Issue:
We're reviewing the XPSSweeper report, we've been reviewing the
objects appearing as duplicated with IDM, as all of them are used
when integrating IDM with SSO. These objects seem to be properties of
a User Directory (Container, paging, stickiness, etc), which are
related to a UD. When IDM is integrated with SSO, creating a User
Directory in IM creates a matching User Directory in SM Policy Server
too.
There are object that are duplicated :
[1]
Object ID: CA.SM::IMSAdditionalProperties@21-de3b50b1-83ad-46fc-82d2-7d1afb355cd7
Object Name: DIRECTORY_SERVER_STICKINESS
Object Path: IMSAdditionalPropertiesSet[32-377cc592-1ad6-4be4-8684-22bde8de8285] / IMSAdditionalProperties[DIRECTORY_SERVER_STICKINESS]
Object Description:
[2]
Object ID: CA.SM::IMSAdditionalProperties@21-4f5b061e-68a5-40ce-b8b2-deed410d61d9
Object Name: DIRECTORY_SERVER_STICKINESS
Object Path: IMSAdditionalPropertiesSet[32-aa27a1b1-0f4c-4120-aa5d-df239eb8f212] / IMSAdditionalProperties[DIRECTORY_SERVER_STICKINESS]
Object Description:
How can we solve this ?
.
Resolution:
You should then verify if these are all referring to the same User
Directory object (as we should only have one of each then), or if
these are old “orphan” directory objects in the Policy Store.
You should verify if these objects pertain to an existing User
Directory, and remove the duplicated objects accordingly. For this you
can use the XPSExplorer tool, and check the current IDM User
Directories to see if they are orphan or duplicated and can be
deleted, which can be done from the XPSExplorer tool itself.
This should be solved by renaming the affected objects but we should
need to confirm with IDM team if this can be done, even if it is done
only for the upgrade process and later corrected. So, for example,
renaming the following:
Object ID:
CA.SM::IMSAdditionalProperties@21-de3b50b1-83ad-46fc-82d2-7d1afb355cd7
Object Name: DIRECTORY_SERVER_STICKINESS to: Object ID:
CA.SM::IMSAdditionalProperties@21-de3b50b1-83ad-46fc-82d2-7d1afb355cd7
Object Name: DIRECTORY_SERVER_STICKINESS-InternalApp And the same with
the other 8 duplicities found.
This would solve the issue on CA Single Sing-On side, but as mentioned we need to
confirm first if this could break any functionality on IDM, and if no,
you can rename them and proceed.
KB : KB000099528