We deleted the “exclusion” identity attribute from our identity object config, and we still cannot get rid of this error. We have done an identity refresh of identity attributes only, and we can still not get it to clear out.
In the debug page, can you see the exclusion attribute in the Identity xml?
In what order did you do all of this? Did you delete the attribute (or at least clear out all of the data in it) and reaggregate and refresh before you renamed it? Just wanted to be clear on the order of operations for this:
We deleted the “exclusion” identity attribute from our identity object config, and we still cannot get rid of this error. We have done an identity refresh of identity attributes only, and we can still not get it to clear out.
Also, you can have more than 20 extended attributes. The 20 limit is for placeholder extended attributes.
Were you previously using the exclusion attribute in any roles or rules? Honestly, at this point, I’d just create a new column in the database called net_id, modify the netId ObjectAttribute in the Identity ObjectConfig like this:
I’d say it was in an IdentityArchive that’s throwing the error, but you don’t have the Process events box checked. In any case, replacing the name of an extended attribute like that is going to cause a bunch of problems.
true. need to roll the changes slower. So if we are depreciating/removing identity attributes. How do we avoid this error when need to mark different attributes as searchable?
I’d really push for named extended attributes backed by a column in the database that’s named after it.
But if that’s not possible, I’d probably make a rule or something like that to assign a null or blank to the attribute first and run a refresh with those options I posted above so that no old data remained. Then delete the attribute, remove it from your hibernate file, and deploy and bounce the servers and run another refresh with those options. Then create the placeholder attribute like normal and run that refresh one last time…but I promise that named attributes are just miles better than the placeholder ones if you can make it happen.
@acrumley Steps you have taken seems to be right for swapping the attributes. Problem arises if you are using the old attribute in any of the identity filter or criteria which expects a named searchable attribute, that is being replaced. You need to do comprehensive scan of your all objects to make sure it is not in use.
We did it in the past and we used to store everything in Github(including roles), so it was easy for us to do the scanning and update the necessary filters.
Note: Found a fix?Help the community by marking the comment as solution. Feel free to react(,, etc.)with an emoji to show your appreciation or message me directly if your problem requires a deeper dive.
