
<li>add this role to some user with no other permissions in IdM besides userRole</li>
<li>log in IdM and open projection form of a user with this new projection
<ul>
<li>the EAV attribute is editable</li>
<li>no save button is available</li>
</ul>
</li>
<li>go to full detail of this user and EAV tab "More information"
<ul>
<li>the EAV attribute is editable</li>
<li>save button is present</li>
</ul>
</li>
<li>click on save button</li>
<li>error message appears due to insufficient rights.</li>
</ol>
<p>In this situation the user has to rights to edit anything on user with this projection so I would expect the field with the EAV to by disabled/not editable. When the EAV has no validation set and are present in the projection form, they are disabled.</p> IdStory Identity Manager - Task #3463 (New): Messaging - retry mechanism for notificationshttps://redmine.czechidm.com/issues/34632023-10-30T13:56:24ZPeter Štruncpeter.strunc@bcvsolutions.eu
<p>Retry sending notification in case sending failed.</p> Technical accounts - Defect #3458 (New): White screen after clicking on Use default form on Techn...https://redmine.czechidm.com/issues/34582023-10-26T17:36:45ZVladimír Kotýnekvladimir.kotynek@bcvsolutions.eu
<p>When I go to Systems/Accounts and click on tab Technical Accounts then click the Add button and select "Use default form" the frontend crashes and I get only an empty white page. In console there's some React error.<br /><pre>
app.js?v=13-0-6:204 Uncaught Error: Minified React error #130; visit https://reactjs.org/docs/error-decoder.html?invariant=130&args[]=undefined&args[]= for the full message or use the non-minified dev environment for full errors and additional helpful warnings.
at Ha (app.js?v=13-0-6:204:103445)
at d (app.js?v=13-0-6:204:50706)
at y (app.js?v=13-0-6:204:51986)
at app.js?v=13-0-6:204:54006
at ni (app.js?v=13-0-6:204:61543)
at Na (app.js?v=13-0-6:204:100171)
at Sa (app.js?v=13-0-6:204:83856)
at _a (app.js?v=13-0-6:204:80888)
at ja (app.js?v=13-0-6:204:79481)
at app.js?v=13-0-6:204:41969
</pre></p> extras - Defect #3457 (New): Approval workflows fill empty string to the name of approval task in...https://redmine.czechidm.com/issues/34572023-10-26T17:03:10ZVladimír Kotýnekvladimir.kotynek@bcvsolutions.eu
<p>When requesting for role for technical account, name of the approval workflow taks now looks like this bellow. It would be fine if someone fixed it<br /><pre>
Approve role "test-2023-08-17" assignment for ""
</pre></p>
Affected workflows:
<ul>
<li>extrasApproveRoleByContractManager.bpmn20.xml</li>
<li>extrasApproveRoleByManagerAndGuarantees.bpmn20.xml</li>
<li>extrasApproveRoleByManagerScriptAndGuarantee.bpmn20.xml</li>
</ul> IdStory Identity Manager - Defect #3453 (New): After refresh of page in organization no results a...https://redmine.czechidm.com/issues/34532023-10-18T11:42:42ZFrantišek Neznaj
Steps to replicate issue:
<ul>
<li>open Organization</li>
<li>confirm you can see treenodes listed</li>
<li>refresh webpage (F5 or ctrl+shift+r)</li>
<li>list of treenodes disapears</li>
<li>when you "CANCEL FILTER", they appear again</li>
<li>when you try to filter specific tree node, results disappear again</li>
<li>when you select specific organization structure, normal behavior is restored</li>
</ul>
<p>Issue occured on IdM 10,12 and 13. It is triggered by page refresh. During issue webadress contains "autocomplete?size=10&page=0&[…]-ab12-ab12ab12ab12&id=ab12ab12-ab12-ab12-ab12-ab12ab12ab12 - expected item starting […] does not exist and frontend fails to show content.</p> IdStory Identity Manager - Defect #3445 (New): Notification with attachment(s) isn't send when me...https://redmine.czechidm.com/issues/34452023-10-11T05:21:51ZOndřej Kopr
<p>When a behavior wants send notification with attachment(s) is these attachments saved into disk. The saving method works for standard sending with direct recipients, but when administrator set automatic forwarding to email adress the sending ends with the error:</p>
<pre>
java.lang.IllegalArgumentException: Insert binary data
at org.springframework.util.Assert.notNull(Assert.java:198)
at eu.bcvsolutions.idm.core.ecm.service.impl.DefaultAttachmentManager.saveAttachment(DefaultAttachmentManager.java:101)
at eu.bcvsolutions.idm.core.ecm.service.impl.DefaultAttachmentManager$$FastClassBySpringCGLIB$$e23f2177.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:752)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:295)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:691)
at eu.bcvsolutions.idm.core.ecm.service.impl.DefaultAttachmentManager$$EnhancerBySpringCGLIB$$32be6c8f.saveAttachment(<generated>)
at eu.bcvsolutions.idm.core.notification.service.impl.AbstractNotificationSender.lambda$saveNotificationAttachments$1(AbstractNotificationSender.java:243)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578)
at eu.bcvsolutions.idm.core.notification.service.impl.AbstractNotificationSender.saveNotificationAttachments(AbstractNotificationSender.java:255)
at eu.bcvsolutions.idm.core.notification.service.impl.DefaultNotificationManager.createLog(DefaultNotificationManager.java:91)
at eu.bcvsolutions.idm.core.notification.service.impl.DefaultNotificationManager.send(DefaultNotificationManager.java:58)
at eu.bcvsolutions.idm.core.notification.service.impl.DefaultNotificationManager.send(DefaultNotificationManager.java:25)
