Symptoms
migrate_from_sso.py
execution ends successfully for a specific account, but it does not appear to be mirated from SSO to local logins: repeated check via pim_sso_list.py
shows that account is not migrated. Check in database reveals particular users (staff members or service users) that are still persist in SSO:
plesk=# select user_id,scope_id,member_id,type,login from users u JOIN identities i ON (i.identity_id = u.auth_identity_id) JOIN external_systems s ON (i.system_id = s.system_id) JOIN external_system_plugins p ON (s.plugin_id = p.plugin_id) WHERE p.name = 'APS_PIM';
user_id | scope_id | member_id | type | login
---------+----------+-----------+--------------+------------------------------
8446 | 1006868 | 1005564 | member | RichardBroun
8447 | 1006869 | 1005565 | member | RachelElizabeth
9511 | 1006876 | | service user | user1@example.deleted
9513 | 1006876 | | service user | user2@example.deleted
Other accounts are processed correctly. The script does not produce any errors.
Cause
Corrupted or inconsistent user resources. In particular, discrepancy could occur between login
field in APS resource of user and APS resource of SSO-user identity. In this case user account will not be matched with its SSO identity because script will search case sensitive login, that it obtained from request GET https://192.168.133.12:6308//aps/2/resources/{ACCOUNT_UID}/users
earlier.
Resolution
Either delete users, obtained from select above in this article, or, if that is not possible, contact Odin technical support for workaround.