Hi All,

IDM/RBPM 4.5.4, I need to start a workflow via SOAP with a regular user
account.

First step performed was to Change to ism-configuration.properties then
restart tomcat as per
https://www.netiq.com/documentation/...a/b94nzjz.html

Only changed the line with the ProvisioningAdminOnly from true to false,
other lines that may be relevant as they are below:

WorkflowService/SOAP-End-Points-Authorization-Security-Enabled = true
WorkflowService/SOAP-End-Points-Resource-Beta-Enabled = false
WorkflowService/SOAP-End-Points-Accessible-By-ProvisioningAdminOnly = false
WorkflowService/soap/startWithCorrelationId = false

Created a regular user, tried to use the soap calls ser:startRequest and
ser:startWithCorrelationId Request, both error out with a permission
denied error.

Also tried:
- adding user as a trustee of the workflow, retested, same error
- creating a team with the user as a member with full rights to all
tasks in this workflow, retested, same error
- assigned role Provisioning Manager to the user, retested, same error
- assigned role Provisioning Administrator to the user, retested, this
one works (as expected, but not what we need)

First time I try this in 4.5, from memory it worked fine on 4.0.2 after
modifying files inside the war and repackaging it. Any ideas on what am
I missing? Has anyone here got it working on 4.5?

SOAP error response:

<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>Client</faultcode>
<faultstring>Server Error</faultstring>
<detail>
<ns1:AdminException
xmlns="http://www.novell.com/provisioning/service"
xmlns:ns1="http://www.novell.com/provisioning/service">
<ns2:reason
xmlns="http://www.novell.com/soa/af/impl/soap"
xmlns:ns2="http://www.novell.com/soa/af/impl/soap">Access To Start
Provision Request Denied:
[cn=testPRD,cn=RequestDefs,cn=AppConfig,cn=UAD,cn=D S1,ou=system,o=LAB97TREE].</ns2:reason>
</ns1:AdminException>
<stackTrace
xsi:type="xsd:string">com.novell.soa.af.impl.soap. AdminException={_Reason=Access
To Start Provision Request Denied:
[cn=testPRD,cn=RequestDefs,cn=AppConfig,cn=UAD,cn=D S1,ou=system,o=LAB97TREE].}
at
com.novell.soa.af.impl.soap.ProvisioningImpl.start WithCorrelationId(ProvisioningImpl.java:912)
at
com.novell.soa.af.impl.soap.Provisioning_ServiceSk eleton._invoke(Provisioning_ServiceSkeleton.java:1 224)
at
com.novell.soa.ws.server.ServletSkeleton.invokeEnd Point(ServletSkeleton.java:208)
at
com.novell.soa.ws.impl.soap.MessageHandlerInvoker. invokeServerMessageHandlers(MessageHandlerInvoker. java:348)
at
com.novell.soa.ws.impl.soap.SOAPHandler.handleServ erRequest(SOAPHandler.java:84)
at
com.novell.soa.ws.impl.rpc.ServerDelegateImpl.hand leServerRequest(ServerDelegateImpl.java:92)
at
com.novell.soa.ws.server.ServletSkeleton.handleReq uest(ServletSkeleton.java:107)
at
com.novell.soa.ws.server.ServletSkeleton.doPost(Se rvletSkeleton.java:317)
at
javax.servlet.http.HttpServlet.service(HttpServlet .java:646)
at
javax.servlet.http.HttpServlet.service(HttpServlet .java:727)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:303)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:208)
at
com.novell.common.auth.JAASFilter.doFilter(JAASFil ter.java:145)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:208)
at
com.novell.common.auth.saml.AuthTokenGeneratorFilt er.doFilter(AuthTokenGeneratorFilter.java:115)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:208)
at
com.novell.common.auth.sso.SSOFilter.doFilter(SSOF ilter.java:129)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:208)
at
com.novell.soa.common.i18n.BestLocaleServletFilter .doFilter(BestLocaleServletFilter.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:208)
at
org.apache.tomcat.websocket.server.WsFilter.doFilt er(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:208)
at
com.novell.common.HttpSecurityHeadersFilter.doFilt er(HttpSecurityHeadersFilter.java:132)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:208)
at
org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:220)
at
org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:122)
at
org.apache.catalina.authenticator.AuthenticatorBas e.invoke(AuthenticatorBase.java:501)
at
org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:171)
at
org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:103)
at
org.apache.catalina.valves.AccessLogValve.invoke(A ccessLogValve.java:950)
at
org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:116)
at
org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:408)
at
org.apache.coyote.http11.AbstractHttp11Processor.p rocess(AbstractHttp11Processor.java:1070)
at
org.apache.coyote.AbstractProtocol$AbstractConnect ionHandler.process(AbstractProtocol.java:611)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProce ssor.run(JIoEndpoint.java:314)
at
java.util.concurrent.ThreadPoolExecutor.runWorker( ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:617)
at
org.apache.tomcat.util.threads.TaskThread$Wrapping Runnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)</stackTrace>
</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Cheers,

-Fernando