If refresh task execution stops due to failures (such as null pointer exception), then IdentityIQ's "Prune Identity Cubes" task could find/correct the issue:
The task reports/purges identities missing ALL of these conditions:
marked protected
is a manager (managerStatus flag true)
has capabilities
Bundle, Application, Workitem, or TaskResult owners
work item requestor
Application secondary owner
Application remediator
creator of a MitigationExpiration
Besides an option to filter the identities to scan, the task offers an option to scan, yet not delete, identities (to report what could happen) and another "protectIfCertifying" option to protect identities in an active (non-continuous) certification.
Alternatively, these steps could aid in resolution. There exists an "Refresh Identity Cube" task setting to continue processing identities even after failures. Disabling the failure-limit lets the task process all identities. While the default value of 1 stops processing after 1 failure, yet the value of 0 continues processing with no limit:
Either increase/disable the exception limit during identity refresh execution. The IIQ "debug" page offers a XML editor to access the "hidden" object attributes.
Check either task result or system logs for (failed) identities.
Re-configure the refresh task's filter to exclude "failed" identities. This allows the scan to complete the (good) identities, yet keeps the "failed" identities for study/resolution.
If "Prune Identity Cubes" task does not remove failures, then delete the (failed) identities from IIQ (via "iiq console"). Before deleting, copy the identity for backup/review purposes. Note that "iiq console" offers a SQL cmd option for examining RDBMS tables directly.
C:> set SPHOME=<IIQ DIR>
C:> cd %SPHOME%/WEB-INF/bin
C:> iiq console
> sql "select id,name from spt_identity where id = 'b8f4096252d74e16859ba0f8bb7e4e70' "
> get Identity b8f4096252d74e16859ba0f8bb7e4e70
...
(copy and paste XML to file as backup)
...
> delete Identity b8f4096252d74e16859ba0f8bb7e4e70
> quit
I figured out 3) for anyone that might have the same problem. The null pointer was coming from an delimited file app that had a rule and more than one merge columns. In the identity there was literally <null/> stored in there. I found out that my script wasn't handling null values and somehow the null value was being stored in the identity. All I did was change the beanshell script to handle null values, reaggregated, and the null pointer went away.
We are also getting Null pointer exception on "Refresh Identity" task only if we select "Refresh assigned, detected roles and promote additional entitlements" option. We identified which identity is causing this issue. Please help us to find solution for this and let us know in which rule we need to add the null check and it would be great if you can share a piece of code.
We get this same nll pointer exception during aggregation only if we select "Refresh assigned and detected roles" option. But there are no roles created in our application so far.
Go to the Debug interface for IdentityIQ and lookup the TaskDefinition object for your custom identity refresh task (or a standard refresh task that you want to modify). In the XML definition, within the attributes map, you add that line.
