Failing load ITRoles -- Uncaught JAX-RS exception

Hello team,

I am getting an error when clicking on “manage my access” and try to discover ITRoles. Sailpoint is giving me the next error:

The system has encountered a serious error while processing your request. Report the following incident code to your system administrator: 720

http-nio-8080-exec-3 rest.ui.jaxrs.GeneralExceptionMapper:29 - Uncaught JAX-RS exception.
sailpoint.tools.GeneralException: StackOverflowError
        at sailpoint.persistence.HibernatePersistenceManager.countObjects(HibernatePersistenceManager.java:2743) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.persistence.ClassPersistenceManager.countObjects(ClassPersistenceManager.java:358) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.server.InternalContext.countObjects(InternalContext.java:902) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.service.useraccess.UserAccessSearcher.getCount(UserAccessSearcher.java:599) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.service.useraccess.UserAccessSearcher.getHibernateResults(UserAccessSearcher.java:443) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.service.useraccess.RoleSearcher.getPermittedRoles(RoleSearcher.java:541) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.service.useraccess.RoleSearcher.getPermittedRoles(RoleSearcher.java:481) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.service.useraccess.RoleSearcher.searchKeyword(RoleSearcher.java:187) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.service.useraccess.UserAccessSearcher.search(UserAccessSearcher.java:218) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.service.useraccess.UserAccessService.search(UserAccessService.java:90) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.rest.UserAccessUtil.getResults(UserAccessUtil.java:228) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.rest.ui.requestaccess.BaseAccessItemListResource.getAccessItems(BaseAccessItemListResource.java:58) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.rest.ui.requestaccess.AccessItemListResource.getAccessItems(AccessItemListResource.java:72) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_192]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_192]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_192]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192]

Could anyone help me?
I am thinking about it and guess that Sailpoint can’t show more than a hundred roles… :S

Thank you in advance.

IIQ 8.1p2

Hey @LewisSPoint1,

It is great to see you in the community again, thanks for posting. I am currently looking into this issue for you. Hang tight.

Hey @LewisSPoint1,

Could you try to trace sailpoint.service.useraccess? When you do, can you see looping? We are wondering if you have some recursive relationships that might be causing this error.

Hello @jordan.violet

Thank you for your response.

I added “sailpoint.service.useraccess” and I can see the loop, but I don’t know if I have any recursive relationship. How could I see it?

Logs:

