We are facing problems trying to delete / modify objects (Identity policies) in IM.

The identity policy we were working on, was supposed to be deleted, but when we do the command, IM fails.

Looking at both nodes in the cluster, they were equally missing configurations. Now, we imported it again but the only node in which it is OK is the node we imported, so, the cluster is not replicating this information between the nodes.

When try to view:

2022-05-25 11:50:24,168 ERROR [ims.default] (default task-196) Administrator is NOT authorized to perform task on subject:1

When try to delete:

2022-05-25 11:51:50,174 ERROR [ims.tmt.events] (default task-196) Error sending a message for the event fbb3dc0f-xxxxxxxx-xxxxxxxx-b17c3426
2022-05-25 11:51:50,174 ERROR [ims.tmt.events] (default task-196) java.lang.NullPointerException

It fails after 600 seconds timeout.

Release : 14.4

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

After changing  call-timeout from 5000 to  300000  problem is resolved. It's possible to change it using jboss-cli.sh in Vaap following these following steps.

(Backup your environment just in case before doing these steps)

1) If environment doesn't have jbosscli Management user then perform the below steps to create a Management  user:

config@test-vapp144 VAPP-14.4.0 (10.131.46.152):/opt/CA/wildfly-idm/bin> sudo /opt/CA/wildfly-idm/bin/add-user.sh

What type of user do you wish to add?
 a) Management User (mgmt-users.properties)
 b) Application User (application-users.properties)
(a): a

Enter the details of the new user to add.
Using realm 'ManagementRealm' as discovered from the existing property files.
Username : mgtuser
Password recommendations are listed below. To modify these restrictions edit the add-user.properties configuration file.
 - The password should not be one of the following restricted values {root, admin, administrator}
 - The password should contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1 non-alphanumeric symbol(s)
 - The password should be different from the username
Password :
JBAS015266: Password must have at least 1 digit.
Are you sure you want to use the password entered yes/no? yes
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[  ]:
About to add user 'mark' for realm 'ManagementRealm'
Is this correct yes/no? yes
Added user 'mgtuser' to file '/opt/CA/wildfly-idm/standalone/configuration/mgmt-users.properties'
Added user 'mgtuser' to file '/opt/CA/wildfly-idm/domain/configuration/mgmt-users.properties'
Added user 'mgtuser' with groups  to file '/opt/CA/wildfly-idm/standalone/configuration/mgmt-groups.properties'
Added user 'mgtuser' with groups  to file '/opt/CA/wildfly-idm/domain/configuration/mgmt-groups.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? no

If they have already Management  user then perform the below steps directly.

2) go to the /opt/CA/wildfly-idm/bin location.
3) config@test-vapp144 VAPP-14.4.0 (10.131.46.152):/opt/CA/wildfly-idm/bin > ./jboss-cli.sh
    press enter it, need to type connect as below:
    [disconnected /] connect
    It will ask user name and password which need to provide as created step 1 (if customer has then they can use own), After successful below line will get
    [standalone@localhost:9990 /]

4) use below command to read any attribute form this XML tag  <cluster-connection name="idm-cluster" address="jms" connector-name="http-connector" check-period="1000" connection-ttl="5000" call-timeout="5000" message-load-balancing-type="ON_DEMAND" confirmation-window-size="32000" discovery-group="dg-group1"/> 
e.g. here I am reading call-timeout

[standalone@localhost:9990 /]/subsystem=messaging-activemq/server=default/cluster-connection=idm-cluster:read-attribute(name=call-timeout)

outcome of above command will be :
{
    "outcome" => "success",
    "result" => 5000L
}

5) to change any attribute value use below command, here I am changing call-timeout attribute value.

[standalone@localhost:9990 /] /subsystem=messaging-activemq/server=default/cluster-connection=idm-cluster:write-attribute(name=call-timeout,value=300000)

outcome of above command will be :
{
    "outcome" => "success",
    "response-headers" => {
        "operation-requires-reload" => true,
        "process-state" => "reload-required"
    }
}
6) exit from here and restart the IM using restart_im.