Troubleshooting
The following are a couple of errors that may appear depending on if information was entered correctly.
Wrong Hostname
When configuring Cloud Access Management within Global Settings, if the Cloud Access Management hostname was entered incorrectly, the following error will display when clicking the cloud tab within Edit Group.
Wrong Client ID
When configuring Cloud Access Management within Global Settings, if the Cloud Access Management Client ID was entered incorrectly, the following error will display when clicking the cloud tab within Edit Group.
Additional Configuration Details
The SystemConfiguration Configuration object contains the following key when Cloud Access Management is installed:
-
<entry key="camEnabled" value="true"/>
The CAMConfiguration Configuration object contains the following keys:
|
Key |
String |
Description |
|---|---|---|
|
clientId |
string |
OAuth client id |
|
clientSecret |
string |
OAuth client secret (encrypted) |
|
hostname |
string |
Cloud Access Management hostname |
|
oauthHostname |
string |
OAuth access token hostname |
|
connectTimeoutSeconds |
integer |
Maximum time in seconds to wait for a connection to succeed to Cloud Access Management APIs before failing. default = 10 |
|
readTimeoutSeconds |
integer |
Maximum time in seconds to wait for a response from Cloud Access Management APIs before failing default = 60 |
|
eventAcknowledgeEndpoint |
string |
default = /tqr/v1/messages/acknowledge |
|
groupsEndpoint |
string |
default = /v1/resources/groups |
|
messagesEndpoint |
string |
default = /tqr/v1/messages |
|
rolesEndpoint |
string |
default = /v1/resources/roles |
|
scopesEndpoint |
string |
default = /v1/resources/scopes |
|
servicesEndpoint |
string |
default = /v1/resources/services |
|
subscribersEndpoint |
string |
default = /tqr/v1/subscribers |
|
subscriptionsEndpoint |
string |
default = /tqr/v1/subscriptions |
|
supportedAppTypes |
map |
By default, AWS and Azure applications are supported.
|
|
doInitialization |
boolean |
Default of false. Upon clicking the Event Initialization button, this is set to true. When true, a CAMSync iteration will request an event initialization (getting all data). When the event initialization request has completed (whether success or failure), this is set back to false. |
|
eventGroupId |
string |
Default of null. The first time the CAMConfigBean is instantiated (i.e. - whenever the CAMConfiguration is queried or modified the first time in Identity IQ), this is set to iiq_<uuid>, where uuid is generated. |
|
initializationError |
string |
Default of null. If an error occurs during the initialization request, it is set in this field. A non-null initializationError will display on the CAM Configuration UI page. |
|
initializationHost |
string |
Default of null. This is set to be the host that requests an event initialization. |
|
initializedDate |
date |
Default of null. This is set to the date of an event initialization. |
Logging
The following logs can be helpful to troubleshoot the Cloud Access Management integration:
# CAMSync service top-level
logger.camsyncservice.name=sailpoint.server.CAMSyncService
logger.camsyncservice.level=debug
# Calls to Cloud Access Management APIs
logger.camservice.name=sailpoint.cam.CAMService
logger.camservice.level=info
# CAMSync service event director
logger.cameventdir.name=sailpoint.cam.CAMEventDirector
logger.cameventdir.level=debug
# CAMSync service event persistence
logger.cloudaccessorizer.name=sailpoint.cam.CloudAccessorizer
logger.cloudaccessorizer.level=debug
# CAMSync service event listening
logger.camsynch.name=sailpoint.server.CAMSynchronizer
logger.camsynch.level=debug
# Request CAM event data when creating new entitlements
logger.camstats.name=sailpoint.api.aggregation.CAMStatisticsCommand
logger.camstats.level=DEBUG
# Filters to search for Cloud Access Management based entitlements
logger.camurisearch.name=sailpoint.search.CloudAccessUriFilterBuilder
logger.camurisearch.level=debug
logger.camdnsearch.name=sailpoint.search.CloudAccessDisplayNameFilterBuilder
logger.camdnsearch.level=debug
Module Status
The status of the Cloud Access Management integration can be viewed under Gear icon > Administrator Console > Environment > SailPoint Modules & Extensions, and then click on the CAMServices name in the list.