4 Oracle Identity Governance

Known issues and workarounds for Oracle Identity Governance include general issues and issues related to multi-language support.

4.1 General Issues and Workarounds

4.1.1 The Request for Others Option is Available for All Users

Issue

When you click the Request Access tile in the Self Service tab of Oracle Identity Self Service, the Request for Others option should be enabled only for authorized users and managers. However, the Request for Others option is enabled for all users irrespective of authorization.

4.1.2 Session Time-out Warning Displayed When Using the Deployment Manager

Issue

When using the new UIs such as Deployment Manager, Resource History, Manage Connector, IT Resource or Application Instance in Identity Console using Oracle JET, a session time-out warning message is displayed although the system is not idle.

Currently, there is no workaround for this issue. Click OK on the warning message box and continue.

4.1.3 LDAP Synchronization Not Supported

Issue

LDAP synchronization, or integration between Oracle Identity Governance (OIG) and Oracle Access Manager (OAM) by using the IDMConfigTool is not supported in Oracle Identity Governance 12c (12.1.4.0) onwards.

Oracle Identity Governance 12c (12.2.1.3.1) release onwards, OAM-OIG integration using LDAP Connectors is supported.

Workaround

If you have upgraded from Release 11.1.2.3 to Release 12.2.1.3, then you can continue with LDAP synchronization, as described in Enabling LDAP Synchronization in Oracle Identity Manager in Integration Guide for Oracle Identity Management Suite for Release 11.1.2.3.

4.1.4 Logo Not Displayed in Certification Reports

Issue

When you log in to Oracle Identity Self Service and view certification reports,the logo is displayed in the PDF, Excel, and RTF formats of the report. However, the logo is not displayed in the HTML, Excel 2000, and CSV formats of the report.

Similarly, when you log in to Oracle BI Publisher Enterprise and view certification reports, the logo is displayed in the PDF, Excel, and RTF formats of the report. However, the logo is not displayed in the HTML, Excel 2000, and CSV formats of the report.

4.1.5 Pending Request Approval Fails

Issue

In a clustered deployment of Oracle Identity Governance, when a node fail over occurs, clicking Approve on the Request Approval page throws an exception, and displays 404 Page Not Found on the page. The exception is:

<Mar 11, 2019 3:03:49,288 AM PDT> <Error> <Cluster> <BEA-003144> <All session
objects should be serializable to replicate. Check the objects in the
session. Failed to replicate a non-serializable object in context /identity.
java.rmi.UnmarshalException: error unmarshalling arguments; nested exception
is:
java.io.InvalidClassException: filter status: REJECTED
at weblogic.utils.StackTraceDisabled.unknownMethod()
Caused By: java.io.InvalidClassException: filter status: REJECTED
at weblogic.utils.StackTraceDisabled.unknownMethod()
> 
<Mar 11, 2019 3:03:49,909 AM PDT> <Warning>
<oracle.adfinternal.view.faces.renderkit.rich.RegionRenderer>
<ADF_FACES-60099> <The region component with id: pt1:_d_reg:region2 has
detected a page fragment with multiple root components. Fragments with more
than one root component may not display correctly in a region and may have a
negative impact on performance. It is recommended that you restructure the
page fragment to have a single root component.>
<Mar 11, 2019 3:03:50,175 AM PDT> <Error> <Cluster> <BEA-003144> <All session
objects should be serializable to replicate. Check the objects in the
session. Failed to replicate a non-serializable object in context /identity.
java.rmi.UnmarshalException: error unmarshalling arguments; nested exception
is:
java.io.InvalidClassException: filter status: REJECTED
at weblogic.utils.StackTraceDisabled.unknownMethod()
Caused By: java.io.InvalidClassException: filter status: REJECTED
at weblogic.utils.StackTraceDisabled.unknownMethod()

Workaround

The issue can be resolved by updating the setDomainEnv.sh file with the following Java property in each node of the cluster, and then starting the WebLogic server:

-Dweblogic.oif.serialFilter=maxdepth=250

4.1.6 Duplicate Entries Are Not Allowed in Lookups

Issue

You can add duplicate entries in Lookups by using the Design Console without encountering any errors. But when duplicate entries are added to Lookups by using the Identity System Administration, then the following pop-up error is displayed:

JBO-oracle.iam.ui.common.model.lookupcode.lookup.entity.EditLookupsEO_RULE1: Each Lookup must have a unique key (Lookup Type, Lookup Code).

The error is generated because duplicate entries are not allowed in Lookups.

4.1.7 Change Indicator for Child Table Modification in a Disconnected Application Instance Not Displayed for Manual Fulfillment Task

In a disconnected application instance, the change indicator for child table modification is not displayed for manual fulfillment task.

4.1.8 Default Session Timeout

Issue

The default session timeout for Identity Self Service and Identity System Administration is set to 10 minutes.

