Symantec IGA

  • 1.  PX policies conflicting with Partially Completed state

    Posted Jul 11, 2018 05:06 AM

    Hi,

     

    We have different PX policies firing on various events in CA IDM, where we initiate different tasks e.g. after completion of ModifyUserEvent, ResetPasswordEvent and similar.

     

    After upgrading to latest version 14.2, then we are facing a significant issue with our business processes since a lot of tasks end up in state 'partially completed' because of Offline endpoints. In this case, then the task will never end up in completed state and thus the PX policy won't ever trigger. 

     

    Anyone with any experience in this matter that has succeeded in making this work ?? 

     

    Br,

    Michael



  • 2.  Re: PX policies conflicting with Partially Completed state

    Posted Jul 11, 2018 05:58 AM

    Michael  - just curious was this working in previous version?  What version where you previously on?



  • 3.  Re: PX policies conflicting with Partially Completed state

    Posted Jul 11, 2018 06:06 AM

    It was working really well in both 12.6.4 and 14.1, which we recently have been upgrading from. 

     

    I think the major difference is the handling of Offline Endpoints, which has been changed in recent versions. Previously we ended up with an event failing (and thus completing), when an endpoint was offline. Now we enter this partially completed state, because CA IDM will leave the task 'Waiting for resubmission' for the offline endpoints, that it fails to communicate with. 

     

    This means that the events will never complete - and our policies will then not fire. 



  • 4.  Re: PX policies conflicting with Partially Completed state

    Broadcom Employee
    Posted Jul 11, 2018 08:59 AM

    Michael,

    This seems like something we best deal with a support case.

    Let me open one for you and we can continue there.



  • 5.  Re: PX policies conflicting with Partially Completed state

    Broadcom Employee
    Posted Jul 11, 2018 09:06 AM

    There is already a case dealing with this use case - 01136675 / Catching state of 'Partially Completed Tasks' in Identity Manager. Michael was asked to raise this as a query in the communities, in parallel.



  • 6.  Re: PX policies conflicting with Partially Completed state

    Posted Jul 12, 2018 11:44 AM

    Michael,

     

    If possible, would recommend enabling the below process to document the business logic data flow from PX rules.

     

    Smart Debugging: Update JBOSS/Wildfly Log4j without restart for Identity Suite (and vApp) 

     

    This specialized log4j appender will have selected loggers that will assist with RCA with the PX Rule order and values being populated.

     

    Would deploy process on the prior and newer system, to have a 1 to 1 compare operation, that the data flow match.

     

     

    -Alan