...
...
...
2021-07-01T18:00:24,449 TRACE http-nio-8080-exec-3 sailpoint.service.useraccess.RoleSearcher:138 - Entering buildSearchTermFilters(searchTerms = [])
2021-07-01T18:00:24,449 TRACE http-nio-8080-exec-3 sailpoint.service.useraccess.UserAccessSearcher:138 - Entering getMatchMode()
2021-07-01T18:00:24,449 TRACE http-nio-8080-exec-3 sailpoint.service.useraccess.UserAccessSearcher:138 - Entering getLcmConfigService()
2021-07-01T18:00:24,450 TRACE http-nio-8080-exec-3 sailpoint.service.useraccess.UserAccessSearcher:150 - Exiting getLcmConfigService = sailpoint.service.LCMConfigService@2e8cc008
2021-07-01T18:00:24,450 TRACE http-nio-8080-exec-3 sailpoint.service.useraccess.UserAccessSearcher:150 - Exiting getMatchMode = ANYWHERE
2021-07-01T18:00:24,450 TRACE http-nio-8080-exec-3 sailpoint.service.useraccess.RoleSearcher:150 - Exiting buildSearchTermFilters = []
2021-07-01T18:00:24,458 TRACE http-nio-8080-exec-3 sailpoint.service.useraccess.RoleSearcher:150 - Exiting addSearchTerms = Filters: Filter [1] == (type == "it" &&  (ALL ROLES)
Filter [2] == !(type == "business")
Filter [3] == !(type == "it")
Filter [4] == !(type == "birthright")
, Scope extensions: none defined,scope results [null],unscoped globally accessible [null],Ordering ==[displayableName ascending],Group by == [],Query [null],ResultLimit [0],First Row [0],Distinct [false],Cache results [false],Flush before query [false]
2021-07-01T18:00:24,459 TRACE http-nio-8080-exec-3 sailpoint.service.useraccess.UserAccessSearcher:138 - Entering getSearchOptions()
2021-07-01T18:00:24,460 TRACE http-nio-8080-exec-3 sailpoint.service.useraccess.UserAccessSearcher:150 - Exiting getSearchOptions = sailpoint.service.useraccess.UserAccessSearchOptions@103ccf14
2021-07-01T18:00:24,461 TRACE http-nio-8080-exec-3 sailpoint.service.useraccess.UserAccessSearchOptions:138 - Entering getMaxResultCount()
2021-07-01T18:00:24,462 TRACE http-nio-8080-exec-3 sailpoint.service.useraccess.UserAccessSearchOptions:150 - Exiting getMaxResultCount = 100
2021-07-01T18:00:24,468 TRACE http-nio-8080-exec-3 sailpoint.service.useraccess.UserAccessSearcher:138 - Entering getCount(clazz = class sailpoint.object.Bundle, ops = Filters: Filter [1] == (type == "it" && (ALL ROLES)
Filter [2] == !(type == "business")
Filter [3] == !(type == "it")
Filter [4] == !(type == "birthright")
, Scope extensions: none defined,scope results [null],unscoped globally accessible [null],Ordering ==[displayableName ascending],Group by == [],Query [null],ResultLimit [0],First Row [0],Distinct [false],Cache results [false],Flush before query [false])
2021-07-01T18:00:24,531 TRACE http-nio-8080-exec-3 sailpoint.service.useraccess.UserAccessSearcher:156 - Throwing getCount - sailpoint.tools.GeneralException: StackOverflowError
2021-07-01T18:00:24,531 TRACE http-nio-8080-exec-3 sailpoint.service.useraccess.UserAccessSearcher:156 - Throwing getHibernateResults - sailpoint.tools.GeneralException: StackOverflowError
2021-07-01T18:00:24,532 TRACE http-nio-8080-exec-3 sailpoint.service.useraccess.RoleSearcher:156 - Throwing getPermittedRoles - sailpoint.tools.GeneralException: StackOverflowError
2021-07-01T18:00:24,532 TRACE http-nio-8080-exec-3 sailpoint.service.useraccess.RoleSearcher:156 - Throwing getPermittedRoles - sailpoint.tools.GeneralException: StackOverflowError
2021-07-01T18:00:24,532 TRACE http-nio-8080-exec-3 sailpoint.service.useraccess.RoleSearcher:156 - Throwing searchKeyword - sailpoint.tools.GeneralException: StackOverflowError
2021-07-01T18:00:24,532 TRACE http-nio-8080-exec-3 sailpoint.service.useraccess.UserAccessSearcher:156 - Throwing search - sailpoint.tools.GeneralException: StackOverflowError
2021-07-01T18:00:24,533 TRACE http-nio-8080-exec-3 sailpoint.service.useraccess.UserAccessService:156 - Throwing search - sailpoint.tools.GeneralException: StackOverflowError
2021-07-01T18:00:24,582 ERROR http-nio-8080-exec-3 rest.ui.jaxrs.GeneralExceptionMapper:29 - Uncaught JAX-RS exception.
sailpoint.tools.GeneralException: StackOverflowError
        at sailpoint.persistence.HibernatePersistenceManager.countObjects(HibernatePersistenceManager.java:2743) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.persistence.ClassPersistenceManager.countObjects(ClassPersistenceManager.java:358) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.server.InternalContext.countObjects(InternalContext.java:902) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.service.useraccess.UserAccessSearcher.getCount(UserAccessSearcher.java:599) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.service.useraccess.UserAccessSearcher.getHibernateResults(UserAccessSearcher.java:443) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.service.useraccess.RoleSearcher.getPermittedRoles(RoleSearcher.java:541) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.service.useraccess.RoleSearcher.getPermittedRoles(RoleSearcher.java:481) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.service.useraccess.RoleSearcher.searchKeyword(RoleSearcher.java:187) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.service.useraccess.UserAccessSearcher.search(UserAccessSearcher.java:218) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.service.useraccess.UserAccessService.search(UserAccessService.java:90) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.rest.UserAccessUtil.getResults(UserAccessUtil.java:228) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.rest.ui.requestaccess.BaseAccessItemListResource.getAccessItems(BaseAccessItemListResource.java:58) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sailpoint.rest.ui.requestaccess.AccessItemListResource.getAccessItems(AccessItemListResource.java:72) ~[identityiq.jar:8.1 Build 573234b5be3-20201216-122000]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_192]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_192]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_192]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192]

Hey @LewisSPoint1 we noticed that the result limit is not set in the query → ResultLimit [0]
even though it looks like it should be set to 100 → Exiting getMaxResultCount = 100

What is the memory (both host and JVM) on the server that you are doing the actions on, and what is the total role count for the different role types?

Thank you for your response, guess that “getMaxResultCount = 100” is the problem.

I am doing the actions in my local machine (6 Gb).
I don’t know how to know what is the total role count for the different role types.
I have 462 ITRoles that want to add to a BSRole with the filter of “localEntity= X”.

Hey @LewisSPoint1,

I do not think that total role count of 462 would be the issue. I say this because we have customers that run with total role numbers much larger than this. Because the underlying issue here might be specific to your environment, let’s try opening a support ticket at support.sailpoint.com as a next step for further investigation. If you do get an answer from support, we would love to see it shared in this thread.