Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Duo account deletion issue

GauravJain
Regular Contributor
Regular Contributor

‎03/12/2024 04:29 AM

Hi

Facing issue while deleting a Duo account.

FYI...Account creation and updation is working fine.

Following is the configuration and error message pulled from logs. Please let me know in case you require any further information.

DisableAccountJSON

{
"call": [
{
"name": "call1",
"connection": "acctAuth",
"basicUrl":"api.duosecurity.com",
"hostUrl": "${(requestAccessAttributes?.get('Account Type') != null && requestAccessAttributes?.get('Account Type')?.equals('AdminUser')) ?'/admin/v1/admins/'+account.accountID : '/admin/v1/users/'+account.accountID}",
"url": "${(requestAccessAttributes?.get('Account Type') != null && requestAccessAttributes?.get('Account Type')?.equals('AdminUser')) ? 'https://api.duosecurity.com/admin/v1/admins/'+account.accountID : 'https://api.duosecurity.com/admin/v1/users/'+account.accountID}",
"httpMethod": "DELETE",
"httpParams": "{\"status\": \"disabled\"}"
}
]
}

Error message

java.lang.NullPointerException: Cannot invoke method size() on null object at com.saviynt.provisoning.rest.RestProvisioningService$_removeAccount_closure56.doCall(RestProvisioningService.groovy:9207) at com.saviynt.provisoning.rest.RestProvisioningService.removeAccount(RestProvisioningService.groovy:9193) at com.saviynt.ecm.services.ArsTaskService.removeAccountTarget(ArsTaskService.groovy:11979) at com.saviynt.ecm.services.ArsTaskHelperService$_whenTaskTypeIsTwoRemoveAccess_closure52.doCall(ArsTaskHelperService.groovy:3225) at com.saviynt.ecm.services.ArsTaskHelperService.whenTaskTypeIsTwoRemoveAccess(ArsTaskHelperService.groovy:3215) at com.saviynt.ecm.services.ArsTaskHelperService$_completeAutoProvTasksUpgraded_closure1.doCall(ArsTaskHelperService.groovy:170) at com.saviynt.ecm.services.ArsTaskHelperService.completeAutoProvTasksUpgraded(ArsTaskHelperService.groovy:160) at MultipleProvisioningJob.execute(MultipleProvisioningJob.groovy:222) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)

Regards

Gaurav

 

Labels:
0 Kudos
16 REPLIES 16

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎03/12/2024 07:33 AM

Hello @GauravJain,

Below is a sample for your reference. Please adjust the value of "customproperty2" according to your configuration in the JSON below, where you are storing the "AdminUser" value in the DUO Account in EIC.

=====================================================================
REMOVE ACCOUNT JSON
=====================================================================
{
  "call": [
    {
      "name": "call1",
      "connection": "acctAuth",
      "basicUrl": "@BASE_URL@",
      "hostUrl": "${(account?.customproperty2.equals('AdminUser')) ? '/admin/v1/admins/'+account.accountID : '/admin/v1/users/'+account.accountID}",
      "url": "${(account?.customproperty2.equals('AdminUser')) ? 'https://@BASE_URL@/admin/v1/admins/'+account.accountID : 'https://@BASE_URL@/admin/v1/users/'+account.accountID}",
      "httpMethod": "DELETE"
    }
  ]
}

 Thanks

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

GauravJain
Regular Contributor
Regular Contributor
In response to sudeshjaiswal

‎03/12/2024 11:55 PM

Hi @sudeshjaiswal this configuration is also giving same error in logs.

FYI..."customproperty2" contains account type by default so i have used the same. on Accounts UI (inside Other Attributes) it shows as "Account Type" but in accounts table its customproperty2 only.

