000037424 - The Active Directory Account Data Collector does not have an option to collect Logon Hours in RSA Identity Governance & Lifecycle 7.0.2 and 7.1.x

Document created by RSA Customer Support Employee on May 3, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037424
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.0.2, 7.1.0
The Active Directory Account Data Collector does not have an option to collect Logon Hours in RSA Identity Governance & Lifecycle.


User-added image

There have been unsuccessful attempts to work around this product limitation. For example,
  • Modify the LoginHours Attribute in Active Directory. Options to set hours exist for Logon Permitted and Logon Denied time frames. 
  • Add a LogonHours collected account attribute in the RSA Identity Governance & Lifecycle User Interface, under Admin > Attributes.
  • Run an Account Data Collection.

There are two problems with this workaround.
  • First, if Logon Denied is chosen and all hours are denied, the collection fails with the following error:

09/12/2018 07:40:45.815 INFO (Exec Task Consumer#0) [com.aveksa.server.xfw.TaskExecutor] Setting thread Thread[Exec Task Consumer#0,5,Execution Queue] on 583384 method=Execute
09/12/2018 07:40:47.206 ERROR (Exec Task Consumer#0) [com.aveksa.server.xfw.SAXAccountDataHandler] Error in processing Account Data
org.xml.sax.SAXParseException; lineNumber: 163501; columnNumber: 142; An invalid XML character (Unicode: 0x0) was found in the value of attribute "logonHours" and element is "attributes".
at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)

  • If any other setting is chosen, the collection succeeds, but the display is in octet format and therefore, unreadable.

User-added image
CauseThis is the current functionality of the product.
ResolutionProduct enhancement request ACM-91024 has been submitted for this issue. Product enhancement requests are evaluated by Product Management to determine when/if they will be added in a future release.    
Please go to RSA Link RSA Ideas for RSA Identity Governance & Lifecycle to submit and/or vote on an enhancement request. For more information, please see How to log a request for enhancement (RFE) for RSA Identity Governance & Lifecycle.