Which IIQ version are you inquiring about?
Version 8.3
Share all details related to your problem, including any error messages you may have received.
Hi all,
We are currently facing an issue with the aggregation of Azure AD groups. The starting requirement was that we are only aggregate groups which are cloud only and therefore do not have the attribute dirSyncEnabled. Since (to our knowledge) you cannot filter an attribute eq null within the application xml I wrote a group customization rule to filter out not cloud only groups. It looks like this :
import sailpoint.object.;
import sailpoint.tools.;
if(Util.otos(object.getAttribute(“dirSyncEnabled”))== null){
return object;
} else {
return null;
}
Does anyone have an idea from where this issue comes from? We did not change anything neither on Azure dide nor on IIQ side. We also tried the aggregation with a higher timeout but with no success.
For the last two months we get the following error message.
2024-01-09T08:14:35,750 WARN QuartzScheduler_Worker-2 sailpoint.connector.azuread.AccessTokenManager:366 - Updating app/source for encrypted attributes
2024-01-09T08:18:41,512 WARN QuartzScheduler_Worker-2 sailpoint.connector.AzureADConnector:1874 - Aggregation of object type ‘azureADEligibleRole’ is not enabled
2024-01-09T08:18:41,684 WARN QuartzScheduler_Worker-2 sailpoint.connector.azuread.AccessTokenManager:366 - Updating app/source for encrypted attributes
2024-01-09T08:19:47,666 WARN QuartzScheduler_Worker-2 sailpoint.connector.AzureADConnector:1874 - Aggregation of object type ‘azureADActiveRole’ is not enabled
2024-01-09T08:19:47,698 WARN QuartzScheduler_Worker-2 sailpoint.connector.AzureADConnector:1874 - Aggregation of object type ‘accessPackage’ is not enabled
2024-01-09T08:19:47,729 WARN QuartzScheduler_Worker-2 sailpoint.connector.AzureADConnector:1874 - Aggregation of object type ‘channel’ is not enabled
2024-01-09T08:19:47,760 WARN QuartzScheduler_Worker-2 sailpoint.connector.AzureADConnector:1874 - Aggregation of object type ‘azureActiveRole’ is not enabled
2024-01-09T08:19:47,791 WARN QuartzScheduler_Worker-2 sailpoint.connector.AzureADConnector:1874 - Aggregation of object type ‘azureEligibleRole’ is not enabled
2024-01-09T08:19:47,963 ERROR QuartzScheduler_Worker-2 sailpoint.api.Aggregator:1916 - Exception during aggregation of Object Type Group on Application Administrative Azure Active Directory CO (Admin AAD CO). Reason: java.lang.RuntimeException: sailpoint.connector.ConnectorException: failed to lazily initialize a collection of role: sailpoint.object.Rule.referencedRules, could not initialize proxy - no Session
java.lang.RuntimeException: sailpoint.connector.ConnectorException: failed to lazily initialize a collection of role: sailpoint.object.Rule.referencedRules, could not initialize proxy - no Session
at sailpoint.connector.ConnectorProxy$CustomizingIterator.peek(ConnectorProxy.java:1350) ~[connector-bundle-identityiq.jar:8.3p3]
at sailpoint.connector.ConnectorProxy$CustomizingIterator.hasNext(ConnectorProxy.java:1358) ~[connector-bundle-identityiq.jar:8.3p3]
at sailpoint.api.Aggregator.aggregateGroups(Aggregator.java:5598) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
at sailpoint.api.Aggregator.aggregateApplication(Aggregator.java:2777) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
at sailpoint.api.Aggregator.phaseAggregate(Aggregator.java:2658) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
at sailpoint.api.Aggregator.execute(Aggregator.java:2200) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
at sailpoint.task.ResourceIdentityScan.doUnpartitioned(ResourceIdentityScan.java:248) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
at sailpoint.task.ResourceIdentityScan.execute(ResourceIdentityScan.java:228) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
at sailpoint.api.TaskManager.runSync(TaskManager.java:981) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
at sailpoint.api.TaskManager.runSync(TaskManager.java:764) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
at sailpoint.scheduler.JobAdapter.execute(JobAdapter.java:128) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
at org.quartz.core.JobRunShell.run(JobRunShell.java:202) [quartz-2.3.2.jar:?]
