ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Global Policy Based Workflow for Events Modification Failure

book

Article ID: 20556

calendar_today

Updated On:

Products

DIRECTORY CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On SINGLE SIGN ON - LEGACY CA Data Protection (DataMinder) CA User Activity Reporting

Issue/Introduction

Description:

Modifying the Global Policy Based Workflow for Events Fails with:

<Please see attached file for image>

Figure 1

Example Use Case:

  • Log into the Identity Minder User Console and Modify the 'Resolver Parameter Name' and 'Value' of the 'Global Policy Based Workflow For Events' Configuration (under System>Global Policy Based Workflow For Events).

  • The error is thrown when Secondary User Objects are added to the Work Flow configuration policy and the change is submitted.

Configuration Example:

<Please see attached file for image>

Figure 2

  • Submitting the Task to complete the Modification throws the following error:

    <Please see attached file for image>

    Figure 3

Details:

The problem itself is a JBoss configuration problem.

The issue is caused by adding the Java command-line option: XX:+AggressiveOpts to the JAVA_OPTS environment variable in the JBOSS_HOME/bin/run.sh file.

This is an experimental Java command-line option that is NOT supported by Identity Minder.

The above command line option is added to the following line in the section of the run.sh file that is modified by Identity Minder:

JAVA_OPTS="$IDM_OPTS -Djava.security.policy=workpoint_client.policy -Xms256m
-Xmx1024m -XX:MaxPermSize=256m -XX:ReservedCodeCacheSize=50m"

The above line is how the JAVA_OPTS would be set in the script that is added to the JBoss run.sh file (note the above line is without the addition of the XX:+AggressiveOpts option).

The JBoss boot.Log will show proof of using the Java command-line XX:+AggressiveOpts option.
The Identity Minder run.sh script is initiated during the JBoss startup and updates the Identity Minder log with the JAVA_OPTS value, along with other JBoss startup information.

Logging example showing that the XX:+AggressiveOpts option is being used:

INFO [ServerInfo] -Dprogram.name=default -Djava.security.policy=.\workpoint_client.policy -Xms256m -Xmx1024m -XX:MaxPermSize=256m -XX:+AggressiveOpts -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:ReservedCodeCacheSize=50m -Djava.endorsed.dirs=C:\jboss-5.1.0.GA\lib\endorsed

Solution:

To Resolve this issue:

Update the JBOSS_HOME/bin/run.sh file to no longer include XX:+AggressiveOpts in the JAVA_OPTS value.

  1. Stop JBoss

  2. Edit the run.sh file to no longer include the XX:+AggressiveOpts option

  3. Restart JBoss

  4. Verify that the problem no longer occurs

Environment

Release:
Component: IDMGR

Attachments

1558703671109000020556_sktwi1f5rjvs16q9t.gif get_app
1558703669352000020556_sktwi1f5rjvs16q9s.gif get_app
1558703660642000020556_sktwi1f5rjvs16q9r.gif get_app