Project

General

Profile

Actions

Defect #3365

closed

Role request ends in error after assigning role, whitch creates an account

Added by Peter Štrunc over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Ondřej Kopr
Category:
-
Target version:
Start date:
05/15/2023
Due date:
% Done:

100%

Estimated time:
Affected versions:
Owner:

Description

The issue is twofold:

  • First, the role request takes a long time to complete, when assigning a role, which grants a system account. The time to finish scales linearly with the number of role assignments in the environment.
  • Second, in some rare cases, the request may end with the following error
2023-05-15 10:42:56.620 ERROR 3384320 --- [event-task-executor-3] e.b.i.c.m.s.i.DefaultIdmRoleRequestService.processException : Uid [%] already exists. Change uid for account [%s] for system [%s] in mapping [%s]
eu.bcvsolutions.idm.core.api.exception.ResultCodeException: Uid [%] already exists. Change uid for account [%s] for system [%s] in mapping [%s]
        at eu.bcvsolutions.idm.acc.service.impl.DefaultAccAccountManagementService.createIdentityAccountIfNotExists(DefaultAccAccountManagementService.java:840)
        at eu.bcvsolutions.idm.acc.service.impl.DefaultAccAccountManagementService.lambda$resolveNewIdentityRoles$5(DefaultAccAccountManagementService.java:220)
        at java.base/java.util.ArrayList.forEach(ArrayList.java:1541)
        at eu.bcvsolutions.idm.acc.service.impl.DefaultAccAccountManagementService.resolveNewIdentityRoles(DefaultAccAccountManagementService.java:217)
        at eu.bcvsolutions.idm.acc.service.impl.DefaultAccAccountManagementService$$FastClassBySpringCGLIB$$7078bda6.invoke(<generated>)
        at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
        at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:687)
        at eu.bcvsolutions.idm.acc.service.impl.DefaultAccAccountManagementService$$EnhancerBySpringCGLIB$$d2814454.resolveNewIdentityRoles(<generated>)
        at eu.bcvsolutions.idm.acc.event.processor.RoleRequestRealizationProcessor.process(RoleRequestRealizationProcessor.java:103)
        at eu.bcvsolutions.idm.core.api.event.AbstractEntityEventProcessor.onApplicationEvent(AbstractEntityEventProcessor.java:244)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:403)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:373)
        at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java:253)
        at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java:180)
        at eu.bcvsolutions.idm.core.model.event.processor.event.EntityEventExecuteProcessor.process(EntityEventExecuteProcessor.java:52)
        at eu.bcvsolutions.idm.core.api.event.AbstractEntityEventProcessor.onApplicationEvent(AbstractEntityEventProcessor.java:244)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:403)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:373)
        at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java:253)
        at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java:180)
        at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager$2.run(DefaultEntityEventManager.java:655)
        at eu.bcvsolutions.idm.core.config.DelegatingTransactionContextRunnable.run(DelegatingTransactionContextRunnable.java:39)
        at org.springframework.security.concurrent.DelegatingSecurityContextRunnable.run(DelegatingSecurityContextRunnable.java:84)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:829)

There is a workaround to fix failed role requests:

  • Go to the detail page of the role request and execute it again. This will result in a closed request, but accounts won't be recalculated
  • Manually run account recalculation and provisioning on given identity
Actions #1

Updated by Peter Štrunc over 1 year ago

  • Tracker changed from Task to Defect
  • Status changed from New to In Progress
  • % Done changed from 0 to 80
  • Affected versions 13.0.0 added
Actions #2

Updated by Peter Štrunc over 1 year ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Peter Štrunc to Ondřej Kopr

PR: https://github.com/bcvsolutions/CzechIdMng/pull/390
@kopro could you check it out, please?

Actions #3

Updated by Ondřej Kopr over 1 year ago

  • Status changed from Needs feedback to Resolved
  • % Done changed from 80 to 100

LGTM thanks for fix!

Actions #4

Updated by Peter Štrunc over 1 year ago

  • Description updated (diff)
Actions #5

Updated by Peter Štrunc over 1 year ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF