Identity policy check errors

Hello team,

Could anyone help me with these errors:
1.)
ERROR RefreshWorker 19 sailpoint.task.IdentityRefreshExecutor:1441 - RefreshWorker 19 exception: Error getting BSFManager from pool.
sailpoint.tools.GeneralException: Error getting BSFManager from pool.

2.)
ERROR RefreshWorker 19 sailpoint.task.IdentityRefreshExecutor:1441 - RefreshWorker 19 exception: The application script threw an exception: java.lang.NullPointerException: Null Point er in Method Invocation BSF info: APP_check_password_expiration at line: 0 column: columnNo
sailpoint.tools.GeneralException: The application script threw an exception: java.lang.NullPointerException: Null Pointer in Method Invocation BSF info: sigma_check_password_expiration at line: 0 column: co lumnNo

CODE:

import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import org.apache.log4j.Level;
import org.apache.log4j.Logger;

import sailpoint.api.SailPointContext;
import sailpoint.object.EmailOptions;
import sailpoint.object.EmailTemplate;
import sailpoint.object.Identity;
import sailpoint.object.Link;
import sailpoint.object.PolicyViolation;
import sailpoint.tools.EmailException;
import sailpoint.tools.GeneralException;
import sailpoint.tools.Util;
import sailpoint.object.*;
import java.util.*;
import java.io.*;

PolicyViolation v = null;

String idusu = "";
String san = identity.getAttribute("ad_san") != null ? identity.getAttribute("ad_san") : "";
String adm_san = identity.getAttribute("adm_account") != null ? identity.getAttribute("adm_account") : "";
String mailMng = identity.getEmail() != null ? identity.getEmail() : "";
String nombre = identity.getFirstname() + " " + identity.getLastname();
String name_abbr = identity.getAttribute("short_name") != null ? identity.getAttribute("short_name") : "";
String tipo = identity.getAttribute("id_type") != null ? identity.getAttribute("id_type") : "DFT";
String country = identity.getAttribute("country") != null ? identity.getAttribute("country") : "DFT";
String salida = "";
String emailTemplateName = "";
String subject = "";
int exp_days = 0;
boolean evaluarExp = false;

String pwdExpReminderDays = "15,7,3,2,1,0";
String pwdLastSet = null;
String daysTillExpiration = null;
List accountFlags = null;

String numDays = "";

if ((!identity.isInactive()) && (mailMng != null) && (!mailMng.equals(""))) {

  // Modify this string to determine how may days before expiration a notification should be sent to the user

  List aplicaciones = identity.getLinks();

  if (aplicaciones != null) {

    for (Link link: aplicaciones) {
      evaluarExp = false;

      if ((link.getApplicationName().equals("APP - AD")) && (link.getAttribute("pwdLastSet") != true) && (link.getAttribute("pwdLastSet") != null)) {
        log.trace("APP_check_password_expiration:::PwsLastSet AD Account: " + link.getAttribute("pwdLastSet"));
        pwdLastSet = link.getAttribute("pwdLastSet").toString();
        accountFlags = Util.asList(link.getAttribute("accountFlags"));
        exp_days = 90;
        evaluarExp = true;
        idusu = san;
      } else if ((link.getApplicationName().equals("APP AD - ADM Accounts")) && (link.getAttribute("pwdLastSet") != true) && (link.getAttribute("pwdLastSet") != null)) {
        log.trace("APP_check_password_expiration:::PwsLastSet ADM: " + link.getAttribute("pwdLastSet"));
        pwdLastSet = link.getAttribute("pwdLastSet").toString();
        accountFlags = Util.asList(link.getAttribute("accountFlags"));
        exp_days = 60;
        evaluarExp = true;
        idusu = adm_san;
      }

      if (evaluarExp) {

        if (Util.nullSafeContains(accountFlags, "Normal User Account") && !Util.nullSafeContains(accountFlags, "User Account is Disabled") && !Util.nullSafeContains(accountFlags, "Password Not Required") && !Util.nullSafeContains(accountFlags, "Password Cannot Expire")) {
          if ((Util.isNotNullOrEmpty(pwdLastSet)) && (!pwdLastSet.equals("0")) && (!pwdLastSet.equals("-1")) && (!pwdLastSet.equals("false"))) {
			  
            Date pwdAge = new Date(((Long.parseLong(pwdLastSet) - 0x19db1ded53e8000 L) / 10000 L));
            Calendar cal = new GregorianCalendar();
            cal.setTime(pwdAge);
            cal.add(Calendar.DAY_OF_YEAR, exp_days); // look up actual value or pass into rule
            int daysDiff = Util.getDaysDifference(cal.getTime(), new Date());
            numDays = Integer.toString(daysDiff);

            if (Util.nullSafeContains(pwdExpReminderDays, numDays)) {

              subject = (String) getValueFromMap(country, getCustomMap("Custom-APP-pwdexp-reminder", "SUBJECT", context));

              if (tipo.equalsIgnoreCase("INTERNAL")) {
                emailTemplateName = (String) getValueFromMap(country, getCustomMap("Custom-APP-pwdexp-reminder", "INT-TEMPLATE", context));
                if (country.equalsIgnoreCase("PT")) {
                  nombre = name_abbr;
                }
              } else {
                emailTemplateName = (String) getValueFromMap(country, getCustomMap("Custom-APP-pwdexp-reminder", "EXT-TEMPLATE", context));
              }

              Map emailArgsMap = new HashMap();
              emailArgsMap.put("name", nombre);
              emailArgsMap.put("account", idusu);
              emailArgsMap.put("days", numDays);

              try {

                sendMail(context, emailTemplateName, subject, mailMng, null, null, null, emailArgsMap);
              } catch (GeneralException e) {
                log.error("APP_check_password_expiration::Error during send email procedure: " + e);
              } finally {

                createAudit(idusu, "APP - Password Exp Reminder", "APP Reminder Email Sent - " + numDays, "Email send to - " + mailMng);
              }
            }

          } else {
            log.trace("APP_check_password_expiration::: identity has invalid or empty value in PwdLastSet atributte: " + pwdLastSet);
          }

        } else {
          log.trace("APP_check_password_expiration::: identity not evaluated. flags: " + accountFlags);
        }
      }
    }
  }
} else {
  log.trace("APP_check_password_expiration::: identity is inactive or has not email");
}
log.trace("APP_check_password_expiration::: Exit rule");

return v;

Thank you in advance!

1 Like

1.) Do you see this with every execution or just with some of them. If so, it might be the pool for bsh executions is running out. You can increase this in iiq.properties.

2.) Do you see any of the tracing before the NPE? Iā€™m guessing not. The only thing that could be null is the identity, which would be really strange.
Have you tried listing all the beanshell variables at the top, as described here?
Listing Objects in Namespace at Runtime