Troubleshooting
Common issues encountered when running the SAP IdM user load iFlows and their resolution.
Initial load issues
Timeout during parallel processing
Symptom: The iFlow fails with a transaction timeout error after 30 minutes.
Cause: The roiam_scim_bulk_parallel_page_size is set too high, causing individual threads to process too many records within a single transaction.
Resolution: Reduce the roiam_scim_bulk_parallel_page_size header value. A typical value is 200–500 records per parallel chunk. This creates more parallel threads with smaller workloads.
Empty result from source system
Symptom: The total count returns 0 and no parallel runs are created.
Cause: The source system destination is misconfigured, or the SAP Cloud Connector tunnel is not active.
Resolution: Verify the source system registration in ROI iAM, confirm the Cloud Connector is running, and check that the destination URL is reachable.
SCIM bulk failures not retried
Symptom: The message processing log shows SCIM bulk errors, but the retry step reports no records to retry.
Cause: The failed entry extraction script could not parse the SCIM bulk response (unexpected response format from the target system).
Resolution: Check the MPL attachments for the raw SCIM bulk response body. Verify that the ROI iAM SCIM endpoint is responding with the expected bulk response structure.
Daily load issues
Delta returns full dataset
Symptom: The daily load processes an unexpectedly large number of records instead of just the delta.
Cause: The lastrun variable is empty or expired. Without a lastModified filter, the source system returns all records.
Resolution: Run the initial parallel load first to establish the lastrun variable. Alternatively, manually set the variable value in the data store to an appropriate timestamp.
No records processed (empty bulk)
Symptom: The daily load completes successfully but reports zero records processed.
Cause: No users have been modified in the source system since the last run. This is expected behavior — the flow still updates the lastrun timestamp.
Resolution: No action required. Verify that the source system's lastModified field is being updated when changes occur.
Variable expired
Symptom: After a long period without runs (> 90 days), the daily load behaves like a full load.
Cause: The lastrun and lastjobid variables have a 90-day expiry in the data store. If the flow has not run within that window, the variables are purged.
Resolution: Run the initial parallel load again to re-establish the baseline variables, or restore the variable values manually.
General issues
roiam_customer_system_name not recognized
Symptom: The authorization flow fails with a system-not-found error.
Cause: The header value does not match any registered system name in ROI iAM.
Resolution: Verify the exact system name in the ROI iAM System Landscape configuration. The value is case-sensitive.
JMS message stuck in dead letter queue
Symptom: The message appears in the dead letter queue instead of being processed.
Cause: The iFlow encountered a non-retriable error (e.g., missing required header, script compilation error) and exhausted its retry attempts.
Resolution: Inspect the error details in the dead letter queue entry. Fix the root cause (typically a missing header or deployment issue), then re-submit the message.