Hi All,
Recently we have onboarded one web services application and configured create provisioning police. The issue is when we trying to assign role to the user the provisioning transition is failing with this error.
Exception occurred while performing ‘Create’ operation on identity ‘xyy\null’: null
But is can see the those role is there in the user profile and entitlement is showing with this error “This is entitlement is does not exist on the account”
Thanks,
Shubham Gutte
Hi @GutteStolt,
Hi @GutteStolt ,
One of the best ways I can tell you to debug why the account is not being created.
Write a sample before rule in which you can add some logs that contain requestEndPoint (it contains the header, body, context url, method type, response attribute map, and response code).
In the logs, you can see everything, like the URL, body, and method. So, use the same thing in the Postman application with different values. and hit submit. Then you will get the response and see what is coming. Later, you can understand based on the output you got in response. If there is a problem while hitting API, you will get that. And, later, you can change the configuration in the application accordingly.
import java.util.List;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AccountRequest.Operation;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningPlan.ObjectOperation;
import sailpoint.object.ProvisioningPlan.Operation;
log.error("Entering into ABC Create Before Rule");
log.error("The provisioning plan is: "+provisioningPlan.toXml());
log.error("The Request end point before is: "+ requestEndPoint);
log.error("Exit from ABC Create Before Rule");
return requestEndPoint;
Hi,
please try to print the project and validate the master plan, whether it is expanding the role and roles has the entitlements/groups.
Hello @enistri_devo
Identity_XML.txt (13.6 KB)
Thanks,
Shubham
Hi @GutteStolt,
Modify the body of the Create HTTP operation to include static values and verify if the account has been successfully created.
Activate logging for the web service connector to provide more detailed information about the error.
logger.ws1.name = sailpoint.connector.webservices
logger.ws1.level = debug
Hello @Arun-Kumar,
We already set the username as static value. Below are the detail we have getting at the time of account creation. I have attached the debug level logs for this.
Thanks,
Shubham Gutte
Hello @Arun-Kumar,
We already set the username as static value. Below are the detail we have getting at the time of account creation. I have attached the debug level logs for this.
Thanks,
Shubham Gutte
Hi @GutteStolt,
Instead of retrieving the username from the plan, you can hardcode it for verification.
I could not find the logs.
Hello @Arun-Kumar
I have tried with the TestUser but still same error is throwing and getting another error as well. Please find the attached logs.
UAT_logger.txt (35.3 KB)
An unexpected error occurred: The application script threw an exception: sailpoint.tools.GeneralException: could not resolve property: actionPolicy of: sailpoint.object.ManagedAttribute BSF info: Certification - Exclude Low Risk Entitlement at line: 0 column: columnNo
Thanks
Hi @GutteStolt,
The attached logs are not associated with web service operations. Have you enabled logging for the web services connector in the log4j2.properties file? Once you’ve done that, please reload the logging configuration.
Could you also share the body of the create operation?
Additionally, there’s an error: “could not resolve property: actionPolicy of: sailpoint.object.ManagedAttribute” from the Certification - Exclude Low Risk Entitlement Rule. This issue is not related to the web service create operation.
Hello @Arun-Kumar,
The attached loggers are the recent logger after performing the create the operation.
Yes, have enabled those logger in the log4j2.properties file and loaded the logging. Please find below body for the create operation.
{
“UserName”: “Test_User”,
“IsActive”: true,
“FirstName”: “$plan.FirstName$”,
“LastName”: “$plan.LastName$”,
“Email”: “$plan.Email$”,
“ExternalReference”: “$plan.nativeIdentity$”,
“Language”: “EN”
}
Thanks,
Hi @GutteStolt,
For testing purposes, rather than retrieving the userName, FirstName, LastName, Email, and ExternalReference attribute values from the plan, you can use any active user and hardcode those values.
Please refer the body for reference. Mentioned the native identity for ExternalReference.
{
“UserName”: “Aaron.Nichols”,
“IsActive”: true,
“FirstName”: “Test_FirstName”,
“LastName”: “Test_LastName”,
“Email”: “[email protected]”,
“ExternalReference”: “”,
“Language”: “EN”
}
Did you define the create provisioning policy with the UserName, FirstName, LastName, and Email attributes?
What is the identity Attribute for account schema?
Hello @Arun-Kumar
I have tested the through the postman looks like application is not reachable. When I’m tried with post operation from the postman getting 500 error. Let me check with application team once and get back to you any help need.
