Unlink the identity source if it is linked to the system error when deleting an unlinked external identity source in RSA Authentication Manager 8.x
Originally Published: 2014-12-08
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
There was a problem processing your request. To delete an identity source, you must do the following:
- Unlink the identity source if it is linked to the system
- Schedule the 'Identity Sources Cleanup Job' batch job, and confirm that the job ran successfully.
(This job removes identity source references from the internal database.)
The following error is in the /opt/rsa/am/server/logs/imsOCTrace.log:
@@@2014-12-04 09:22:35,909, [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'],
(EJBRemoteTargetBase.java:178), trace.com.rsa.command.EJBRemoteTargetBase, ERROR, rsa01.staff.xyz.com,,,,
Exception during command execution.
com.rsa.command.exception.ObjectInUseException: Cannot delete an identity source with registered users and groups
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:464)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:272)
at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl_1211_WLStub.executeCommand
(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:84)
at com.sun.proxy.$Proxy72.executeCommand(Unknown Source)
at com.rsa.command.EJBRemoteTargetBase$CommandExecutor.run(EJBRemoteTargetBase.java:251)
at com.rsa.command.EJBRemoteTargetBase$CommandExecutor.run(EJBRemoteTargetBase.java:1)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.security.Security.runAs(Security.java:61)
at com.rsa.command.WebLogicSecurityContextWrapper.runAs(WebLogicSecurityContextWrapper.java:51)
at com.rsa.command.EJBRemoteTargetBase.executeCommand(EJBRemoteTargetBase.java:167)
at com.rsa.command.TargetableCommand.execute(TargetableCommand.java:297)
at com.rsa.admin.DeleteIdentitySourceCommand.execute(DeleteIdentitySourceCommand.java:122)
at com.rsa.ims.common.operationsconsole.utils.CommandUtil.executeIMSCommand(CommandUtil.java:178)
at com.rsa.ims.web.operationsconsole.action.handler.IdentitySourceHandler.delete
(IdentitySourceHandler.java:524)
at com.rsa.ims.web.operationsconsole.action.IdentitySourceWizardConnectionAction.delete
(IdentitySourceWizardConnectionAction.java:565)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:266)
at com.rsa.ui.common.struts.action.RSABaseDispatchAction.execute(RSABaseDispatchAction.java:180)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:413)
at com.rsa.ui.common.util.RSAWebRequestProcessor.process(RSAWebRequestProcessor.java:220)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1858)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:751)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:844)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:242)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:216)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:132)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:352)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:70)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
at com.rsa.ui.common.filter.I18NFilter.doFilter(I18NFilter.java:96)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
at com.rsa.ui.common.security.csrf.CSRFFilter.doFilterInternal(CSRFFilter.java:166)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
at com.rsa.ui.common.filter.UrlValidationFilter.doFilter(UrlValidationFilter.java:133)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
at com.rsa.ims.common.operationsconsole.security.filter.CommonOCIMSSignOnFilter$1.run
(CommonOCIMSSignOnFilter.java:179)
at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:113)
at com.rsa.security.SecurityContext.doAs(SecurityContext.java:439)
at com.rsa.ims.common.operationsconsole.security.filter.CommonOCIMSSignOnFilter.doFilter
(CommonOCIMSSignOnFilter.java:176)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
at com.rsa.ims.common.operationsconsole.security.filter.CommonOCSignOnFilter.doFilter
(CommonOCSignOnFilter.java:107)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun
(WebAppServletContext.java:3288)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run
(WebAppServletContext.java:3254)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2163)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2089)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2074)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1512)
at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run
(ContainerSupportProviderImpl.java:254)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
The super admin already unlinked the identity source from realm before attempting to delete it.
Cause
Resolution
- For example, the existing identity source is similar to what is shown here:
Identity Source: Junior Staff
User Base DN: OU=Junior Users,DC=Staff,DC=XYZ,DC=COM
Group Base DN: OU=Junior Groups,DC=Staff,DC=XYZ,DC=COM
- Create a new identity source named TestRemove, with the User Bas DN and Group Base DN as shown:
User Base DN: OU=Empty Users,DC=Staff,DC=XYZ,DC=COM
Group Base DN: OU=Empty Groups,DC=Staff,DC=XYZ,DC=COM
Group Base DN: OU=Empty Groups,DC=Staff,DC=XYZ,DC=COM
- Link TestRemove in the Security Console under Setup > Identity Sources > Link Identity Source to System.
- Navigate to Setup > Identity Sources > Cleanup Unresolvable Users and run the job to cleanup unresolvable users against the identity source configured with the grace period set to Disabled.
- After the cleanup runs, confirm that it succeeded
- Unlink the identity source.
- Attempt to delete the identity source from the Operations Console (Deployment Configuration > Identity Sources > Manage Existing. Click the identity source you want to delete and from the context menu, click Delete). This should remove the problematic identity source from use within the system.
- Repeat the steps above for any other external Identity Source you wish to delete.
Related Articles
How to troubleshoot RSA SecurID Access identity source errors Number of Views How to map an Active Directory external identity source to a universal group for Authentication Manager 8.x Number of Views Cannot link the runtime identity source because no administrative identity sources reference this runtime source in RSA Au… Number of Views How to create an external identity source to Active Directory in RSA Authentication Manager 8.x Number of Views How to create an external LDAP identity source in RSA Authentication Manager 8.1 SP1 or later Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
Don't see what you're looking for?
