In the OpenSSO Enterprise console, in the data store configuration page for the realm or sub-realm into which you will be provisioning the role, for the property LDAP Roles Attributes, add cn to the list of values.
The cn attribute is not defined as an attribute for the IdType.ROLE in the Data Store configuration by default. This attribute is set, when the role is provisioned to OpenSSO Enterprise. If the cn attribute is not already defined, Identity Manager shows the following error on the Identity Manager administrator interface:
com.waveset.util.WavesetException: Error creating object 'idmsrtestrole5'. com.waveset.util.WavesetException: Error setting attributes for 'idmsrtestrole5' com.sun.identity.idm.IdRepoException: Illegal arguments: One or more required arguments is null or empty
Log in to the Identity Manager administrator interface using the following credentials:
Navigate to the tab Resources | List Resources.
Expand the branch for the Sun Access Manager Realm entry.
Mark the checkbox in front of the SunAccessManagerRealm entry.
Choose the option Resource Actions | Create Resource Object.
In the New Resource Object page, select Role from the dropdown box, and click New.
In the next page:
In the Create Role Results page, click OK.
The Resource List page is displayed, and contains a list with the role idm_users created when you expand the SunAccessManagerRealm branch.
Log out from the Identity Manager administrator interface.