Access request returning severe error message

Which IIQ version are you inquiring about?

8.3p3

Please share any images or screenshots, if relevant.

Please share any other relevant files that may be required (for example, logs).

Rule.txt (3.8 KB)

Share all details about your problem, including any error messages you may have received.

Hi IIQ,

We have a set of privilege business roles which can be requested by users who have an admin account. Also, we have a policy in place which executes a rule (rule attached above) to check if the user has an admin account. The policy gives a violation if there isn’t an admin account.
The whole process is working fine but sometime it gives the error (as mentioned in the picture attached above) but checking the access request under My work tab, I can see the request has been submitted. This is causing users to submit multiple requests.
Can you please assist me on how I can investigate this issue?

Hi @KaranGulati025,

can you share your logs with the error?

@enistri_devo, I couldn’t find any logs related to this error. I checked both task and web servers. Do I need to enable a specific kind of log to capture this error?

Check advance analytics/ Syslog

Hi @vishal_kejriwal1, thanks for your reply. If you see the error in the image above there is no incident code

I see . I would say reproduction again and syslog and give the error information.

@vishal_kejriwal1 I am getting the below message when trying to access the syslog

image

Also, we are facing this issue when the policy is active. The policy checks if the user has an admin account and the elevated access on the role is ticked. The policy uses the rule which is attached with this question.

You dont hava nothing in you catalina file? in tomcat_home/logs

Hi @enistri_devo, I did find some logs related to this in the tomcat9-stdout. file (thanks for guiding me).

Log.txt (4.3 KB)

Hi @enistri_devo did you have had a chance to look at file I shared with you?

Hey @KaranGulati025,

I didn’t see much of the log statement you have added in the code actually getting logged.

Could you uncomment all the log statement in the rule file and try to produce the same error again? Please share the newly generated logs with all the logging statements.

Hi @KaranGulati025,
try to replace
List currentIdentityRoles = currentIdentity.getAssignedRoles();
with
List <Bundle> currentIdentityRoles = currentIdentity.getAssignedRoles() != null ? currentIdentity.getAssignedRoles() : null;

1 Like

Hi @enistri_devo I get the below error when try your update

image

can you share the current log,please?

Hi @KaranGulati025,

Replace the `<` with  &lt; and try to update the rule
  List &lt;Bundle> currentIdentityRoles = currentIdentity.getAssignedRoles() != null ? currentIdentity.getAssignedRoles() : null;
1 Like

@Arun-Kumar and @enistri_devo, thank you for the change in code. But the issue “Severe error” still coming up.

@vishal_kejriwal1 I produced the error again and checked the syslog for the error

Error Message " Violation—> null"

I did enable the loggers and here is the finding

Logs.txt (78.4 KB)

error as below:

2024-10-01 14:52:40,853 ERROR https-jsse-nio-443-exec-4 sailpoint.server.InternalContext:166 - virtualIdentityRoles -->[sailpoint.object.Bundle@71c31a7a[id=0a094a057847180481784860e8e81fe9,name=BR_STAFF_Corporate Staff No VCAA VRQA ACFE], sailpoint.object.Bundle@4269edd7[id=0a094a05778a18ce81779e3b82741c7d,name=BR_STAFF_Corporate Staff No VCAA], sailpoint.object.Bundle@10be5520[id=0a094a04761c1ec681761c2ef2e80054,name=BR_STAFF Contractor], sailpoint.object.Bundle@36b6860c[id=0a094a04761c1ec681761c2ef6a5008c,name=BR_STAFF Program Manager], sailpoint.object.Bundle@1c8da980[id=0a094a04761c1ec681761c2efcf000f9,name=BR_STAFF_Corporate Staff], sailpoint.object.Bundle@2785caf9[id=0a094a04850f198e81855bb54008600b,name=BR_STAFF_Corporate Staff No Agencies], sailpoint.object.Bundle@1385c4e7[id=0a094a05845b1bca8184a265ae636248,name=BR_STAFF_Corporate Staff No VCAA VRQA VSA ACFE], sailpoint.object.Bundle@2d804890[id=0a094a04761c1ec681761c2ef0c0003b,name=BirthRight_AllUsers], sailpoint.object.Bundle@626bd4cc[id=0a094a04761c1ec681761c2ef13f0043,name=BR_STAFF 35 Collins Street], sailpoint.object.Bundle@285d03a[id=0a094a04761c1ec681761c2ef285004f,name=BR_STAFF Central Staff], sailpoint.object.Bundle@b8ad057[id=0a094c05779317608177942325672e84,name=BR_STAFF_BUSINESSUNIT B7732C058870A1476D3F019A98404A20 - Staff], sailpoint.object.Bundle@1d17ab9b[id=0a094a058a311aaa818a4e03505b658c,name=BR_E0000_Required], sailpoint.object.Bundle@4e3e209e[id=0a094a058d821f1e818d8c513f5402ea,name=BR_STAFF_Contractor], sailpoint.object.Bundle@6506ee79[id=0a094a057f731799817f8fa6a6ad2b1b,name=BR_STAFF_SAP FieldGlass_Hiring Manager L2], sailpoint.object.Bundle@5e8279ea[id=0a094a05918d19448191f3592ab42547,name=BR_Azure SSPR TAP Enabled], sailpoint.object.Bundle@48abf0e1[id=0a094a05918d19448191f35f222a2555,name=BR_Azure Risky SignIn Enforced], sailpoint.object.Bundle@1e88a4b3[id=0a094a05902b129181902e5059910977,name=BR_Test Role]]
2024-10-01 14:52:40,863 ERROR https-jsse-nio-443-exec-4 sailpoint.server.InternalContext:166 - FLAG -->true
2024-10-01 14:52:40,883 ERROR https-jsse-nio-443-exec-4 sailpoint.server.InternalContext:166 - Violation—>sailpoint.object.PolicyViolation@7748cac4[id=,name=]

Hi @zeel_sinojia @Arun-Kumar @vishal_kejriwal1 @enistri_devo,

I captured this issue in the Web Browser, using the Developer Tools and extracted the .HAR file. I can see in file the below error.

“response”: {
“status”: 504,
“statusText”: “Gateway Time-out”,
“httpVersion”: “HTTP/1.1”,
{
“value”: “Microsoft-Azure-Application-Gateway/v2”
}
Also, I checked the request time-out settings on the azure application gateway and it is set to 60 seconds.

Will increasing the request time-out setting resolve the issue?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.