The default session timeout is set by the following entry in the web.xml file:

<session-config>
        <session-timeout>10</session-timeout>
</session-config>

For Identity Self Service: $FMW_HOME/Oracle_IDM1/server/apps/oracle.iam.console.identity.self-service.ear /oracle.iam.console.identity.self-service.war/WEB-INF/web.xml

For Identity System Administration: $FMW_HOME/Oracle_IDM1/server/apps/oracle.iam.console.identity.sysadmin.ear/ora cle.iam.console.identity.sysadmin.war/WEB-INF/web.xml

However, changing the default session timeout value is not supported.

4.2 Configuration Issues and Workarounds

This section describes the configuration issues and workarounds in this release of Oracle Identity Governance.

4.2.1 OIM-SOA Integration MBean Fails During Domain Configuration

Issue

When you configure the Oracle Identity Governance domain, run the offlineconfig manager.sh script, and start all servers, and then invoke the OIM-SOA integration MBean, the following error is logged in the server logs:

<May 6, 2019 12:50:29,701 AM PDT> <Error> <com.oracle.coherence> <BEA-000000>
<2019-05-06 00:50:29.701/217214.494 Oracle Coherence GE 12.2.1.4.0 <Error>
(thread=Cluster, member=3): Received cluster heartbeat from the senior
Member(Id=1, Timestamp=2019-05-03 12:25:22.783, Address=10.248.121.88:25538,
MachineId=42905,
Location=site:example.com,machine:slc16oqj,process:30630,member:AdminServer,
 Role=WeblogicServer) that does not contain this Member(Id=3,
Timestamp=2019-05-03 12:30:58.275, Address=10.248.121.88:14080,
MachineId=42905,
Location=site:example.com,machine:slc16oqj,process:31978,member:oim_server1,
 Role=WeblogicServer); stopping cluster service.>

<May 6, 2019 12:50:29,753 AM PDT> <Warning> <Log Management> <BEA-170011>
<The LogBroadcaster on this server failed to broadcast log messages to the
Administration Server. The Administration Server may not be running. Message
broadcasts to the Administration Server will be disabled.>

Workaround

Make sure that date and time on the WebLogic host and database host are in sync. After making sure date and time are in sync, invoke oimsoaintegrationmbean again.

4.2.2 Error Stack in OIM Managed Server Logs

The following error stack is shown in OIM managed server logs:

Jul 17, 2019 12:35:03,548 AM PDT> <Error>
<oracle.adfinternal.view.page.editor.utils.ReflectionUtility> <WCS-16178>
<Error instantiating class -
oracle.adfdtinternal.view.faces.portlet.PortletDefinitionDTFactory>
<Jul 17, 2019 12:35:03,584 AM PDT> <Warning>
<oracle.adfinternal.view.faces.renderkit.rich.NavigationPaneRenderer>
<BEA-000000> <Warning: There are no items to render for this level>
<Jul 17, 2019 12:35:20,490 AM PDT> <Warning>
<oracle.iam.platform.kernel.impl> <IAM-0089999> <Kernel Information:

This is a benign error without any functional impact and can be ignored.

4.2.3 Error in OIM Managed Server Logs

The following error is shown in the OIM managed server logs:

"
<Aug 7, 2019 5:04:50,334 AM PDT> <Error> <XELLERATE.APIS> <BEA-000000>
<Class/Method:
tcITResourceInstanceOperationsBean/updateWithCredentialStoreData encounter
some problems: Parameter User Reservation Container not  present in
credential store. pls check for svr_key:1>
returning the ovd url value :

This is a benign error without any functional impact and can be ignored.

4.3 Multi-Language Support Issues and Workarounds

This section describes the multi-language support issues and workarounds in this release of Oracle Identity Governance.

4.3.1 Locale Drop Down Not Translated for My Information and Modify User Pages

Issue

The Locale list in the My Information page and Modify User page of Identity Self Service are not translated if the browser language is set to any one of the following:

  • Arabic (ar)

  • Hebrew (he)

  • Danish (da)

  • Czech (cs)

  • Dutch (nl)

  • Romanian (ro)

  • Slovak (sk)

  • Norwegian (no)

  • Hungarian (hu)

4.3.2 Search Result Message in the Export Configuration Page Not Translated

Issue

When you perform a default search in the Export Configuration page of the Deployment Manager, the search result message is displayed only in English, and is not translated to other languages.

4.4 Features Not Supported in Oracle Identity Governance 14c (14.1.2.1.0)

The following features are not supported in this release:

Features Unsupported in 14.1.2.1.0 Description
Generic Technology Connector (GTC) Generic Technology Connector for developing custom connectors is not supported in this release.
Segregation of Duties (SoD) using Oracle Application Access Controls Governor (OAACG) SoD check with OAACG is not supported. In this release, SoD and audit violations are managed by using the Identity Audit feature of Oracle Identity Governance. See Managing Identity Audit in Performing Self Service Tasks with Oracle Identity Governance.