Access Request Error - Quicklink is Required

Which IIQ version are you inquiring about?

Version 8.3

Share all details about your problem, including any error messages you may have received.

Hello,

Recently I add users complain about Access Requests failing with the following error:

sailpoint.tools.GeneralException: quickLink is required
	at sailpoint.authorization.AccessItemAuthorizer.<init>(AccessItemAuthorizer.java:49)
	at sailpoint.rest.ui.requestaccess.AccessItemResource.getAdditionalQuestions(AccessItemResource.java:270)
	at jdk.internal.reflect.GeneratedMethodAccessor6023.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167)
	at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:219)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:475)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:397)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:81)
	at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:255)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
	at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
	at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:234)
	at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680)
	at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394)
	at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346)
	at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:366)
	at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:319)
	at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at sailpoint.web.SailPointResponseFilter.doFilter(SailPointResponseFilter.java:76)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at sailpoint.rest.jaxrs.MethodOverrideFilter.doFilter(MethodOverrideFilter.java:90)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at sailpoint.rest.RestCsrfValidationFilter.doFilter(RestCsrfValidationFilter.java:71)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at sailpoint.rest.AuthenticationFilter.doFilter(AuthenticationFilter.java:109)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at sailpoint.web.SailPointContextRequestFilter.doFilter(SailPointContextRequestFilter.java:61)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at sailpoint.web.SailPointPollingRequestFilter.doFilter(SailPointPollingRequestFilter.java:151)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at sailpoint.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:63)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1789)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:829)

The error happens on the Second Step of the Access Request when selecting the entitlements to request.

After analyzing the Identities involved, they have the required attributes to match with the Dynamic Scope for the Access Requests.

From other similar posts, there are a few suggestions to check Selectors. I don’t see errors in the Selectors code, but I’m also getting a lot of Syslogs with the following message:

Selector filter produced more than one result

Could this be the cause of the Request Error? If so, do you have any suggestion to address the issue?

I would suggest you to verify the DynamicScopes of this quicklink. earlier i have seen this problem as DynamicScope object within the Quicklink object was missing due to missing file in deployment .

This issue may also arise in case if incorrect DynamicScope configuration is done.

1 Like

Just confirmed the configuration, the DynamicScope has the Request Access Quicklink enabled.

How can I verify the DynamicScopes of the Quicklink?

check from debug page
quicklink and DynamicScope object .

1 Like

On the QuickLink the DynamicScopeRef is pointing to the right DynamicScope.

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE QuickLink PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<QuickLink action="requestAccess" category="Access" cssClass="quicklink-request-access" messageKey="quicklink_request_access" name="Request Access">
  <Attributes>
    <Map>
      <entry key="labelScript">
        <value>
          <Script>
            <Source>
                  return (quickLinkWrapper.isAllowSelf() &amp;&amp; !quickLinkWrapper.isAllowOthers()) ? "quicklink_request_access_label_my_access" : "quicklink_request_access_label_user_access";
              </Source>
          </Script>
        </value>
      </entry>
    </Map>
  </Attributes>
  <Description>quicklink_request_access_desc</Description>
  <QuickLinkOptions allowBulk="true" allowSelf="true">
    <DynamicScopeRef>
      <Reference class="sailpoint.object.DynamicScope" name="Custom Access Request"/>
    </DynamicScopeRef>
    <Attributes>
      <Map>
        <entry key="allowRequestEntitlements">
          <value>
            <Boolean>true</Boolean>
          </value>
        </entry>
        <entry key="allowRequestEntitlementsAdditionalAccountRequests">
          <value>
            <Boolean>true</Boolean>
          </value>
        </entry>
        <entry key="allowRequestEntitlementsRemove">
          <value>
            <Boolean>true</Boolean>
          </value>
        </entry>
        <entry key="allowRequestEntitlementsShowPopulation">
          <value>
            <Boolean></Boolean>
          </value>
        </entry>
        <entry key="allowRequestRoles">
          <value>
            <Boolean>true</Boolean>
          </value>
        </entry>
        <entry key="allowRequestRolesAdditionalAccountRequests">
          <value>
            <Boolean>true</Boolean>
          </value>
        </entry>
        <entry key="allowRequestRolesRemove">
          <value>
            <Boolean>true</Boolean>
          </value>
        </entry>
        <entry key="allowRequestRolesShowPopulation">
          <value>
            <Boolean></Boolean>
          </value>
        </entry>
      </Map>
    </Attributes>
  </QuickLinkOptions>
</QuickLink>

And the DynamicScope seems to have no issues:

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE DynamicScope PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<DynamicScope name="Custom Access Request">
  <ApplicationRequestControl>
    <Reference class="sailpoint.object.Rule" name="Custom Applications Selector"/>
  </ApplicationRequestControl>
  <Description>Access Request for Entity1</Description>
  <ManagedAttributeRequestControl>
    <Reference class="sailpoint.object.Rule" name="Custom Entitlements Selector"/>
  </ManagedAttributeRequestControl>
  <PopulationRequestAuthority ignoreScoping="true">
    <MatchConfig customControl="(caLCState == &quot;ready&quot; || caLCState == &quot;active&quot;)" enableAttributeControl="true" enableCustomControl="true" matchAll="true">
      <IdentityAttributeFilterControl displayName="Entity" name="caEntity"/>
    </MatchConfig>
  </PopulationRequestAuthority>
  <RoleRequestControl>
    <Reference class="sailpoint.object.Rule" name="Custom Roles Selector"/>
  </RoleRequestControl>
  <Selector>
    <IdentitySelector>
      <MatchExpression>
        <MatchTerm name="caEntity" type="Entitlement" value="Entity1"/>
      </MatchExpression>
    </IdentitySelector>
  </Selector>
</DynamicScope>

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.