My Oracle Support Banner

Certification Of Access Policy With Multiple Application Instances With The Same Endpoint Fails With Error: ORA-00001: unique constraint (<XXX>.PK_CERTD_ROLE_POLICY) violated (Doc ID 2634012.1)

Last updated on JULY 21, 2020

Applies to:

Identity Manager - Version 11.1.2.3.170924 and later
Information in this document applies to any platform.

Goal


When creating certification of a Role with an access policy that contains multiple application instances with the same endpoint,
the role certification creation fail with following error : ORA-00001: unique constraint (<XXX>.PK_CERTD_ROLE_POLICY) violated:
---------------------------------------------------------------------
[2019-10-23T14:07:19.950+02:00] [oim_server1] [ERROR] []
[oracle.iam.certification.internal.impl] [tid: OIMQuartzScheduler_Worker-6]
[userId: <UserID>l] [ecid: <ecid>]
[APP: oim#11.1.1.3.0] error while creating role certification, certification
name:TestRole[[
org.springframework.dao.DataIntegrityViolationException:
PreparedStatementCallback; SQL [INSERT INTO CERTD_ROLE_POLICY   (CERT_ID,
ROLE_ID, POLICY_ID, CERTIFIED,   COMMENTS, CERTIFICATION_DATE,
ISREQUIRED,ENTITY_ID,PARENT_ENTITY_ID) VALUES ( ? , ?, ?, ?,         ? , ?, ?
,?, ?)]; ORA-00001: unique constraint (IDALL_OIM.PK_CERTD_ROLE_POLICY)
violated
; nested exception is java.sql.SQLIntegrityConstraintViolationException:
ORA-00001: unique constraint (<XXX>.PK_CERTD_ROLE_POLICY) violated
        at
org.springframework.jdbc.support.SQLErrorCodeSQLExceptionTranslator.doTranslat
e(SQLErrorCodeSQLExceptionTranslator.java:228)
        at
org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.transl
ate(AbstractFallbackSQLExceptionTranslator.java:72)
        at
org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:607)
        at
..
...
]]
----------------------------------------------------------------------------------------------


Steps to reproduce the issue:

(1)Define 2 application instances using 2 separate resource objects {each resource object has it dedicate process form+child form(entitlement property set to "True" for child column) and process definition} but same IT Resource

(2)Define an access policy which provision both application instances using same role.

(3)Define certificate definition for "Role", it will let you define it but when you run the schedule job it will fail with error mentioned
earlier.

Please advise cause and resolution of this issue
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.