We note the following errors in our Identity Manager IMServer logs.

We are not seeing any specific impact on the product, but would like to understand these ERROR messages in the log file, for example:

2020-10-20 11:30:37,608 ERROR [ims.audit] (Thread-87184 (HornetQ-client-global-threads-794980076)) Exception caught during writing to table imsAuditObjectRelationship12: null
2020-10-20 11:30:37,608 ERROR [ims.audit] (Thread-87184 (HornetQ-client-global-threads-794980076)) Auditing failed with exception [ null ]
2020-10-20 11:30:37,608 ERROR [ims.audit] (Thread-87184 (HornetQ-client-global-threads-794980076)) Audited records are ROLLEDBACK
2020-10-20 11:30:37,608 ERROR [ims.default] (Thread-87184 (HornetQ-client-global-threads-794980076)) Exception received while writing audit Data: "null"

Release : 14.4, 14.5

Component : Identity Manager

This is due to an Auditing Feature which a majority of our customers aren't using.  The Identity Manager's audit in intended to be used capture authentication events such as login or logout. More often our clients use SiteMinder as the authentication gateway and if at all then the auditing would be performed by SSO.

This is possible via Identity Manager's auditing configuration. Export the auditing xml file (enviroments -> IME -> advanced settings -> audit -> export), then edit accordingly and import back (and start the IME again).

However these events will cause NULL problems in the app server log and will not audit correctly and 'cannot insert null value' errors will appear in the logs:

SQL: 
ERROR [ims.audit] (http-xxxxx) Exception inserting into imsAuditEvent12: Event: Login message: Cannot insert the value NULL into column 'admin_dn', table 'IMPRODAUDIT.dbo.imsAuditEvent12'; column  does not allow nulls. INSERT fails.
ERROR [ims.audit] (http-xxxxx) Auditing  failed with exception [ Cannot insert the value NULL into column 'admin_dn', table  IMPRODAUDIT.dbo.imsAuditEvent12'; column does not allow nulls. INSERT fails. ]
ERROR [ims.audit] (http-xxxxx) Audited records are ROLLEDBACK

Oracle:
Exception caught during writing to table imsAuditObjectRelationship12: ORA-01400: cannot insert NULL into ("IDAM"."IMSAUDITOBJECTRELATIONSHIP12"."OBJECT_NAME") server.log:2024-06-18 01:52:21,576
ERROR [ims.audit] (Thread-19 (ActiveMQ-client-global-threads)) Auditing failed with exception [ ORA-01400: cannot insert NULL into ("IDAM"."IMSAUDITOBJECTRELATIONSHIP12"."OBJECT_NAME") server.log:2024-06-18 01:52:21,578
ERROR [ims.default] (Thread-19 (ActiveMQ-client-global-threads)) Exception received while writing audit Data: "ORA-01400: cannot insert NULL into ("IDAM"."IMSAUDITOBJECTRELATIONSHIP12"."OBJECT_NAME") 

This is happening due to that the 'admin_dn' column is defined not to accept NULL characters. However, the Login/Logout events have no administrator associated with them since only the authenticating user is involved and so the admin_dn is actually Null and therefore the audit db table throws the above exception.

In order to fix that you will need to change the definition of the 'admin_dn' column in the 'imsAuditEvent12' table and allow it to accept NULL characters. The easiest way to get this done would be to use the two provided scripts under: \CA\Identity Manager\IAM Suite\Identity Manager\tools\db\auditing\<YOUR DB TYPE>

SQL:
- ims_mssql_audit_delete.sql should be run first and will delete the entire audit database.

- ims_mssql_audit.sql should run afterwards and will recreate the DB.

Oracle:

- ims_Oracle_audit_delete.sql should be run first and will delete the entire audit database.

- ims_Oracle_audit.sql should run afterwards and will recreate the DB.

However, before running this second one, please make a copy of it, look for: CREATE TABLE [imsAuditEvent12] this will take you to the place where the table definition is. Then, one of

the columns is admin_dn. You should edit that line of this admin_dn to be:

[admin_dn] [nvarchar] (512) NULL ,

Instead of:

[admin_dn] [nvarchar] (512) NOT NULL ,

This change is what will allow this column to accept nulls. 

Save the script file and run it.

At this point the auditing errors should be cleared from the logs.