Hi,

There is an issue related to IDM session transaction https://issues.jboss.org/browse/GTNPORTAL-3539 which is potential I think.

In summary of the problem, let's say we have following scenario:

{code}

// Some changes in organziation service, such as adding a new user (1)

PicketLinkIDMOrganizationServiceImpl.flush();
try {
foundUser = session.getPersistenceManager().findUser(userName);
} catch (Exception e) {
handleException("Cannot obtain user: " + userName + "; ", e); // rollback transaction
}

// The changes in (1) will be lost ==> This is the current problem

{code}

In the case of userName is NULL, the #findUser method will throws an exception AND inside the #handleException it will indirectly perform the rollback of IDM transaction (via #recoverFromIDMError) ==> losing changes from (1)

There are two points that I really confuses in this scenario:

1. Does the PicketLinkIDMOrganizationServiceImpl.flush() perform saving the pending changes ? If NOT, I think there is a bug in IDM integration.

2. Should the rollback of IDM transaction be performed when any exception occurred in the #findUser method ?

Could someone who has more expertise in IDM take a look and give any feedback/idea to help for handling this properly ?

Thanks

--
Tran The Trong
eXo Platform SEA