Identity Manager

Attestation not working ver 8.0

Hi Experts,

Attestation for Custom target system was working good, suddenly it's stopped working.

When I attest a single object from manager, No DecissionRequired is not  getting triggered and triggers the abort request.

Says no approver found. I have given recipient manager's approval and the manager is already assigned.

Any pointers.

Thanks,

Aad

  • Hi All,

    There are some open cases in forum, not sure is it a know issue.

    www.quest.com/.../user-recertification-auto-aborted-by-system

    www.quest.com/.../user-recertification-failing

    I tried after full compilation and clearing the cache, still same.

    Please advice

    Regards,
    AAD
  • The links you have provided have different reasons and there is no known issue.

    But allow me to ask if you can provide more details around your approval workflow and what you mean with nodecision required?
  • Hi Markus,

    Below is approval workflow for my attestation process, which was working till couple of days back. I haven't done any change in my attestation process after that. 

    I mean to say after the test attestation case "DecisionRequired" event is not triggering instead of "Abort" is triggered. I have given logs for the scenario's.

    System entitlement attestation log(Not Working):

    2018-05-17 10:54:59 +04:00 - \ADIDMTDBSRV01 - Process step parameter 1F490E33-7899-43AC-8682-EF9F74B6E6ED: [Job] ComponentAssembly=HandleObjectComponent ComponentClass=VI.JobService.JobComponents.HandleObjectComponent Task=CallMethod Executiontype=INTERNAL [Parameters] ConnectionProvider=VI.DB.ViSqlFactory,VI.DB ConnectionString=Hidden MethodName=Abort objecttype=AttestationCase param1=#LDS#Automatic system approval: No approver available.| ProcID=07ac267b-3765-43f2-9757-04e71d2a6473 Save=True WhereClause=(UID_AttestationCase = 'b60f4e7d-a300-4848-9402-7311d43764cc') and ( IsClosed = 0 ) 2018-05-17 10:54:59 +04:00 - Info: Loading configuration parameters...
    2018-05-17 10:54:59 +04:00 - Warning: AttestationCase: Event Aborted is not defined.
    2018-05-17 10:54:59 +04:00 - Info: Last process step request succeeded.
    2018-05-17 10:54:59 +04:00 - \ADIDMTDBSRV01 - VI.JobService.JobComponents.HandleObjectComponent - 1F490E33-7899-43AC-8682-EF9F74B6E6ED: Successful Method Abort was called for 1 object(s) of type AttestationCase.

     

    system role attestation log (Working):

    2018-05-17 11:05:29 +04:00 - \ADIDMTDBSRV01 - Process step parameter FD5B5BDB-C5B0-4A07-A4A5-E6665A05D7BB: [Job] ComponentAssembly=HandleObjectComponent ComponentClass=VI.JobService.JobComponents.HandleObjectComponent Task=FireGenEvent Executiontype=INTERNAL [Parameters] ConnectionProvider=VI.DB.ViSqlFactory,VI.DB ConnectionString=Hidden EventName=DecisionRequired objecttype=AttestationHelper ProcID=2598bf4d-4679-4d8b-8598-f56c1bfd3e46 WhereClause=XObjectKey in ('<Key><T>AttestationHelper</T><P>5FA09521-2EEB-4374-89F0-73659CBE6386</P></Key>') 2018-05-17 11:05:29 +04:00 - Info: Last process step request succeeded.
    2018-05-17 11:05:29 +04:00 - Info: Loading configuration parameters...
    2018-05-17 11:05:29 +04:00 - \ADIDMTDBSRV01 - VI.JobService.JobComponents.HandleObjectComponent - FD5B5BDB-C5B0-4A07-A4A5-E6665A05D7BB: Successful The event DecisionRequired was triggered for 1 object(s) of type AttestationHelper.

    Thanks,

    AAD

  • The system aborts the System entitlement attestation because it cannot determine an approver for one of your approval steps. So if something has changed, it might be your data in the database that will be used to determine the approver (no configuration change but a change of content data like role owners etc).

    My suggestion is, check your approval workflow and check if the condition to identify an approver is still satisfied for the attestation that fails.
  • Hi Markus,

    The data seems to be perfect, I queried the DB also.
    And this is not failing for 1 user for all the users having the custom target system.
    Totally I have 5 custom target system, all the attestation policy uses the same approval policy and everything fails.

    regards,
    AAD