4 Oracle Identity Governance
Known issues and workarounds for Oracle Identity Governance include general issues and issues related to multi-language support.
Topics
Note:
See What's New in Oracle Identity Governance for information about new features in this release of Oracle Identity Governance.
4.1 General Issues and Workarounds
This section describes the general issues and workarounds in this release of Oracle Identity Governance.
4.1.1 The Request for Others Option is Available for All Users
Issue
When you click the Request Access tile in the Self Service tab of Oracle Identity Self Service, the Request for Others option should be enabled only for authorized users and managers. However, the Request for Others option is enabled for all users irrespective of authorization.
4.1.2 Session Time-out Warning Displayed When Using the Deployment Manager
Issue
When using the new UIs such as Deployment Manager, Resource History, Manage Connector, IT Resource or Application Instance in Identity Console using Oracle JET, a session time-out warning message is displayed although the system is not idle.
Currently, there is no workaround for this issue. Click OK on the warning message box and continue.
4.1.3 LDAP Synchronization Not Supported
Issue
LDAP synchronization, or integration between Oracle Identity Governance (OIG) and Oracle Access Manager (OAM) by using the IDMConfigTool is not supported in Oracle Identity Governance 12c (12.1.4.0) onwards.
Oracle Identity Governance 12c (12.2.1.3.1) release onwards, OAM-OIG integration using LDAP Connectors is supported.
Workaround
If you have upgraded from Release 11.1.2.3 to Release 12.2.1.3, then you can continue with LDAP synchronization, as described in Enabling LDAP Synchronization in Oracle Identity Manager in Integration Guide for Oracle Identity Management Suite for Release 11.1.2.3.
4.1.4 Logo Not Displayed in Certification Reports
Issue
When you log in to Oracle Identity Self Service and view certification reports,the logo is displayed in the PDF, Excel, and RTF formats of the report. However, the logo is not displayed in the HTML, Excel 2000, and CSV formats of the report.
Similarly, when you log in to Oracle BI Publisher Enterprise and view certification reports, the logo is displayed in the PDF, Excel, and RTF formats of the report. However, the logo is not displayed in the HTML, Excel 2000, and CSV formats of the report.
4.1.5 Pending Request Approval Fails
Issue
In a clustered deployment of Oracle Identity Governance, when a node fail over occurs, clicking Approve on the Request Approval page throws an exception, and displays 404 Page Not Found
on the page. The exception is:
<Mar 11, 2019 3:03:49,288 AM PDT> <Error> <Cluster> <BEA-003144> <All session objects should be serializable to replicate. Check the objects in the session. Failed to replicate a non-serializable object in context /identity. java.rmi.UnmarshalException: error unmarshalling arguments; nested exception is: java.io.InvalidClassException: filter status: REJECTED at weblogic.utils.StackTraceDisabled.unknownMethod() Caused By: java.io.InvalidClassException: filter status: REJECTED at weblogic.utils.StackTraceDisabled.unknownMethod() > <Mar 11, 2019 3:03:49,909 AM PDT> <Warning> <oracle.adfinternal.view.faces.renderkit.rich.RegionRenderer> <ADF_FACES-60099> <The region component with id: pt1:_d_reg:region2 has detected a page fragment with multiple root components. Fragments with more than one root component may not display correctly in a region and may have a negative impact on performance. It is recommended that you restructure the page fragment to have a single root component.> <Mar 11, 2019 3:03:50,175 AM PDT> <Error> <Cluster> <BEA-003144> <All session objects should be serializable to replicate. Check the objects in the session. Failed to replicate a non-serializable object in context /identity. java.rmi.UnmarshalException: error unmarshalling arguments; nested exception is: java.io.InvalidClassException: filter status: REJECTED at weblogic.utils.StackTraceDisabled.unknownMethod() Caused By: java.io.InvalidClassException: filter status: REJECTED at weblogic.utils.StackTraceDisabled.unknownMethod()
Workaround
The issue can be resolved by updating the setDomainEnv.sh
file with the following Java property in each node of the cluster, and then starting the WebLogic server:
-Dweblogic.oif.serialFilter=maxdepth=250
4.1.6 Duplicate Entries Are Not Allowed in Lookups
Issue
You can add duplicate entries in Lookups by using the Design Console without encountering any errors. But when duplicate entries are added to Lookups by using the Identity System Administration, then the following pop-up error is displayed:
JBO-oracle.iam.ui.common.model.lookupcode.lookup.entity.EditLookupsEO_RULE1: Each Lookup must have a unique key (Lookup Type, Lookup Code).
The error is generated because duplicate entries are not allowed in Lookups.
4.1.7 Change Indicator for Child Table Modification in a Disconnected Application Instance Not Displayed for Manual Fulfillment Task
In a disconnected application instance, the change indicator for child table modification is not displayed for manual fulfillment task.
