Access Request Preapproval

Is anyone using the Access Request Preapproval? I’m trying to get this to work using ASYNC but it does not appear to be adhering to the responseDeadline. I’m basically trying to have this kick off a another process that will require someone to sign a terms of use, then have their acknowledgement send back the response to SailPoint but this access request fails after 10 seconds unless I send back an immediate approval/denial (in under 10 seconds). Am I doing something wrong or is this bugged?

1 Like

@jlazerus My best guess is that it’s bugged.
I reported an issue with this trigger back in September 2021, about Pre-approval trigger not really caring about filter configured (all access requests on tenant would get stuck)
Bug was confirmed, they are still working on resolving it, so not gonna use this trigger in prod just yet…

1 Like

@jlazerus, I created an engineering ticket to have this looked into.

Thank you both! I was working with support and they said I needed expert services. I had a feeling this was a bug though.

@jlazerus, just to be sure it is not a configuration issue, can you please send me the trigger subscription details? Make sure you omit any secrets first! You can use this endpoint to get your details. list-subscriptions | SailPoint Developer Community

That looks correct. Must be a bug somewhere.

@jlazerus I encountered a similar issue as you. Let me know if this helps, or if you are still experiencing an issue with the deadline.

When testing the ASYNC mode for Access Request Preapproval, I had an issue where the access request was going into a failed state as soon as my service received the event and responded with a 200 to acknowledge receipt of the event. When my service tried to respond to the callback URL with the decision, it received a 400.1.404 Referenced object not found error. Here is the relevant code and the result in Request Center.

app.post('/async-access-request-preapproval', authorization, function(req, res) {
    // This line prints the event data received by the trigger on the command line.
    // This is meant for debugging purposes and should probably be removed once you are ready to 
    // deploy to production.
    console.log(`/async-access-request-preapproval received a body with the following contents:\n ${JSON.stringify(req.body, null, 2)}`)

    // Respond with a 200 and empty body to inform IDN that the event was received and is
    // being processsed.
    res.status(200).send()

    // Pass the payload data to a function that will handle the processing of the event.
    // This function will need to make an HTTP call using the URL and secret provided
    // in the payload, along with the decision payload, within the deadline configured
    // in the subcription.
    processAccessRequest(req.body)
})

With the help of engineering, I was able to determine that this issue stems from the documentation being misleading. The trigger is expecting a 200 with an empty JSON body {}, but I was sending a null body back. This caused the trigger to throw an error and fail the access request, as seen in the image above. The correct code and result is shown below:

app.post('/async-access-request-preapproval', authorization, function(req, res) {
    // This line prints the event data received by the trigger on the command line.
    // This is meant for debugging purposes and should probably be removed once you are ready to 
    // deploy to production.
    console.log(`/async-access-request-preapproval received a body with the following contents:\n ${JSON.stringify(req.body, null, 2)}`)

    // Respond with a 200 and empty body to inform IDN that the event was received and is
    // being processsed.
    res.status(200).send({})

    // Pass the payload data to a function that will handle the processing of the event.
    // This function will need to make an HTTP call using the URL and secret provided
    // in the payload, along with the decision payload, within the deadline configured
    // in the subcription.
    processAccessRequest(req.body)
})

1 Like

Thank you for responding to this and for the level of detail provided. I’m going to give this a try and see what happens. Will let you know!!

This totally worked. Thank you so much!!

1 Like