Extra task in IDM in Audited state for Access requests submitted via Identity Portal

book

Article ID: 140275

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Portal CA Identity Suite

Issue/Introduction

An Access Request in Identity Portal, which is used to add a Provisioning Role to a user, and for which the Modify User task configured in IP is set to "directChange", is resulting in two tasks being created in Identity Manager, while only one task is seen in Identity Portal.  One of the Identity Manager tasks is processed normally, but the other is in Audited state and does not show any attributes or other changes to the user.

Cause

When the IP task is set to "directChange", there will be one audited and one processed task created in IDM.  The reason for this is that IP communicates with IDM using RESTful web services. The moment we search for the user, the task (e.g. modify user) will start and is moved to the audit state.  After modifying the user and submitting the task a new task session is getting generated and moved to completed/in-progress (depending on workflow).

So the first task which got created while searching the user will be left in the audit state. Hence VST will show both the audit state task session and the completed/in-progress state task session.  REST is stateless, so we do not maintain the task session-id which got created while searching the user for modification in further REST calls.

This doesn't occur when tasks are submitted directly in IDM because REST is not involved and we are able to reuse the task session.  In IDM, the moment we search for the user, the task (modify user) will start and is moved to the audit state.  After modifying the user and submitting the task then IDM uses the previous task session and the state moves from audit to completed/in-progress (depending on workflow).  So VST will not show an extra record as the same task session is updated to completed/in-progress states.

Environment

Release : 14.3

Component : IdentityMinder(Identity Manager)

Resolution

Removing the extra audited task requires an enhancement to product design, which is being considered for a future release.