You may have noticed that search operation and its associated iteration only works when using Active Roles SPML Interface. An error is produced when the PowerShell prompt is used:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<iterateResponse status="failure" xmlns="urn:oasis:names:tc:SPML:2:0:search">
<error>noSuchIdentifier</error>
<errorMessage>Invalid iterator</errorMessage>
</iterateResponse>
</soap:Body>
</soap:Envelope>
This is by design. In the SPML interface, when a search is performed followed by an iteration, it maintains/uses the same session ID and the search context generated by the search operation is used by the iteration operation.
According to the reported issue, when a search operation is performed followed by an iteration operation, 2 different sessions IDs are generated and the session IDs are not maintained. Because of this the search context generated by the search operation is not available during iteration operation and an error is then presented.
An enhancement request (TF00623770) has been created detailing the feature.
WORKAROUND
Use the SPML Interface for search operations and associated iterations.
STATUS
The product team will evaluate the request and this feature may become available on a future release of the product.
Please refer to this article for updates or contact support referencing the Enhancement Request ID: TF00623770.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center