4.1.8 Default Session Timeout
Issue
The default session timeout for Identity Self Service and Identity System Administration is set to 10 minutes.
The default session timeout is set by the following entry in the
web.xml
file:
<session-config> <session-timeout>10</session-timeout> </session-config>
For Identity Self Service:
$FMW_HOME/Oracle_IDM1/server/apps/oracle.iam.console.identity.self-service.ear
/oracle.iam.console.identity.self-service.war/WEB-INF/web.xml
For Identity System Administration:
$FMW_HOME/Oracle_IDM1/server/apps/oracle.iam.console.identity.sysadmin.ear/ora
cle.iam.console.identity.sysadmin.war/WEB-INF/web.xml
However, changing the default session timeout value is not supported.
4.2 Configuration Issues and Workarounds
This section describes the configuration issues and workarounds in this release of Oracle Identity Governance.
4.2.1 OIM-SOA Integration MBean Fails During Domain Configuration
Issue
When you configure the Oracle Identity Governance domain, run the offlineconfig manager.sh
script, and start all servers, and then invoke the OIM-SOA integration MBean, the following error is logged in the server logs:
<May 6, 2019 12:50:29,701 AM PDT> <Error> <com.oracle.coherence> <BEA-000000> <2019-05-06 00:50:29.701/217214.494 Oracle Coherence GE 12.2.1.4.0 <Error> (thread=Cluster, member=3): Received cluster heartbeat from the senior Member(Id=1, Timestamp=2019-05-03 12:25:22.783, Address=10.248.121.88:25538, MachineId=42905, Location=site:example.com,machine:slc16oqj,process:30630,member:AdminServer, Role=WeblogicServer) that does not contain this Member(Id=3, Timestamp=2019-05-03 12:30:58.275, Address=10.248.121.88:14080, MachineId=42905, Location=site:example.com,machine:slc16oqj,process:31978,member:oim_server1, Role=WeblogicServer); stopping cluster service.> <May 6, 2019 12:50:29,753 AM PDT> <Warning> <Log Management> <BEA-170011> <The LogBroadcaster on this server failed to broadcast log messages to the Administration Server. The Administration Server may not be running. Message broadcasts to the Administration Server will be disabled.>
Workaround
Make sure that date and time on the WebLogic host and database host are in sync. After making sure date and time are in sync, invoke oimsoaintegrationmbean
again.
4.2.2 Error Stack in OIM Managed Server Logs
The following error stack is shown in OIM managed server logs:
Jul 17, 2019 12:35:03,548 AM PDT> <Error> <oracle.adfinternal.view.page.editor.utils.ReflectionUtility> <WCS-16178> <Error instantiating class - oracle.adfdtinternal.view.faces.portlet.PortletDefinitionDTFactory> <Jul 17, 2019 12:35:03,584 AM PDT> <Warning> <oracle.adfinternal.view.faces.renderkit.rich.NavigationPaneRenderer> <BEA-000000> <Warning: There are no items to render for this level> <Jul 17, 2019 12:35:20,490 AM PDT> <Warning> <oracle.iam.platform.kernel.impl> <IAM-0089999> <Kernel Information:
This is a benign error without any functional impact and can be ignored.
4.2.3 Error in OIM Managed Server Logs
The following error is shown in the OIM managed server logs:
" <Aug 7, 2019 5:04:50,334 AM PDT> <Error> <XELLERATE.APIS> <BEA-000000> <Class/Method: tcITResourceInstanceOperationsBean/updateWithCredentialStoreData encounter some problems: Parameter User Reservation Container not present in credential store. pls check for svr_key:1> returning the ovd url value :
This is a benign error without any functional impact and can be ignored.
4.3 Multi-Language Support Issues and Workarounds
This section describes the multi-language support issues and workarounds in this release of Oracle Identity Governance.
4.3.1 Locale Drop Down Not Translated for My Information and Modify User Pages
Issue
The Locale list in the My Information page and Modify User page of Identity Self Service are not translated if the browser language is set to any one of the following:
-
Arabic (ar)
-
Hebrew (he)
-
Danish (da)
-
Czech (cs)
-
Dutch (nl)
-
Romanian (ro)
-
Slovak (sk)
-
Norwegian (no)
-
Hungarian (hu)
4.4 Features Not Supported in Oracle Identity Governance 14c (14.1.2.1.0)
The following features are not supported in this release:
Features Unsupported in 14.1.2.1.0 | Description |
---|---|
Generic Technology Connector (GTC) | Generic Technology Connector for developing custom connectors is not supported in this release. |
Segregation of Duties (SoD) using Oracle Application Access Controls Governor (OAACG) | SoD check with OAACG is not supported. In this release, SoD and audit violations are managed by using the Identity Audit feature of Oracle Identity Governance. See Managing Identity Audit in Performing Self Service Tasks with Oracle Identity Governance. |