 

java.lang.NullPointerException: Cannot invoke method size() on null object at com.saviynt.provisoning.rest.RestProvisioningService$_removeAccount_closure56.doCall(RestProvisioningService.groovy:9207) at com.saviynt.provisoning.rest.RestProvisioningService.removeAccount(RestProvisioningService.groovy:9193) at com.saviynt.ecm.services.ArsTaskService.removeAccountTarget(ArsTaskService.groovy:11979) at com.saviynt.ecm.services.ArsTaskHelperService$_whenTaskTypeIsTwoRemoveAccess_closure52.doCall(ArsTaskHelperService.groovy:3225) at com.saviynt.ecm.services.ArsTaskHelperService.whenTaskTypeIsTwoRemoveAccess(ArsTaskHelperService.groovy:3215) at com.saviynt.ecm.services.ArsTaskHelperService$_completeAutoProvTasksUpgraded_closure1.doCall(ArsTaskHelperService.groovy:170) at com.saviynt.ecm.services.ArsTaskHelperService.completeAutoProvTasksUpgraded(ArsTaskHelperService.groovy:160) at MultipleProvisioningJob.execute(MultipleProvisioningJob.groovy:222) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:5

Regards

Gaurav

 

0 Kudos

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎03/13/2024 12:10 AM

Hello @GauravJain,

Is it working in postman if yes, please provide the response and the body of the same.

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

GauravJain
Regular Contributor
Regular Contributor
In response to sudeshjaiswal

‎03/13/2024 12:34 AM

Yes, its working. Below is the response received in postman

{
"response": "",
"stat": "OK"
}

and not passing anything in "body" in postman so its blank.

URL - https://api.duosecurity.com/admin/v1/users/{account_id}

METHOD - DELETE

Basic Auth with username and signature as password.

Let me know if you require any further information.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to GauravJain

‎03/17/2024 08:07 PM

Share saviynt logs to validate what is final url is formed 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

GauravJain
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎03/17/2024 08:59 PM

Hi @rushikeshvartak there is no url in logs, strange. it seems its failing before forming the url?

few log lines for reference

Validating tasks for Securitysystem - Duo_SS
accountName = abc , taskType = 2 accountkey = xxxxxx
proceed = true
accountName = asd , taskType = 2 accountkey = yyyyyy
proceed = true
Calling removeAccount in rest with Sec System - Duo_SS and tasklist - [asd:[com.saviynt.ecm.task.ArsTasks : qwerty], abc:[com.saviynt.ecm.task.ArsTasks : yuiopt]]
initializing Provisioning connection
Completing task - qwerty
*****ERROR******
"java.lang.NullPointerException: Cannot invoke method size() on null object at com.saviynt.provisoning.rest.RestProvisioningService$_removeAccount_closure56.doCall(RestProvisioningService.groovy:9207) at com.saviynt.provisoning.rest.RestProvisioningService.removeAccount(RestProvisioningService.groovy:9193) at com.saviynt.ecm.services.ArsTaskService.removeAccountTarget(ArsTaskService.groovy:11979) at com.saviynt.ecm.services.ArsTaskHelperService$_whenTaskTypeIsTwoRemoveAccess_closure52.doCall(ArsTaskHelperService.groovy:3225) at com.saviynt.ecm.services.ArsTaskHelperService.whenTaskTypeIsTwoRemoveAccess(ArsTaskHelperService.groovy:3215) at com.saviynt.ecm.services.ArsTaskHelperService$_completeAutoProvTasksUpgraded_closure1.doCall(ArsTaskHelperService.groovy:170) at com.saviynt.ecm.services.ArsTaskHelperService.completeAutoProvTasksUpgraded(ArsTaskHelperService.groovy:160) at MultipleProvisioningJob.execute(MultipleProvisioningJob.groovy:222) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)"
Completing task - 152898
*****ERROR******
"java.lang.NullPointerException: Cannot invoke method size() on null object at com.saviynt.provisoning.rest.RestProvisioningService$_removeAccount_closure56.doCall(RestProvisioningService.groovy:9207) at com.saviynt.provisoning.rest.RestProvisioningService.removeAccount(RestProvisioningService.groovy:9193) at com.saviynt.ecm.services.ArsTaskService.removeAccountTarget(ArsTaskService.groovy:11979) at com.saviynt.ecm.services.ArsTaskHelperService$_whenTaskTypeIsTwoRemoveAccess_closure52.doCall(ArsTaskHelperService.groovy:3225) at com.saviynt.ecm.services.ArsTaskHelperService.whenTaskTypeIsTwoRemoveAccess(ArsTaskHelperService.groovy:3215) at com.saviynt.ecm.services.ArsTaskHelperService$_completeAutoProvTasksUpgraded_closure1.doCall(ArsTaskHelperService.groovy:170) at com.saviynt.ecm.services.ArsTaskHelperService.completeAutoProvTasksUpgraded(ArsTaskHelperService.groovy:160) at MultipleProvisioningJob.execute(MultipleProvisioningJob.groovy:222) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)"
Inside updateProvisioningTries..
Config for ARSTASKCOMPNEWPWDcom.saviynt.ecm.utility.domain.EcmConfig : ARSTASKCOMPNEWPWD
Task Complete Email Template For New Account Password = null
start converting accTasksMap to endpointaccTasksMap
finished converting accTasksMap to endpointaccTasksMap

