OneLogin synchronization error when reading Privileges and UserPrivileges
説明
For module OneLogin (OLG) an error message can occur when Identity Manager needs to synchronize Privileges or UserPrivileges:
Error loading system objects of class Privilege (all) (Privilege_Master). : Error while reading Privilege objects with properties (). {"name":"ForbiddenError","message":"The request was a legal request, but the server is refusing to respond to it"}
原因
OneLogin API does not provide the endpoint for reading Privileges in any case, this API is only available as a very limited preview.
対策
Either contact OneLogin support to let the Privileges endpoint unlock in case that data is required in Identity Manager. Or just disable or remove all Privileges synchronization steps in any Identity Manager OneLogin synchronization project to prevent logging this type of error.
As of Identity Manager 9.1 creating new OneLogin synchronization projects will not generate mappings and synchronization steps for Privileges and UserPrivileges by default.