Bundle Profile Relation Service Synchronizer error

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Dear Community

I have a question currently running my local sailpoint as soon i start the server is start looping this error

ERROR BundleProfileRelationServiceSynchronizer sailpoint.server.BundleProfileRelationSynchronizer:226 - Unable to process events: null
java.lang.NullPointerException: null

at sailpoint.service.bundle.BundleProfileRelationUtil.copyManagedAttributeFields(BundleProfileRelationUtil.java:265) ~[identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
	at sailpoint.service.bundle.BundleProfileRelationUtil.addDirectProfile(BundleProfileRelationUtil.java:218) ~[identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
	at sailpoint.service.bundle.BundleProfileRelationUtil.addDirectProfiles(BundleProfileRelationUtil.java:187) ~[identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
	at sailpoint.service.bundle.BundleProfileRelationUtil.populateRelations(BundleProfileRelationUtil.java:123) ~[identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
	at sailpoint.service.bundle.BundleProfileRelationUtil.getBundleRelations(BundleProfileRelationUtil.java:85) ~[identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
	at sailpoint.service.bundle.BundleProfileRelationUtil.createBundleRelations(BundleProfileRelationUtil.java:395) ~[identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
	at sailpoint.service.bundle.BundleProfileRelationProcessor.generateBundleProfileRelations(BundleProfileRelationProcessor.java:162) ~[identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
	at sailpoint.server.BundleProfileRelationSynchronizer.createRecords(BundleProfileRelationSynchronizer.java:428) ~[identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
	at sailpoint.server.BundleProfileRelationSynchronizer.processEvents(BundleProfileRelationSynchronizer.java:190) [identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
	at sailpoint.server.BundleProfileRelationSynchronizer.run(BundleProfileRelationSynchronizer.java:74) [identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]

over and over, how and where i need to check this? to stop it

2

Hi @fugitiva ,

After you start sailpoint service, sailpoint is starting? if so it there any task of link you click to reproduce this error.

The error suggest that somewhere its hitting Null Pointer exception, are you using any rule to bundle or ManagedAttribute?

3

Yes, sailpoint start, then when i check the logs the error is looping and looping… the UI sailpoint works fines. Im not using any rule to manage the attribute, only one rule to set default password, let me remove it, perhaps is that

4

Sure, let me know if you find something.

5

no, still the error looping, where exactly i need to check about “any rule to bundle or ManagedAttribute?” as far i check i have nothing in identity mapping, or in correlation rule idenitty or manager

6

Hi @fugitiva

It appears that there are some bundles with constraints pointing to attributes that are no longer present in the application. Updating those bundles will fix the issue.

7

What logs i can enable to see the where exactly the error come from?

8

This is a well known issue. Most likely there is a role/bundle with a profile which is not a valid entitlement.

Take a look at:
https://community.sailpoint.com/t5/IdentityIQ-Forum/Upgrade-Error-when-upgraded-from-8-2P2-to-8-3/td-p/216087

This contains, amongst others, a rule/script that iterates all the bundles and finds the one with non-existing attributes/entitlements.

– Remold

1 Like
9

I already has version 8.3. What logs I can enable to see where exactly attribute I need to check

10

I solve it, it was an application csv, The file path was not correct, or I rename the location of the csv, then the error was hapenning, I update the location of the csv, the problem is solve

2 Likes
11

@Remold thank you for your answer, i want to reopen this, becuase IM getting again this error,
so far what I did is:
Enable the logs:
logger.bundleSyncer.name=sailpoint.server.BundleProfileRelationSynchronizer
logger.bundleSyncer.level=debug
logger.bundleProcessor.name=sailpoint.task.BundleProfileRelationProcessor
logger.bundleProcessor.level=debug
logger.relationUtil.name=sailpoint.service.bundle.BundleProfileRelationUtil
logger.relationUtil.level=debug
logger.roleEntAssociation.name=sailpoint.task.RoleEntitlementAssociationsExecutor
logger.roleEntAssociation.level=debug

then run the task:
Refresh Role-Entitlement Associations

then i get the fail one

image
image1615×612 27.3 KB

my question how to do solve this?

Thanks in advance

12

Hi Sara,

As mentioned in my previous reply:

Let us know if this resolves your issue.

– Remold

13

HI @Remold I Read the article there is no solution there,maybe I’m missing where you want to point?

14

The article contains a script in the last reply.

QueryOptions qo = new QueryOptions();
Iterator it = context.search(Bundle.class, qo);

while(it.hasNext()) {
  Bundle bundle = it.next();
  
  List profiles = bundle.getProfiles();
  
  for (Profile profile : Util.safeIterable(profiles)) {
    List constraints = profile.getConstraints();
    
    for(Filter cons : Util.safeIterable(constraints)) {
      Application app = profile.getApplication();
      if(app != null) {
        Schema accountSchema = app.getAccountSchema();
        
        if(accountSchema != null) {
          if(cons instanceof Filter.LeafFilter) {
            String property = cons.getProperty(); 
            
            Object map = accountSchema.getAttributeMap();
            
            if(map != null && !map.containsKey(property)) {
              returnValue += String.format("%s\n", bundle.getName());
            }
          }
        }
      }
    }
  }
}

return returnValue;

You can create a new rule for this via debug and directly run it via debug.

To easily run this rule you can use the Rule Runner Plugin created by Identity Works LLC.
Download via:

Developer Day presentation on the Rule Runner by Zac:
Identity Works LLC

– Remold

3 Likes
15

Thanks for the ping on this Remold!

1 Like
16

HI @Remold I Read the article there is no solution there

17

Hi Sara,

Can you run the script (see above) ?

This script should not return any data. If it returns the mentioned bundle/role contains an entitlement which does not exist in the entitlement-catalogue.

– Remold

18

Hi @Remold thank you for your help

The ouput is the below:

image
image1186×321 34.7 KB

asia_pacific read entitlement
image
image1117×290 14.2 KB

europe_read
image
image1252×292 14.2 KB

So those two entitlement exist

image
image1299×585 30.3 KB

image
image1148×665 30.8 KB

thanks in advance

19

The property type is different:

In the entitlement it is: groupsChat
(capital C)

In the role (direct entitlement) it is: groupchat
(lowercase c)

Sailpoint is almost 100% case-sensitive.

So if you change the role (direct entitlement) for both roles to uppercase C, the error should be gone :slight_smile:

– Remold

20

@Remold good catch, thank you for providing a answer for this. Finally solve

2 Likes