Showing posts with label Patch7.3p3. Show all posts

Tuesday, October 19, 2021

Sailpoint IdentityIQ Database Performance Tests

Rule is Available in Community Site "https://community.sailpoint.com/t5/Other-Documents/IdentityIQ-Database-Performance-Tests/ta-p/78060"

Just Rule need to be Imported and can be Run using the debug Page/ Console/Rule Runner Task

2021-10-19 15:27:40,886 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - IdentityIQ Database Performance Test starting

2021-10-19 15:27:40,886 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - IdentityIQ Version: 7.3p3 6a66e78-20190718-230225

2021-10-19 15:27:40,887 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - DB Performance Test Rule version: 20190827

2021-10-19 15:27:40,887 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Executed from Host: XXXX.vishal.com

2021-10-19 15:27:40,887 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Executed on Date: 2021-10-19 15:27:40.864

2021-10-19 15:27:40,887 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Populating 1k, 4k, 8k data set HashMaps for 1000 records...

2021-10-19 15:28:16,134 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Data set HashMaps populated.

2021-10-19 15:28:16,135 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Testing 1k data set...

2021-10-19 15:28:19,814 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Completed 1k data set.

2021-10-19 15:28:19,815 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Testing 4k data set...

2021-10-19 15:28:26,533 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Completed 4k data set.

2021-10-19 15:28:26,534 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Testing 8k data set...

2021-10-19 15:28:36,435 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Completed 8k data set.

2021-10-19 15:28:36,466 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Meter Summary:

Meter Generate-IIQDB-Test-DataSets: 1 calls, 35246 milliseconds, 35246 minimum, 35246 maximum, 35246 average, top five [35246]

Meter IIQDB-Test-DataSet-1k-All: 1 calls, 3663 milliseconds, 3663 minimum, 3663 maximum, 3663 average, top five [3663]

Meter IIQDB-Test-DataSet-1k-Item: 1000 calls, 3647 milliseconds, 1 minimum, 343 maximum, 3 average, top five [343,95,63,14,13]

Meter IIQDB-Test-DataSet-4k-All: 1 calls, 6718 milliseconds, 6718 minimum, 6718 maximum, 6718 average, top five [6718]

Meter IIQDB-Test-DataSet-4k-Item: 1000 calls, 6694 milliseconds, 4 minimum, 82 maximum, 6 average, top five [82,76,67,25,22]

Meter IIQDB-Test-DataSet-8k-All: 1 calls, 9901 milliseconds, 9901 minimum, 9901 maximum, 9901 average, top five [9901]

Meter IIQDB-Test-DataSet-8k-Item: 1000 calls, 9882 milliseconds, 7 minimum, 126 maximum, 9 average, top five [126,109,70,31,30]

Meter getConnection: 0 calls, 0 milliseconds, -1 minimum, 0 maximum, 0 average, top five ]



2021-10-19 15:28:36,467 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Cleaning up test objects in the database...

2021-10-19 15:28:52,430 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - Completed cleanup of DB Performance Test records: 15960 milliseconds.


2021-10-19 15:28:52,431 DEBUG http-nio-8080-exec-2 com.sailpoint.IIQDBPerformanceTest:? - IdentityIQ Database Performance Test done

Above is the Output from the IIQ Logs , based on the Sailpoint Recommendation if the values lies below set Database and IIQ connectivity is good

1k - 9 milliseconds

4k - 17 milliseconds

8k - 20 milliseconds

Thursday, March 18, 2021

Sailpoint IIQ Azure Active Directory Connector Pre-check

Sailpoint IIQ Azure Active Directory Connector

Recently I was trying to integrate Azure AD with IIQ and found that 7.3P3 doesn't support proxy rather it's supported from patch4 version , so if you are in patch 3 make sure that the server FW is open and should be able to access the below URL which are internally used by Sailpoint Azure Connector.

https://login.windows.net

https://graph.windows.net

https://graph.microsoft.com

https://login.microsoftonline.com

Also make sure that you are able to retrieve data from Azure using below CURL

To generate access token :

curl --location --request POST 'https://login.microsoftonline.com/sailpointdev.onmicrosoft.com/oauth2/v2.0/token' \

--header 'Cookie: fpc=AnqEXhzvx4NKjU5r-HxvS9WRa5E6AQAAALRd4tcOAAAA; stsservicecookie=ests; x-ms-gateway-slice=prod' \

--form 'grant_type="client_credentials"' \

--form 'client_id="<Client_ID>"' \

--form 'client_secret="<Secret>"' \

--form 'scope="https://graph.microsoft.com/.default"'

Use above generated access token and fire below curl :

curl --location --request GET 'https://graph.microsoft.com/v1.0/groups?$top=500&$filter=securityEnabled+eq+true' \

--header 'Authorization: Bearer XXXXXXeyJ0eXAiOiJKV1QiLCJub25jZSIXXXXX' \

--header 'Content-Type: Application/json;odata=minimalmetadata'

Happy Learning !!

Saturday, August 15, 2020

Sailpoint IdentityIQ Patching from 7.3p2 to 7.3p3

Shutdown the application

All the Application server instance must be stopped before starting the process.

Navigate to the /apps/tomcat/bin

./shutdown.sh

Database backup

Once the application is in MM, DB backup should be taken

File backup

SP binaries need to be backed up before performing the patching of the system, this file backup step need to be performed on all the application server nodes

1. Navigate to

/apps/tomcat/webapps/

2. Run below command

tar -zcvf identityiq_node1_7.3p2.tar.gz identityiq/

move the tar file to some common backup path the /apps/backup

Build War File

Use SSB to build the war file , few important things to note here

Read the Read me from the Patch war file
Check out what the patch contain basically the files which are modified as the part of the patch and if you have modified anything
For example , we have modified the Bundle.js , so here we need to take the patch file and rewrite /overwite our changes on this file
This Patch contains few changes related to AD , example they have introduced few entry in XML related to performance and also the IIQ TLS and connectivity has been introduced , make sure you have updated the Application xml accordingly
Other Changes related to Active Directory Application is "ldapExtendedControls" and "ADAppVersion" entry addition , Same way check for the other application in your environment and make the changes accordingly.
Few Changes related to most common Application are below
Copy the patch jar file in base\patch dir of SSB
Make a directory with name 7.3p3 inside base\efix
build.properties values need to be updated to IIQVersion=7.3 IIQPatchLevel=p3

Active Directory Application

<entry key="ADAppVersion" value="V2"/>
<entry key="ldapExtendedControls"> 
		<value> 
		  <List> 
			<String>1.2.840.113556.1.4.1339</String> 
		  </List> 
		</value> 
</entry>

Delimited Application

<entry key="sftpAuthMethod" value="password"/>

Web Service Application

Support <AUTHENTICATE>	  
<entry key="isGetObjectRequiredForPTA">
           <value>
            <Boolean>true</Boolean>
          </value>
</entry>
<entry key="httpCookieSpecsStandard" value="true" />
<entry key="encrypted" value="accesstoken,refresh_token,oauth_token_info,client_secret,private_key,private_key_password,clientCertificate,clientKeySpec,resourceOwnerPassword" />

Database patching

Copy the created war file inside the identityiq directory

inside the identityiq

jar xvf identityiq.war

Navigate to \WEB-INF\database check for the file name and execute the scripts related changes on the database upgrade_identityiq_tables-7.3p3.oracle

SAILPOINT IDENTITY IQ