Certification display issues with Internet Explorer

  • 7011037
  • 05-Aug-2011
  • 01-Nov-2012

Environment

Access Governance

Resolution

One can experience certification display issues when using Internet Explorer (most likely versions less than 9) where the data contained in the certification has invalid display characters.

These display issues may include partial display of data, or no data display at all (apparently an empty certificate), depending on where the invalid characters are in the data (Ex: first line of data versus line 25 of 50).

Typically these issues are not seen when using Firefox (and IE 9) as this browser tends to better handle these invalid characters.

To troubleshoot this issue, one would do the following:

  1. Using Firefox, with Firebug plugin, login to Access Governance Suite and open the cert.
  2. In the "Console->All" section of Firebug you should see a url like so:
    + Post http://............identityiq/manage/certification/certificationIdentityItemsDataSource.xmlds?........
  3. Click on the plus sign to open up this entry
  4. There should be a response tab now appear with data in it:
    Ex:
    <response>
      <Items>
         ........
  5. Right click on the "Response" tab and select "Copy Response Body".
  6. Paste that text into a file for examination.

To reproduce the problem in your test environment:

  1. Have at least one open certification in your identityIQ install.
  2. Obtain response xml using Firebug (see previous section above).
  3. Backup the identityiq/manage/certificationIdentityItemsDataSource file.
  4. Edit the original identityiq/manage/certificationIdentityItemsDataSource file.
  5. Inside this file, replace all the <response>.....</response> xml with the xml obtained from Firebug in the previous section.
  6. Startup IE browser version you are having problem with. If you don't have IE installed, or the particular version, you can install IETester:
    http://my-debugbar.com/wiki/IETester/HomePage
  7. Go to the Manage->My Certifications page and edit your existing cert.
  8. The data displayed should NOT be your cert data, but instead the data from the response pasted into the file above.
    Note: A application server restart may be needed here as sometimes the old cert response data is "cached".
  9. You should be able to duplicate the data display problem (or error) reported.

Actual reported scenario:

  1. Customer reported an IE6 javascript error when editing a certificate. The certificate data was also not displaying correctly (several lines missing).
  2. The JSON response (obtained using Firebug as described above) showed the following line:
    <description>Value ADMIN
     on Group</description>
  3. Notice how the above text is split on multiple lines (should be one line). The description xml is what gets displayed in the Description column when editing a certificate.
  4. The description comes from the following JSON data inside the reponse:
    <descriptionJson>{"descriptionFirst":true,"entitlements":[{"entName":{"description":null,"name":"Group"},"entValues":[{"popup":false,"description":null,"value":"ADMIN\n"}],"type":"attributes"}]}</descriptionJson>
  5. If we examine the above JSON data, notice that the entitlement name is "Group" and the value for the entitlement is "ADMIN". But looking at the entitlement value, we also notice a newline character after the name: "\n". The newline causes the description in step 2 above to render on two lines. This also causes IE to have problems displaying said data, where as Firefox ignores the newline.
  6. The ultimate problem with the above scenario is that the customer had newline characters in their entitlement data and had to clean up their data.

Summary:

Invalid characters can get into identityiq in many ways.

The most common cause is aggregation of invalid characters, typically found in delimited files provided to identityIQ.

Another way invalid characters can get into certificate data is via import/export of Managed Entitlements found under Applications. Certifications will often use the data found in the Managed Entitlements section for display in certificates. The certificates pull this data in dynamically, as the certificate is displayed. This is why you often will not find these invalid characters inside the actual Certfiication xml object and instead must examine the JSON data using Firebug to troubleshoot.