Receiving error when attempting to login to Identity Manager using a System Manager account. Getting java.lang.StackOverflowError exception in log file.
Article ID: 48964
Updated On:
Products
Issue/Introduction
Description:
A StackOverflowError exception can happen when a recursion situation arises when evaluating the role memberships upon authentication. See the exception trace:
java.lang.StackOverflowError at java.util.regex.Pattern$GroupHead.match(Pattern.java:4168) at java.util.regex.Pattern$Loop.match(Pattern.java:4295) at java.util.regex.Pattern$GroupTail.match(Pattern.java:4227) at java.util.regex.Pattern$BranchConn.match(Pattern.java:4078) at java.util.regex.Pattern$CharProperty.match(Pattern.java:3345) at java.util.regex.Pattern$Branch.match(Pattern.java:4114) at java.util.regex.Pattern$GroupHead.match(Pattern.java:4168) at java.util.regex.Pattern$Loop.match(Pattern.java:4295) at java.util.regex.Pattern$GroupTail.match(Pattern.java:4227) at java.util.regex.Pattern$BranchConn.match(Pattern.java:4078) at
Solution:
When a System Manager administrator is trying to modify the System Manager admin role definition you should be careful not to create a recursion. This can happen when a membership of the System Manager admin role is based on the 'System Manager' role itself. This will cause a recursion when evaluating the memberships. For instance see the xml excerpt below that shows a membership policy of the System Manager role which is based on System Manager role.
<MemberPolicy> <imsrule:MemberRule><RoleMember><AdminRole name="System Manager"/></RoleMember></imsrule:MemberRule> </MemberPolicy>
This kind of situation should not be allowed for any admin role where none should be based on itself.
When happening it will cause the above exception trace and prevent the authentication due to the evaluation problem during authentication. If this happens you should export your IME roles and tasks xml file, edit it to remove this recursion condition and reimport.
Environment
Component:
Feedback
