We are finding an intermittent issue that is causing us some concern.

A quick overview of our system.
-Access Manager Appliance (v4.
-User Source is a AD (Windows 2012 R2) Global Catalog (:3268) which
contains 2 x Domains.
-IDP has role assignment policy, including multiple roles assigned per
-Roles are based on either Group Membership, or OU Subtree
-(Although we can apparently assign multiple ROLES per Rule, the docs
say that we can only assign a single role per rule? Anyone have any
info on this?)

We are finding that in random cases, a user is logging into the system
(Basic Form), and it is being validated OK, but the audit log file is
"Roles assignment policy evaluaton Assigned Roles: [No Role(s)]"
even though the user is a member of the group. A reboot of the
appliance seems to have rectified the issue, at least temporarily.
The user will remain with 'No Roles' until we bounce the appliance.
Other users will be working fine during this time.

Can anyone offer any insight into this, or point me to where I could
start looking to debug better?


Assigned Roles: [No Role(s)]

mickers's Profile: https://forums.netiq.com/member.php?userid=1122
View this thread: https://forums.netiq.com/showthread.php?t=55095