Policy Express Provisioning Role Policies do not run as expected

Document ID : KB000124262
Last Modified Date : 09/01/2019
Show Technical Document Details
Issue:
Scenario 1:
When executing the Admin task "Modify User" and the "User Synchronization" option with "On task completion" is active an error is returned "Wrapped Exception: [LDAP: error code 17 - %IDENTITY_POLICY%: attribute description contains inappropriate characters]". the error appears because within the Admin Task

Scenario 2:
Having deployed a Policy Xpress (PX) policy configuration to revoke Provisioning Roles (for example the one seen in  knowledge document KB000010965), the task executes and in Provisioning Roles are removed correctly however in some circumstances the endpoint account is deleted unexpectedly.

 
Environment:
CA Identity Suite, Virtual Appliance Version 14.1

Virtual Appliance14.1.0 CP5
Identity Manager14.1.0 CP4
Identity Governance14.1.0 GA
Identity Portal14.1.0 GA
Operating System 14.1.0 GA

 
Cause:
This issue is caused by retries of provisioning events resulting from a slow responses at the endpoint.  This slow response triggers synchronization attempts. 
Resolution:
A 14.1 fix has been released.  The patch includes some additional logic to prevent synchronization of the global user.

Patch "HF-DE397185-01222138-0002.tgz.gpg" is available upon request.