This account is deactivated, I am requesting access to it, and the IDN should understand that it must activate and finally add a profile
Has anyone already created a Web Services Before Operation Rule for this case?
@clebercarvalhoRaise Please find the rule exactly what you need, In our case we had SCIM API, you just need to update the code based on your API response.
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import sailpoint.tools.Util;
import sailpoint.object.Application;
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
/*
* This method will return the AccountRequest object for the given Source from the provisioning plan
* @plan : ProvisioningPlan Object
* @appName : Application Name
* @returns : acctReq AccountRequestobject
*/
public AccountRequest getAccountRequest(ProvisioningPlan plan, String appName) {
log.info("Entering XYZ_BeforeOperation_Rule_AddEntitlement : getAccountRequest method");
AccountRequest acctReq = null;
if (plan != null && !plan.isEmpty()) {
List acctReqList = plan.getAccountRequests();
if (acctReqList != null && !acctReqList.isEmpty()) {
for (Object planAcctReqObj : acctReqList) {
AccountRequest planAcctReq = (AccountRequest) planAcctReqObj;
String acctReqAppName = planAcctReq.getApplication();
if (acctReqAppName != null && acctReqAppName.startsWith(appName)) {
acctReq = planAcctReq;
break;
}
}
}
}
log.info("Exiting XYZ_BeforeOperation_Rule_AddEntitlement : getAccountRequest method");
return acctReq;
}
/*
* This method will call API end point to enable the user account
* @acctReq AccountRequest object
* @header: contains the details to be passed in API endpoint header
*/
public void enableAccount(AccountRequest acctReq, Map header) throws Exception {
log.info("Entering XYZ_BeforeOperation_Rule_AddEntitlement : enableAccount method");
if (acctReq != null) {
String userName = acctReq.getNativeIdentity();
if (Util.isNotNullOrEmpty(userName)) {
try {
//User enable endpoint API context url
String enableUrl = "/Users/" + userName;
//retrieving the base url from the application
String baseUrl = (String) application.getAttributeValue("genericWebServiceBaseUrl");
if (Util.isNotNullOrEmpty(baseUrl)) {
List allowedStatuses = new ArrayList();
allowedStatuses.add("2**");
String finalUrl = baseUrl + enableUrl;
//preparing the JSON object to be passed as a part of user account enable API endpoint call
Object json = "{\r\n"
+ " \"schemas\": [\r\n"
+ " \"urn:ietf:params:scim:api:messages:2.0:PatchOp\"\r\n"
+ " ],\r\n"
+ " \"Operations\": [\r\n"
+ " {\r\n"
+ " \"op\": \"replace\",\r\n"
+ " \"path\": \"urn:ietf:params:scim:schemas:core:2.0:User:active\",\r\n"
+ " \"value\": true\r\n"
+ " }\r\n"
+ " ]\r\n"
+ "}";
log.debug("calling enable API endpoint");
restClient.executePatch(finalUrl, json, header, allowedStatuses);
log.debug("API endpoint call success");
} else {
log.error("Error getting base URL");
}
} catch (Exception e) {
String message = "Error while enabling account " + userName;
log.error(message);
throw new Exception(message);
}
}else {
log.warn("User NativeIdentity is null or Empty");
}
}
log.info("Exiting XYZ_BeforeOperation_Rule_AddEntitlement : enableAccount method");
}
/*
* This is main method, this will check
* if the access is requested for the user with "active" LCS stage
* and account attribute "active" with false value (Disabled)
* Enable API end point will be triggered prior to adding the access.
*/
log.info("----------------XYZ Add Entitlement Before Operation Rule Start----------------");
if (provisioningPlan != null && requestEndPoint != null) {
AccountRequest acctReq = getAccountRequest(provisioningPlan, application.getName());
Map header = new HashMap();
header = requestEndPoint.getHeader();
if (acctReq != null) {
//retrieving user LCS stage value
String activeAttrReq = (String) acctReq.getArgument("cloudLifecycleState");
//retrieving user XYZ account status value
String accntStatus = (String) acctReq.getArgument("accountStatus");
if("active".equalsIgnoreCase(activeAttrReq) && "false".equalsIgnoreCase(accntStatus)) {
log.info("Calling method enableAccount() to enable the account");
enableAccount(acctReq, header);
log.info("Account successfully enabled");
}else {
log.info("Account and identity are in active stage");
}
} else {
log.error("Account Request is null or empty.");
}
} else {
log.error("Provisioning Plan or Request Endpoint is null or empty.");
}
log.info("----------------XYZ Add Entitlement Before Operation Rule End----------------");
Regards,
Shekhar Das