Let me know if any further info is required.

Regards

Gaurav

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to GauravJain

‎03/17/2024 09:02 PM

Does account have accoutid ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

GauravJain
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎03/17/2024 09:16 PM

Yes, both the accounts i have referred to in logs have valid account id value. one of them i have tried in POSTMAN and that worked fine (response / body shared in above in this forum for reference).

FYI...currently, i am using the remove account config as shared by @sudeshjaiswal above.

Regards

Gaurav

 

0 Kudos

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎03/17/2024 10:34 PM

Hello @GauravJain,

We have already identified this is a bug for the removeaccoutjson in DUO, this will fixed in the later version. We will let you know if we have any workaround in mean time.

You may use the disable account json (PFA Sample Below), if that fulfil your usecase.

 

{
  "call": [
    {
      "name": "call1",
      "connection": "acctAuth",
      "basicUrl": "<BASE_URL>",
      "hostUrl": "/admin/v1/users/${account.accountID}",
      "url": "https://<BASE_URL>/admin/v1/users/${account.accountID}",
      "httpMethod": "POST",
      "httpParams": "{\"status\": \"disabled\"}"
    }
  ]
}

 


Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".
If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

GauravJain
Regular Contributor
Regular Contributor
In response to sudeshjaiswal

‎03/17/2024 11:57 PM

Hi @sudeshjaiswal i made a mistake here - the config you have shared earlier for "RemoveAccountJSON", i configured it in "DisableAccountJSON". Sorry for the confusion.

Now, i have removed configuration for "DisableAccountJSON" and added below config for "RemoveAccountJSON"

{
"call": [
{
"name": "call1",
"connection": "acctAuth",
"basicUrl": "api.duosecurity.com",
"hostUrl": "${(account?.customproperty2.equals('AdminUser')) ? '/admin/v1/admins/'+account.accountID : '/admin/v1/users/'+account.accountID}",
"url": "${(account?.customproperty2.equals('AdminUser')) ? 'https://api.duosecurity.com/admin/v1/admins/'+account.accountID : 'https://api.duosecurity.com/admin/v1/users/'+account.accountID}",
"httpMethod": "DELETE"
}
]
}

After above change when i execute DUO provisioning job, i get below signRequest error

