Logiplex provisioning not working in v8.3, it works with v8.3p4

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Which IIQ version are you inquiring about?

8.3 vs 8.3p4
LogiPlex version: 2023.04.17.0001

We have deployed a LogiPlex application in our test and acceptance environment using the SSB. So the configuration in both environments is the same. However when testing the provisioning to a LogiPlexed application in the acceptance environment we get a NullPointException. In the test environment provisioning is working.

The NullPointerException error occurs only when there is an account in the master application but none in the multiplexed application. The initial provisioning plan is a create on the multiplexed application and this should be converted by LogiPlex to a modify for the LogiPlex master application.

Logging from the test environment (IIQ v8.3p4) from the LogiPlex Provision function:

services.standard.connector.LogiPlexConnector:2475 - Dumping Provisioning Plan details  : <?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE ProvisioningPlan PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<ProvisioningPlan nativeIdentity="xxx" targetIntegration="LogiPlex Master Application" trackingId="4476c48642ef4dc99622a3f37b31862e">
  <AccountRequest application="LogiPlex Master Application" nativeIdentity="CN=test-remold,OU=User,DC=domain,DC=com" op="Modify">
    <AttributeRequest name="memberOf" op="Add" value="CN=entitlement,OU=Groups,DC=domain,DC=com"/>
  </AccountRequest>
  <Attributes>
    <Map>
      <entry key="identityRequestId" value="0000000027"/>
      <entry key="requester" value="spadmin"/>
      <entry key="source" value="LCM"/>
    </Map>
  </Attributes>
</ProvisioningPlan>

From the acceptance environment (IIQ v8.3):

services.standard.connector.LogiPlexConnector:2475 - Dumping Provisioning Plan details  : <?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE ProvisioningPlan PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<ProvisioningPlan nativeIdentity="xxx" targetIntegration="LogiPlex Master Application" trackingId="c748c3e1c9a64581ac05dfa361d5b356">
  <AccountRequest application="LogiPlexed Application" op="Create">
    <AttributeRequest name="memberOf" op="Add" value="CN=entitlement,OU=Groups,DC=domain,DC=com"/>
  </AccountRequest>
  <Attributes>
    <Map>
      <entry key="identityRequestId" value="0000000043"/>
      <entry key="requester" value="remold-admin"/>
      <entry key="source" value="LCM"/>
    </Map>
  </Attributes>
</ProvisioningPlan>

It looks like LogiPlex is not changing the request to the Master and the biggest difference I see if a missing nativeIdentity in acceptance.

Does anyone has seen the same error and might this be related to the IIQ version difference or is there a misconfiguration is acceptance that I missed?

– Remold

1 Like
2

@Remold i believe you have downloaded latest version from below url:
https://community.sailpoint.com/t5/Professional-Services/PSLabs-LogiPlex-Connector/ta-p/172304
yes , some time connector behavior weird, so there is couple of point:-

  1. ootb logiplex connector will only work for Dn value as native Identity if you are using objectguid then u need to write custom logiplex provisioning rule
  2. “useGetObject” u can set false so it will not check in target and will not run aggregation before provisioning some time this variable help us to resolve the error
  3. some time below 2 variable help us to resolve
  • logiPlexUseGetObject with value true.
  • logiPlexReAggregateDelay with a value like 3 or 5 (seconds).
  1. if none of these working then use provisioning rule for logiplex check there plan and do modification as per your need

Note : I have used in 8.3 and 8.4 it is working yes some issue observe which resolve with above configuration

3

After upgrading the acceptance environment to 8.3p4 it is working as expected.
We have not found the root-cause for this issue as the patch-upgrade was already planned.

Thanks @mkumariaas for your pointers, I will surely take the into account next time we see unexpected behaviour of logiplex applications.

– Remold

4

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.