at eu.bcvsolutions.idm.core.notification.service.impl.AbstractNotificationSender.send(AbstractNotificationSender.java:155)
at eu.bcvsolutions.idm.core.notification.service.impl.AbstractNotificationSender$$FastClassBySpringCGLIB$$2db1961c.invoke(<generated>)
</pre>
<p>because the forwarding message contains information about attachments but without inputData.</p>
<p>Redirect message works pefrectly.</p> Technical accounts - Defect #3443 (New): When editing technical account dates are send to api -2 ...https://redmine.czechidm.com/issues/34432023-10-04T12:53:54ZTomáš Chalupa
<p><img src="https://redmine.czechidm.com/attachments/download/1297/clipboard-202310041445-2euci.png" alt="" /><br /><img src="https://redmine.czechidm.com/attachments/download/1304/clipboard-202310041447-yrwu5.png" alt="" /></p> IdStory Identity Manager - Defect #3435 (New): Users that has a role assigned to an account not a...https://redmine.czechidm.com/issues/34352023-09-13T09:09:43ZVladimír Kotýnekvladimir.kotynek@bcvsolutions.eu
<p>When I open detail of a role on Users tab there are only users who has this role assigned to a contract. Users that hes this role assigned to a specific account are missing. I would expect all users with this role to be listed here or some other way to see that this role i assigned to a user or an account.</p> IdStory Identity Manager - Defect #3434 (New): Deleting mapping used by at least 1 account caused...https://redmine.czechidm.com/issues/34342023-09-11T13:38:14ZFrantišek Neznaj
<p>I deleted mapping on system when there were still accounts linked to this mapping.</p>
<p>When I went to agenda Accounts, it caused error and did not list accounts in All accounts tab due to error on data integrity.</p>
<p>Error in log:<br /><pre>
4967-b198-9759443475d8] Unable to find eu.bcvsolutions.idm.acc.entity.SysSystemMapping with id cbfd5315-d758-4a71-9852-2797578d7d07; nested exception is javax.persistence.EntityNotFoundException: Unable to find eu.bcvsolutions.idm.acc.entity.SysSystemMapping with id cbfd5315-d758-4a71-9852-2797578d7d07 ({})
</pre></p>
<p>Note: the error did not occur in Personal accounts tab.</p> winrm-ad-connector - Feature #3432 (New): Implement configurable timeouts for AD and WinRM callshttps://redmine.czechidm.com/issues/34322023-08-31T08:15:37ZVladimír Kotýnekvladimir.kotynek@bcvsolutions.eu
<p>Add configuration property that defines timeout for AD connector operation calls and WinRM (cmd) connector script calls.<br />When the property is not set in the system confuration, use some default value in the connector (e.g. 30 000 ms for AD or 3 minutes for WinRM).</p> IdStory Identity Manager - Defect #3431 (New): Role deduplication doesn't remove same role becaus...https://redmine.czechidm.com/issues/34312023-08-30T06:57:28ZOndřej Kopr
<p>Role deduplication doesn't remove same role that mapping same system, same mapping because exists different accIdentityAccount</p>
<p>See: <a class="external" href="https://github.com/bcvsolutions/CzechIdMng/blob/develop/Realization/backend/acc/src/main/java/eu/bcvsolutions/idm/acc/service/api/adapter/AccIdentityAccountPluggableRoleAssignmentDeduplicator.java#L62C3-L69">https://github.com/bcvsolutions/CzechIdMng/blob/develop/Realization/backend/acc/src/main/java/eu/bcvsolutions/idm/acc/service/api/adapter/AccIdentityAccountPluggableRoleAssignmentDeduplicator.java#L62C3-L69</a></p>
<p>Please could you update the behavior?</p>
<p>Thank you <img src="https://redmine.czechidm.com/attachments/download/1295/36wawx.jpg" alt="" /></p> IdStory Identity Manager - Defect #3430 (New): Compare system report shows protected account as n...https://redmine.czechidm.com/issues/34302023-08-25T13:30:30ZDavid Štekl
<p>Mapped attributes are calculated for a protected mode account in the same way as for a normal account and often contain changes that need to be reviewed and evaluated in IdM. It is not possible to tell from the list whether it is an account in protected mode or not.</p>
<p>A possible solution would be to add the protected mode information directly to the compare report list or add the option to exclude all protected accounts from the list.</p> winrm-ad-connector - Feature #3427 (New): Support multi-valued attributes in search scripthttps://redmine.czechidm.com/issues/34272023-08-15T10:58:34ZVladimír Kotýnekvladimir.kotynek@bcvsolutions.eu
<p>WinRM connector expect all attributes returned from WinRM scripts to be instances of String.<br /><a class="external" href="https://github.com/bcvsolutions/winrm-ad-connector/blob/develop/src/main/java/net/tirasa/connid/bundles/cmd/dto/SearchResponse.java">https://github.com/bcvsolutions/winrm-ad-connector/blob/develop/src/main/java/net/tirasa/connid/bundles/cmd/dto/SearchResponse.java</a></p>
<p>This prevents us to return multivalued attributes such as ldapGroups/memberOf.<br />We need to support at least List object to be returned from connector script.</p> Recertification (rec) - Feature #3409 (New): Add option to schedule recertificationhttps://redmine.czechidm.com/issues/34092023-06-30T11:52:14ZDavid Štekl
<p>Recertification can only be started manually for now. <br />It would be nice to able to schedule the recertification. Recertification would be triggered automatically after a certain period of time.</p>