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) [quartz-2.3.2.jar:?]
Caused by: sailpoint.connector.ConnectorException: failed to lazily initialize a collection of role: sailpoint.object.Rule.referencedRules, could not initialize proxy - no Session
at sailpoint.connector.ConnectorProxy.runCustomizationRule(ConnectorProxy.java:942) ~[connector-bundle-identityiq.jar:8.3p3]
at sailpoint.connector.ConnectorProxy.access$100(ConnectorProxy.java:87) ~[connector-bundle-identityiq.jar:8.3p3]
at sailpoint.connector.ConnectorProxy$CustomizingIterator.peek(ConnectorProxy.java:1335) ~[connector-bundle-identityiq.jar:8.3p3]
… 12 more
Caused by: sailpoint.tools.GeneralException: failed to lazily initialize a collection of role: sailpoint.object.Rule.referencedRules, could not initialize proxy - no Session
at sailpoint.server.BSFRuleRunner.runRule(BSFRuleRunner.java:224) ~[identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
at sailpoint.server.InternalContext.runRule(InternalContext.java:1268) ~[identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
at sailpoint.server.InternalContext.runRule(InternalContext.java:1240) ~[identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
at sailpoint.connector.DefaultConnectorServices.runRule(DefaultConnectorServices.java:107) ~[identityiq.jar:8.3p3]
at sailpoint.connector.DefaultConnectorServices.runRule(DefaultConnectorServices.java:87) ~[identityiq.jar:8.3p3]
at sailpoint.connector.ConnectorProxy.runCustomizationRule(ConnectorProxy.java:940) ~[connector-bundle-identityiq.jar:8.3p3]
at sailpoint.connector.ConnectorProxy.access$100(ConnectorProxy.java:87) ~[connector-bundle-identityiq.jar:8.3p3]
at sailpoint.connector.ConnectorProxy$CustomizingIterator.peek(ConnectorProxy.java:1335) ~[connector-bundle-identityiq.jar:8.3p3]
… 12 more
Caused by: org.hibernate.LazyInitializationException: failed to lazily initialize a collection of role: sailpoint.object.Rule.referencedRules, could not initialize proxy - no Session
at org.hibernate.collection.internal.AbstractPersistentCollection.throwLazyInitializationException(AbstractPersistentCollection.java:606) ~[hibernate-core-5.4.27.Final.jar:5.4.27.Final]
at org.hibernate.collection.internal.AbstractPersistentCollection.withTemporarySessionIfNeeded(AbstractPersistentCollection.java:218) ~[hibernate-core-5.4.27.Final.jar:5.4.27.Final]
at org.hibernate.collection.internal.AbstractPersistentCollection.initialize(AbstractPersistentCollection.java:585) ~[hibernate-core-5.4.27.Final.jar:5.4.27.Final]
at org.hibernate.collection.internal.AbstractPersistentCollection.read(AbstractPersistentCollection.java:149) ~[hibernate-core-5.4.27.Final.jar:5.4.27.Final]
at org.hibernate.collection.internal.PersistentList.iterator(PersistentList.java:155) ~[hibernate-core-5.4.27.Final.jar:5.4.27.Final]
at sailpoint.server.BSFRuleRunner.runRule(BSFRuleRunner.java:202) ~[identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
at sailpoint.server.InternalContext.runRule(InternalContext.java:1268) ~[identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
at sailpoint.server.InternalContext.runRule(InternalContext.java:1240) ~[identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
at sailpoint.connector.DefaultConnectorServices.runRule(DefaultConnectorServices.java:107) ~[identityiq.jar:8.3p3]
at sailpoint.connector.DefaultConnectorServices.runRule(DefaultConnectorServices.java:87) ~[identityiq.jar:8.3p3]
at sailpoint.connector.ConnectorProxy.runCustomizationRule(ConnectorProxy.java:940) ~[connector-bundle-identityiq.jar:8.3p3]
at sailpoint.connector.ConnectorProxy.access$100(ConnectorProxy.java:87) ~[connector-bundle-identityiq.jar:8.3p3]
at sailpoint.connector.ConnectorProxy$CustomizingIterator.peek(ConnectorProxy.java:1335) ~[connector-bundle-identityiq.jar:8.3p3]
… 12 more