Null Value on Attribute Request

bruno-co · August 11, 2025, 1:34pm

Which IIQ version are you inquiring about?

8.3

Share all details about your problem, including any error messages you may have received.

Hi everyone,

I’m working with IIQ v8.3, and I’ve run into a sporadic Null Pointer Exception in the Before Provisioning Rule for an Active Directory integration.

The exception is triggered by this block of code when calling getValue() on the cn attribute:

if (accountRequest.getAttributeRequest("cn") != null) {
    AttributeRequest cn = accountRequest.getAttributeRequest("cn");
    cn.setValue("CN=" + cn.getValue()));
    cn.setName("AC_NewName");
    isPlanUpdated = true;
}

From the logs, I found a Provisioning Plan that includes multiple AttributeRequests without values. One of them is cn, which causes the Null Pointer Exception.

My question is what could be the origin of a Provisioning Plan that includes AttributeRequests with null values—specifically for cn and distinguishedName?

Is there a recommended way to prevent such plans from being generated in the first place, rather than just adding a null check in the rule?

Any insights into how these empty AttributeRequests might be introduced—or best practices for handling them—would be greatly appreciated.

Thanks in advance!

shirbhatea · August 11, 2025, 1:47pm

check your provision policy for this application and look at the value setting. You should populate all the values there itself for these attributes.

vnagubathula · August 11, 2025, 1:55pm

Check the provision policies you defined on the application. There might be the CN is getting null value.

bruno-co · August 12, 2025, 4:19pm

In our Provisioning Policy, the only scenario where attributes like givenName and sn return null is when the identity itself lacks the corresponding basic attributes.

For example:

case "givenName": {
    if (Util.isNullOrEmpty(identity.firstname))
        return null;

    return capitalize(identity.firstname);
}
break;

case "sn": {
    if (Util.isNullOrEmpty(identity.lastname))
        return null;

    return identity.lastname.toUpperCase();
}
break;

So unless the identity is missing both firstname and lastname, these attributes should never be null in the provisioning plan.

Could this be due to a timing issue—like the provisioning plan being generated before the identity is fully aggregated or updated?

Would it make sense to check the identity refresh or aggregation process to ensure those attributes are populated before provisioning kicks in?

Topic		Replies	Views
IIQ 8.4 JDBC Connector, null value for the Identity Attribute during Creation (Joiner) IIQ Discussion and Questions identityiq , provisioning , jdbc-connector	4	767	March 8, 2024
JDBC Provisioning Rule showing NULL values for Roles/Entitlements ISC Discussion and Questions rules , identity-security-cloud , provisioning , entitlements , jdbc-connector	7	974	May 20, 2024
AD provisioning fail IIQ Discussion and Questions identityiq , provisioning	14	534	June 30, 2024
Unable to set attribute value in Before Provisioning rule IIQ Discussion and Questions rules , identityiq , provisioning	3	1128	June 29, 2023
Strange post-provisioning behavior in IIQ wipes out Identity attributes IIQ Community Knowledge Base identityiq	6	327	June 25, 2025

Null Value on Attribute Request

Which IIQ version are you inquiring about?

Share all details about your problem, including any error messages you may have received.

Related topics