Urgent !!! facing Issue !! Approving a request in not working.

Aug 31, 2012 at 12:09 PM

I am using FIM RMC2010, for approving a request -using RMapproval object, but facing issues related to endpoint address.

It is throwing "The Approval object contains 1 endpoints instead of 2." exception while approving a request.

It is observed that it requires two endpoint addresses but currently it contains only one.

Please help me in resolving this issue.

Code Snippet:

    DefaultClient client = new DefaultClient();   // set credentials and refresh schema

    client.ClientCredential = new System.Net.NetworkCredential( "AppApprover", "pwd", "<Domain Name>");

    client.RefreshSchema ();

    // enumerate the approvals and approve specifying an SPN.

     foreach (RmResource resource in client.Enumerate(string.Format("/Approval[ApprovalStatus='Pending']")))

     {

             RmApproval approval = resource as RmApproval;

             if (approval != null)

             {     

                  try

                  {

                       client.Approve(approval, true);

                       Console.WriteLine("Success.");

                   }

                     catch (Exception exc)

                     {

                           Console.WriteLine("Failed: {0}", exc);

                     }

               }

       }

Coordinator
Aug 31, 2012 at 12:12 PM

Hi,

Could you provide some more details about the Approval object for which the exception is thrown, and the related Request?

Cheers,
Paolo

Sep 3, 2012 at 6:10 AM
Edited Sep 3, 2012 at 6:14 AM

Hi

Thank you for the consideration.

mentioned exception is thrown by "Client.Approve(approval,true)" method.

Internally this approve method calls it's overloaded method "Approve(approval, isApproved, DefaultApprovalConfiguration);"  (Where:public const string DefaultApprovalConfiguration = @"ServiceMultipleTokenBinding_ResourceFactory";) and then



WsTransferFactoryClient approvalClient = new WsTransferFactoryClient(approvalConfiguration,approval.ApprovalEndpointAddress);

"approval.ApprovalEndpointAddress" is one of property of RmApproval_extn class [ObjectModel] and this property looks for 2 endpointaddress.

 If count of endpoint addresses are less than 2  then it shows the exception "The Approval object contains 1 endpoints instead of 2"

Regards,

Nirzari Shah

Coordinator
Sep 3, 2012 at 8:12 AM

Actually I meant details about the FIM objects, not about the code.

If you look at that approval object in the FIM portal, do you see the 2 endpoints?

Cheers,
Paolo 

Sep 3, 2012 at 10:02 AM

Hi,

I am new to FIM,Could you please let me know where i can see endpoint details in FIM Portal?

Thanks and Regards,

Nirzari Shah.

Sep 4, 2012 at 12:52 PM

Hi,

I have tried to explore on endpoint details on FIM portal,but didnot get any useful information.

Could you please share the information  related to the same.Where I can get the endpoint details in FIM Portal?

Thanks and Regards,

Nirzari Shah.

Coordinator
Sep 5, 2012 at 8:37 AM

Hi Nirzari,

I've noticed that from the FIM portal, if you go Administration -> All Resources -> Approval you see the list of "Approval" objects, but then the portal displays the details about the related request, and not of the approval itself.

The easiest thing is if you get the value of the EndpointAddress property from your code (print it, or step in with the debugger).

Which values do you see? You should see something like this:

exchange.mail://fimserver.acme.com:5726/ResourceManagementService/WorkflowManager/8543fa81-c47b-4571-8750-c75cb1678025/164
http://fimserver.acme.com:5726/ResourceManagementService/WorkflowManager/8543fa81-c47b-4571-8750-c75cb1678025/164

That's what the client code is expecting. Do you see only the http one?

You could also try to modify the client code like this:

public string GetApprovalEndpointAddress() {
    if (EndpointAddress == null) { 
        throw new InvalidOperationException("The Approval object contains no endpoint information.");
    }
    string endpointAddress = EndpointAddress.FirstOrDefault(a => a.StartsWith("http://"));
    if (endpointAddress == null) {
        throw new InvalidOperationException("No http endpoint address found.");
    }
    return endpointAddress;
}
Let me know if this works, it could be that the client code does not work for all FIM configurations...

Cheers,
Paolo 

Sep 6, 2012 at 7:36 AM

Hi,

I got the value of endpointaddress property using debugger. Only one value present for it

http://pocecfim01.ecom.local:5726/ResourceManagementService/WorkflowManager/b37c512c-3c66-4139-bb0a-528a009d5d06/81 

No exchange mail related enpointaddress present.