Total Call: 1
connection: acctAuth
Exception in signRequest :
groovy.lang.GroovyRuntimeException: Ambiguous method overloading for method java.lang.String#<init>.
Cannot resolve which method to invoke for [null] due to overlapping prototypes between:
" [class [B]"
" [class [C]"
" [class java.lang.String]"
" at com.saviynt.provisoning.rest.RestProvisioningService.canonRequest(RestProvisioningService.groovy:3882)"
" at com.saviynt.provisoning.rest.RestProvisioningService.signRequest(RestProvisioningService.groovy:3852)"
" at com.saviynt.provisoning.rest.RestProvisioningService.populateHttpParamsForBasicWithHmac(RestProvisioningService.groovy:3613)"
" at com.saviynt.provisoning.rest.RestProvisioningService.populateHttpParams(RestProvisioningService.groovy:3483)"
" at com.saviynt.provisoning.rest.RestProvisioningService.processWebservice(RestProvisioningService.groovy:8491)"
" at com.saviynt.provisoning.rest.RestProvisioningService$_removeAccount_closure56.doCall(RestProvisioningService.groovy:9238)"
" at com.saviynt.provisoning.rest.RestProvisioningService.removeAccount(RestProvisioningService.groovy:9193)"
" at com.saviynt.ecm.services.ArsTaskService.removeAccountTarget(ArsTaskService.groovy:11979)"
" at com.saviynt.ecm.services.ArsTaskHelperService$_whenTaskTypeIsTwoRemoveAccess_closure52.doCall(ArsTaskHelperService.groovy:3225)"
" at com.saviynt.ecm.services.ArsTaskHelperService.whenTaskTypeIsTwoRemoveAccess(ArsTaskHelperService.groovy:3215)"
" at com.saviynt.ecm.services.ArsTaskHelperService$_completeAutoProvTasksUpgraded_closure1.doCall(ArsTaskHelperService.groovy:170)"
" at com.saviynt.ecm.services.ArsTaskHelperService.completeAutoProvTasksUpgraded(ArsTaskHelperService.groovy:160)"
" at MultipleProvisioningJob.execute(MultipleProvisioningJob.groovy:222)"
" at org.quartz.core.JobRunShell.run(JobRunShell.java:199)"
" at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)"
Task Response: null
Result: false

 

Please let me know if you need any further information to debug this further.

Second question is how one can trigger "DisableAccountJSON" as i don't see such configuration at Endpoint level.

Regards

Gaurav

 

0 Kudos

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎03/18/2024 08:23 PM

Hello @GauravJain,

Please read my previous comment, as said above this is the known issue, it will be fixed in the later version.
To enable the disableaccountjson functionality, you need to update the configuration at the endpoint level within the "State and Status Fields" configuration. PFA screeshot for reference.

sudeshjaiswal_0-1710818349893.png
There are various methods available to disable the account. This can be done through ARS,  rules, or using actionable analytics, depending on your usecase.

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to sudeshjaiswal

‎03/18/2024 09:01 PM

Is it possible to share JIRA number so we will be able to find latest release notes once fixed


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎03/18/2024 09:07 PM - edited ‎03/18/2024 09:07 PM

Hello @GauravJain @rushikeshvartak,

I will keep you updated here, once it is been fixed.

Thanks

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

GauravJain
Regular Contributor
Regular Contributor
In response to sudeshjaiswal

‎03/18/2024 09:39 PM

Thanks @sudeshjaiswal for your quick revert and update on issue.

0 Kudos

GauravJain
Regular Contributor
Regular Contributor
In response to GauravJain

‎03/19/2024 04:29 AM

Hi @sudeshjaiswal i tried below DisableAccountJSON config for a user "qwerty" which worked fine. To verify it, i again used the link "Request access for others" and selected that user  "qwerty" - here i cant see the Duo application in users existing access so allows me to raise new account request. so far all good. But, if i check account status under endpoint then it still shows "active" under "MFA Status" which is customproperty1. is it happening because we dont have "responseColsToPropsMap" config missing in below configuration?

 

{
"call": [
{
"name": "call1",
"connection": "acctAuth",
"basicUrl":"api.duosecurity.com",
"hostUrl": "${(account?.customproperty2.equals('AdminUser')) ? '/admin/v1/admins/'+account.accountID : '/admin/v1/users/'+account.accountID}",
"url": "${(account?.customproperty2.equals('AdminUser')) ? 'https://api.duosecurity.com/admin/v1/admins/'+account.accountID : 'https://api.duosecurity.com/admin/v1/users/'+account.accountID}",
"httpMethod": "POST",
"httpParams": "{\"status\": \"disabled\"}"
}
]
}

0 Kudos

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎03/24/2024 08:17 PM - edited ‎03/24/2024 10:02 PM

Hello @GauravJain,

You are seeing the MFA Status in the "Other Attributes" Section, Please confirm if you are disabling the account , is it getting disabled in the target, if yes,
Then run the account import, the MFA status will change accordingly.
Please validate and confirm the same.

Thanks.

If you find the above response helpful, please consider marking it as the solution by selecting "Accept As Solution" and giving it a thumbs-up by clicking on the "kudos" button.
If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos
Copyright © 2024 Khoros, LLC