Provisioning operations troubleshooting
Identity status remains as PENDING_*
Symptom: Status of user's identity after provisioning remains PENDING_CREATE or PENDING_UPDATE for long time, even if you are sure connector already has performed the operation of creating/updating user.
Possible reason: connector got unbound from RabbitMQ and no longer receives request from OpenIAM. This is known issue and OpenIAM team works on solid solution for it.
Solution: We suggest to re-save connector and check if responses from connector came back to OpenIAM. Go to Webconsole -> Provisioning -> Connectors find connector that experiences issues and without any changes on configuration page click save. Then open managed system dashboard and click icon of connector replies on the proper managed system raw to make sure IAM got responses back. Other way to check is Audit Logs, you should see actions at the top of the search results like:
- SAVE_CONNECTOR_RESPONSE
- SAVE_GROUP_CONNECTOR_RESPONSE
- SEARCH_CONNECTOR_RESPONSE
- ENABLE_CONNECTOR_RESPONSE
- DISABLE_CONNECTOR_RESPONSE
- DELETE_CONNECTOR_RESPONSE
- RESET_PASSWORD_CONNECTOR_RESPONSE
Sync via connector connection doesn't return values
Symptom: Audit event PROVISIONING_USER_SEARCH and PROVISIONING_GROUP_SEARCH has errors 'Response is not received from RabbitMQ during reply timeout'.
Possible reason: connector got unbound from RabbitMQ and no longer receives request from OpenIAM.
Solution:
- We suggest to re-save connector and check if responses from connector came back to OpenIAM. Go to Webconsole -> Provisioning -> Connectors find connector that experiences issues and without any changes on configuration page click save. Then open managed system dashboard and click icon of connector replies on the proper managed system raw to make sure IAM got responses back.
- Make sure you use in Synchronization Source: 'Connector - Asynchronous & Multithreaded' and not 'Connector - Single-threaded' (this one is deprecated as of now)
Retry sync again after you tried solutions.