Renaming application name, with issue in identity.attributeAssignments.appicationName

Which IIQ version are you inquiring about?

Version 8.3

Share all details related to your problem, including any error messages you may have received.

We renamed an application “AppNameOld” to “AppNameNew”, and now we get many warnings and errors during some IIQ tasks.
Please note: The runnings tasks/applications does “not” interact with the renamed application.

After renaming, the application is correct renamed in some XMLs.
But in an Identity.XML, in attributeAssignments (maybe also in other identity-attributes), the application is NOT renamed.
The issues is here, some “internal” IIQ implementations try to resolve the application based on “applicationName” and not on given “applicationId”.
Depending on this behavior comes complete unspecific warnings and errors during executions of complete other rules/applications, wich does not interact with this element.
(For example triggered during common identity refresh task.)

• Is this an IIQ bug?
• How we can fix this data issue with a custom rule, wich runs manually only one times per application renaming?
  A small peace of code would be very helpful.
  (We know the old name, and could set to correct value. We do not know the id, wich is different on different stages.)

  <Identity ...>
    <Preferences>
      <Map>
        <entry key="attributeAssignments">
          <value>
            <List>
              <AttributeAssignment 

                      applicationId="0a04b97580cd17548180d1db49df09bf" 
                      applicationName="AppNameOld"

                      assignmentId="d5568a314a9141948f49bb24a478d7eb" 
                      name="ABCDE" 
                      nativeIdentity="123456" 
                      source="LCM" 
                      type="Entitlement" 
                      value="ABCDE"/>
            </List>
          </value>
        </entry>
      </Map>
    </Preferences>
  </Identity>

Renaming application name, with issue in identity.attributeAssignments

I was able with a bit copy past of other threads to fix my naming issue.
But the first question: If this is a IIQ bug is still relevant.

With the following code, i need to load all identities.
How can i use a filter for attributeAssignments.applicationName, the following filter line is not working as hoping
Filter.eq(“attributeAssignments.applicationName”,“AppNameOld”);

Fixing script

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import sailpoint.api.SailPointContext;

import java.util.Iterator;
import java.util.List;

import sailpoint.object.*;
import sailpoint.tools.GeneralException;

Log LOGGER = LogFactory.getLog("custom.namespace.rulename");

Iterator it = context.search(Identity.class, null);
int i = 0;
while (it.hasNext()) {
	Identity identity = it.next();
	LOGGER.debug("Check identity: " + identity.getName());
	List attributes = identity.getAttributeAssignments();
	if(attributes == null){
		continue;
	}
	boolean found = false;
	for(AttributeAssignment att : attributes) {
		if(att.getApplicationName().equalsIgnoreCase("AppNameOld")){
			i++;
			LOGGER.info("FINDING: " + identity.getName());
			att.setApplicationName("AppNameNew");
			found = true;
		}
	}
	if(found) {
		context.saveObject(identity);
	}
}

LOGGER.info("FINDING COUNT: " + i);
context.commitTransaction();
sailpoint.tools.Util.flushIterator(it);

Hi @chriskk,
You can rename the application using iiq console command. Please find the attached command from iiq console 8.4 documentation.

iiq console rename of the object1170×449 116 KB

The bad news is that the rename command doesn’t affect auxiliary objects. All it does is sets the name. Your rule is probably the best option.

You’re not going to be able to query attributeAssignments.applicationName like that, unfortunately. In the database, those values are buried in XML strings under PREFERENCES. The best you can do is Filter.like("preferences", "AppNameOld", Filter.MatchMode.ANYWHERE). This will translate to a CLOB / TEXT contains query, which will be very, very slow, but ought to work.

(You can use my Query Plugin to test your queries, if needed.)

If you have fewer than 50-100k identities, it’ll probably just be faster to loop over all of them than to try to figure out how to write a query to limit your loop.

I’d also recommend using the IncrementalObjectIterator for your loop, to avoid having a whole bunch of uncommitted Identity objects in your Hibernate cache.

You may also want to check spt_audit_events, to see if there are any “name” references to your application.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.