When Logging In, I Get A "Blank" Profile

  • 7011224
  • 03-Feb-2011
  • 19-Oct-2012

Resolution

When using pass-thru authentication, there may be situations where upon logging in, the view you see in the UI is "blank".  That is to say, you might notice the following:

  • Additional tabs you have access to are missing.  You only see the 'Dashboard' and 'My Certifications'.
  • The Dashboard is set to a default view and widgets you had previously configured are either not present, or not configured per your last settings.
  • There are no items in the 'Inbox' and 'Outbox'.
  • The top-right of the UI shows your account name for the pass-thru application and not your normal Identity name.
  • Identity information is missing, like your Firstname and Lastname.

What's happening is that during pass-thru authentication, Access Governance Suite get's a successful authentication check from the pass-thru authentication an then performs a correlation check to find the target Identity.  For some reason, the Identity is not found.  Access Governance Suite then assumes that as the credentials were successful, the individual should still be allowed in.  So it creates a new Identity based soley on the information from the pass-thru application.  This often results in a combination of the elements described above where the Identity used to login with has no recognizable elements of the Identity usually used to login with.

The most likely cause is that correlation of the logged in account is failing and cannot locate the original Identity.  Tracing on the following will provide hints as to what is happening with the correlation:

log4j.logger.sailpoint.api.Identitizer=debug
log4j.logger.sailpoint.api.Correlator=debug
log4j.logger.sailpoint.connector=debug

 

The tracing should provide details of what account information is incoming from the application, what correlation rules are behing used, and what values are being returned from these correlation activities.  It's beyond the scope of this document to provide detailed analysis of correlation troubleshooting, but at a high level, look for the following:

  • Has the incoming account data changed, especially in some way that would "break" normal correlation?
  • Has the correlation rule or correlation config settings changed?
  • Has the pass-thru authentication application been altered?  Does its account schema have the neccessary attributes configured to perform account correlation?
  • Has the original Identity changed?  Are any values missing or changed on it that are relied upon by correlation?