Troubleshooting

org.apache.axis2.AxisFault: Transport error: 401 Error: HTTP/1.1 401 Unauthorized

This error can happen when the incorrect ClientID is entered in the source configuration.

Resolution – Correct the configuration details to resolve the issue.

[ ConnectorException ] [ Possible suggestions ] Ensure configuration parameters are correct with a valid format, Ensure active network connectivity between Source and Target system. [ Error details ] javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Resolution – Set the following .jvm parameter:

-Dcom.ibm.jsse2.overrideDefaultProtocol=TLSv12

Unable to verify the signature of the SAML assertion

Resolution – The Client ID and Private key values should be correctly provided. These values must be a part of the same OAuth2 Client Applications.

Unable to authenticate the client (Login failed - Invalid user)

Resolution – Ensure that the User ID value is correct.

Test Connection fails with the following error message even with the valid certificates added:

"javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure"

This issue may be due to a mismatch of TLS Communication Server and Client versions.

Resolution – Add the following JVM argument and set it to true:

Dcom.ibm.jsse2.overrideDefaultTLS

Test Connection fails with the following error message:

"[ ConnectorException ] [ Error details ] Exception occurred while iterate operation, refer logs for more details. Server is DOWN or Connection parameters are incorrect."

Resolution – Verify the connection parameters and check with your network team for the firewall restrictions.

The SuccessFactors connector displays the following error:

“sailpoint.connector.ConnectorException: java.net.SocketTimeoutException: Read timed out" and "Possible suggestions : \n additional entity value is missing or \n No associated Data Found”

Resolution – Correct the XPaths for additional attributes added in the connector configuration. The semantics or syntax may be incorrect. For more information, refer to Compound Employee API Sub-Structures.

Zero accounts are returned with this message:

Your permissions and additional picklist values are not completely aligned with recommended practices. Refer connector guidelines to set expected values.

Resolution – Ensure that:

• The required permissions mentioned in Required Permissions are added and perform the aggregation again.

• The Picklist values are correct or configured as mentioned in the Picklist Configuration.

The picklist values may differ from the default values in the connector.

Resolution – Ensure that the picklist values are correct or configured as described in the Picklist Configuration.

User '[<userId>]' does not have permission to manage roles.

Resolution – Ensure that the Manage Role-Based Permission Access permission is assigned to the user. For more information, refer to Required Permissions.

Unable to create iterator sailpoint.connector.InsufficientPermissionException:

[ InsufficientPermissionException ] [ Possible suggestions ] Provide the required permissions for the user. [ Error details ] "error" : { "code" : "COE_GENERAL_FORBIDDEN", "message" :{ "lang" : "en-US", "value" : "[COE0020]User [UserId] attempted to access dynamic group module [permission] without proper access privilege." }

Resolution – Ensure that the Manage Role-Based Permission Access permission is assigned to the service account user when the Roles and Groups attributes are added to the account schema object. For more information, refer to Required Permissions.

Entity FOLocation is not found. Please check the entity in Admin Center &gt; OData API Data Dictionary or contact your system administrator

Resolution – Perform the following:

1. In SuccessFactors, go to Admin Center and search for OData API Metadata Refresh And Export.

2. Select Refresh.

3. Wait for the task to be completed.

User [userId] attempted to access dynamic group module [permission] without proper access privilege.

and

User "[userId]" does not have permission to manage roles

Resolution – Ensure the Manage Role-Based Permission Access permission is correctly assigned.

If the entities are not defined in the SuccessFactors managed system, then this error message displays:

Additional Entity Value is Missing or No associated Data Found

"Got exception while parsing the active list sailpoint.connector.ConnectorException: SFWebServiceFaultException Exception during aggregation. Reason: java.lang.RuntimeException: sailpoint.connector.ConnectorException: SFWebServiceFaultException java.lang.RuntimeException: sailpoint.connector.ConnectorException: SFWebServiceFaultException

Resolution – Ensure that defined and validated attributes are added to Include Compound Employee API Entities on the managed system. For more information, refer to Additional Attribute Mapping.

Note
After the update, make sure to remove these values from the Include Compound Employee API Entities field as this field should contain only the nodes defined on the managed system.

Authorization failed for REST: status code=404 Version of rest URL

Resolution – When specifying the target population to whom granted users have permission to access, exclude granted users from having the permission access to themselves. To do this, deselect the Exclude granted users from having the permission access to themselves checkbox.

Add the following entry to the application XML using the application Debug page: 

<entry key="fetchServerTime">
    <value>
        <Boolean>true</Boolean>
    </value>
</entry>

After you add the entry the connector will always respect the SuccessFactors server time zone for aggregation operations.

Add the following entry to the application XML using the application Debug page: 

<entry key="deltaWithOffset">
    <value>
        <Boolean>true</Boolean>
    </value>
</entry>

After you add this entry the connector will respect the future offset that was provided in the application and fetch the actions leading up to that day.

If another email or phone is marked as primary and a rule is configured for the application, this error message is displays

Error in provisioning the httpcode: 500 error messsage: Only one record can be set as primary record for <PersonID>.

Resolution – Ensure that you perform the following:

1. Modify the rule to set the isPrimary flag to false.

2. Make the email/phone non-primary on the native system.

The following error message displays during provisioning and GET operations:

sailpoint.connector.InvalidRequestException: No data exists for the provided user, please check nativeIdentity identityName(for e.g TestUser1)

Resolution – Perform the following:

1. Check the target population in the group that is assigned to the service account role.

2. Ensure that the Manage Role-Based Permission Access permission is assigned to service account user when the Roles and Groups attributes are added to the account schema object.

Resolution – Check if the permissions have been properly set for the service account. Remove any extra permissions that are not mentioned in Required Permissions.

SuccessFactors Username provisioning fails with the following error message:

Error in provisioning the httpcode: 500 error messsage: DUPLICATE_USERNAME : Failed to add/update user

Resolution – SuccessFactors allows you to update the Username attribute to a new and unique value, but not to a value that was previously assigned to it. For more information, refer to SAP Notes.

For example, receiving incorrect account statuses, not aggregating any accounts, or connection failures.

Resolution – Verify that there were no abnormalities, connection issues, or updates on the target system during the duration that you are seeing the inconsistent or abnormal behavior by checking with the SuccessFactors administrator and network team.