I have modified the client code as you mentioned,but a new exception was thrown :

Main Exception: SOAP security negotiation with 'http://pocecfim01.ecom.local:5726/ResourceManagementService/WorkflowManager/b37c512c-3c66-4139-bb0a-528a009d5d06/81' for target 'http://pocecfim01.ecom.local:5726/ResourceManagementService/WorkflowManager/b37c512c-3c66-4139-bb0a-528a009d5d06/81' failed. See inner exception for more details.

Inner Exception:Security Support Provider Interface (SSPI) authentication failed. The server may not be running in an account with identity 'host/pocecfim01.ecom.local'. If the server is running in a service account (Network Service for example), specify the account's ServicePrincipalName as the identity in the EndpointAddress for the server. If the server is running in a user account, specify the account's UserPrincipalName as the identity in the EndpointAddress for the server.

So I have created new endpoint address using ApprovalEndpointaddress and Creating SPN Identity for the user who will aprove the request i.e."Approver".

EndpointAddress address = new EndpointAddress(
  new Uri(approval.ApprovalEndpointAddress),
  EndpointIdentity.CreateSpnIdentity("ECOM/Approver"));

But It shown another exception

Main Exception:The caller was not authenticated by the service.
Inner Exception:The request for security token could not be satisfied because authentication failed. 

Could you help me on it..where it is going wrong?

Thanks and Regards,

Nirzari Shah

Coordinator
Sep 10, 2012 at 7:53 AM

Hi Nirzari,

Sorry for the slow replies, but I am very busy these days.

It looks like this is an issue with the configuration of your service. I think that the best thing to do would be to ask for help on the FIM forum: http://social.technet.microsoft.com/Forums/en/ilm2/threads

Cheers,
Paolo

Sep 14, 2012 at 12:42 PM

Hi,

does the client.Approve(approval, true) method exist in FIM 2010 R2 Resource Management Client?

we are not finding the Approve function in the client properties and we have R2 Version.

 

Thanks.

Sep 25, 2012 at 12:29 PM

Hi,

I want to know if this code available on codeplex is written for FIM 2010 R2 or just FIM 2010? Please confirm on this as we are not able to proceed further on the approval part.

Our environment has FIM 2010 R2 installed on it.

Thanks
Nirzari

Oct 6, 2012 at 1:09 PM
Edited Oct 7, 2012 at 1:17 PM

Hi,

The problem is solved .I am able to approve the request using approval object.I have test same code on new FIM Configuration and it is working perfectly fine.

Problem was with FIM configuration itself.Thanks a lot for your help :)

1. I have new query related to same "approving a request" .I want to extract person object details (like display name, first name etc.) who has requested for the approval.

I have checked RmApproval object,but did not find any details.I have checked "Requestor" property but It was displaying administrative details(FIMService),not the details related to person object who requested.

2. Also I have another query related to filter condition given to enumerate method.

Is it possible to enumerate using email filter condition? I am facing the issues while extracting the person details based on email condition.

I am using below mentioned condition

string filter=string.format("/Person[{0}={1}]",RmAttributeName.Email,"samplemail@gmail.com")

but this filter condition did not work for the enumerate method and it throws the exception that "Can not filter as requested"

but similar filter condition work fine for account name property of person.

Could you please help me on above mentioned two issues?

 

Thanks and Regards,

Nirzari Shah.

Oct 6, 2012 at 1:11 PM
marieange wrote:

Hi,

does the client.Approve(approval, true) method exist in FIM 2010 R2 Resource Management Client?

we are not finding the Approve function in the client properties and we have R2 Version.

 

Thanks.

 

Hi,

Sorry for the late reply.I have taken the latest code from codeplex site. and method exist in FIM 2010 R2.

Thanks,

Nirzari Shah.

 

Coordinator
Oct 8, 2012 at 8:08 AM

Hi Nirzari,

I'm glad you could solve your problem :) Out of curiosity, what was the FIM configuration issue?

About question #1 (details of the requestor), I checked on my test system, and I think the Requestor property is the one you need... Can  you give me some more details about the whole procedure?

About the query on the email, try putting the value among quotes (single or double), e.g.

/Person[Email='samplemail@gmail.com']

or

/Person[Email="samplemail@gmail.com"]

Both should work. It probably depends on the "@" character, that's why you don't need quotes for the AccountName.

Cheers,
Paolo