Share all details about your problem, including any error messages you may have received.
Hi IIQ,
We have a set of privilege business roles which can be requested by users who have an admin account. Also, we have a policy in place which executes a rule (rule attached above) to check if the user has an admin account. The policy gives a violation if there isn’t an admin account.
The whole process is working fine but sometime it gives the error (as mentioned in the picture attached above) but checking the access request under My work tab, I can see the request has been submitted. This is causing users to submit multiple requests.
Can you please assist me on how I can investigate this issue?
@enistri_devo, I couldn’t find any logs related to this error. I checked both task and web servers. Do I need to enable a specific kind of log to capture this error?
@vishal_kejriwal1 I am getting the below message when trying to access the syslog
Also, we are facing this issue when the policy is active. The policy checks if the user has an admin account and the elevated access on the role is ticked. The policy uses the rule which is attached with this question.
I didn’t see much of the log statement you have added in the code actually getting logged.
Could you uncomment all the log statement in the rule file and try to produce the same error again? Please share the newly generated logs with all the logging statements.
Hi @KaranGulati025,
try to replace List currentIdentityRoles = currentIdentity.getAssignedRoles();
with List <Bundle> currentIdentityRoles = currentIdentity.getAssignedRoles() != null ? currentIdentity.getAssignedRoles() : null;
I captured this issue in the Web Browser, using the Developer Tools and extracted the .HAR file. I can see in file the below error.
“response”: {
“status”: 504,
“statusText”: “Gateway Time-out”,
“httpVersion”: “HTTP/1.1”,
{
“value”: “Microsoft-Azure-Application-Gateway/v2”
}
Also, I checked the request time-out settings on the azure application gateway and it is set to 60 seconds.
Will increasing the request time-out setting resolve the issue?