Which IIQ version are you inquiring about?
8.4p2
Share all details about your problem, including any error messages you may have received.
On my IdentityIQ instance, I implemented a workflow that is triggered by an custom Identity Trigger (by a rule), evaluated during an Identity Refresh with Process Events configured.
In this workflow, I build a ProvisioningPlan in order to assign a role to the user, and trigger the LCM Provisioning workflow. I ensured that the attribute doRefresh of the LCM Provisioning workflow is set to false.
But when triggering the refresh, an infinite loop starts where the workflow is triggered multiple times for the same user. It seems that the Identity Trigger is always called during the LCM Provisioning workflow.
As a workaround to avoid this infinite loop, and because it seems that the identity is not actually refreshed during the LCM Provisioning workflow (only the IdentityTrigger is triggered), I implemented the following at the beginning of the code of the Identity Trigger.
if(previousIdentity.getLastRefresh().equals(newIdentity.getLastRefresh())) {
return false;
}
This prevents the Identity Trigger from returning true.
However, I have the feeling that I am missing something. How can we prevent the IdentityTrigger to be triggered during the LCM Provisioning workflow?
Hi @arnaudeddywolf do you mind posting your trigger logic?
Below is the logic of the trigger.
if(newIdentity == null) {
return false;
}
if(previousIdentity != null && previousIdentity.getLastRefresh().equals(newIdentity.getLastRefresh())) {
return false;
}
IdentityService is = new IdentityService(context);
Application sourceApplication = context.getObjectByName(Application.class, "sourceApp");
Application targetApplication = context.getObjectByName(Application.class, "targetApp");
List sourceLinks = StreamSupport.stream(is.getLinks(newIdentity, sourceApp).spliterator(), false)
.map(Link::getName)
.toList();
List targetLinks = StreamSupport.stream(is.getLinks(newIdentity, targetApp).spliterator(), false)
.map(Link::getName)
.toList();
for(String sourceLink: sourceLinks) {
if(!targetLinks.contains(sourceLink)) {
return true;
}
}
return false;
The idea is that the workflow will trigger provisioning for links that are missing in the targret application.
When going to the identity cube that has been refreshed, we can see a series of similar event on the user. For one of those event, the “source” is the identity refresh task, but for the other events, the source is “LCM Scheduler”.
Actually we had a similar issue with another identity trigger. This time it was a native change identity trigger, so no custom rule in that case. And the workflow triggered by the trigger also includes LCM provisioning. In that case as well we have the infinite loop triggered.
You can see below an example of the events on the identity cube.
