while revoking the account during manager certification, the account still shows active status instead of disable.
Have you performed an account aggregation on the source to confirm it’s not actually disabled on the application side?
Does that application have a disable policy? Also check to see if there was a provisioning transaction executed for that.
Hi @autorun6464,
are you managing the IIQDisable attribute on account?
Account revoke should be disabled right?? Its showing active
I did account aggregation but still disable on sailpoint…
yes and it disable the account on the on the application, but not all connector manage automatically the status on IIQ.
The account status on IIQ is managed by 2 attribute: IIQDisable and IIQLocked that indicate if an account is disable or locked in IIQ. Some applications, like AD, managed automatically this attribute other application not, webservices or jdbc for example.
In this case, you must managed yourself if you want see the red point on account trhow the IIQDisable. Moreover, if an application dont managed the IIQDisable flag, this does not have repercussions on target system.
2 Likes
so i need to set the IIQDisabled flag on the Account (Link) itself??
1 Like
So its webservice connector. So i dont think manually disabling is right approach here … just wanted to knw wat could be causing this issue
what are you referring to?
Hi @autorun6464 ,
If it is Web Service Connector, ensure that you have configured the Disable HTTP Operation for this web service application. Disable operation take care of disabling the account.
Additionally, you will need to update the Before Provisioning Rule. Since revocation requests are treated as modify operations, it is necessary to explicitly set the accountRequest operation to disable within the rule to ensure the revocation is processed correctly.
1 Like
I am not sure how are you doing it. But when we revoke account will be deleted. But if you want to make it disable, you have to handle it explicitly. Please check below one if it is helpful.
1 Like
yup i have Disable HTTP operation.This is my before operation rule. ANd its deleting now rather than disable
Logger wsLog = Logger.getLogger("com.cof.rap.rule.COFZuoraOneID.BeforeOperationRule");
wsLog.debug("Entering COF Capital One Software Zuora - OneID Before Operation Rule");
String opType = null;
String nativeIdentity = "";
String appName = null;
String url = null;
String statusUrl = "%%CapitalOneSoftwareZuoraOneID_apiStatusURL%%";
//REST call to update users STATUS
public void updateUserStatus(String user, Map authMap, String toEnable){
Map header = new HashMap();
WebServicesClient client = new WebServicesClient();
Map args = new HashMap();
targetUrl = statusUrl + user;
args.put(WebServicesClient.ARG_URL, targetUrl);
client.configure(args);
// Information can be fetched from requestEndpoint and updated in the header and body
header.put("Content-Type","application/json");
header.put("Accept","application/json; v=1");
header.put("Authorization", authMap.get("Authorization") );
header.put("X-Authorization", authMap.get("X-Authorization"));
wsLog.debug(" header"+header);
Map payload = new HashMap();
payload.put( "schemas", "[\"urn:ietf:params:scim:api:messages:2.0:PatchOp\"]");
payload.put("Operations", "[{\"op\":\"replace\",\"value\": {\"active\": \""+toEnable+"\"} }]");
myPayload = "{\"schemas\" :[\"urn:ietf:params:scim:api:messages:2.0:PatchOp\"]" +",\"Operations\" :[{\"op\":\"replace\",\"value\": {\"active\": \""+toEnable+"\"} }]}";
wsLog.debug("BEFORE RULE: requestEndpoint Updated ==> myPayload: " + myPayload + "----------" +targetUrl);
List<String> allowedStatuses = new ArrayList();
allowedStatuses.add("2**");
//String response = client.executeGet(targetUrl, header, allowedStatuses);
String response;
// try{
response = client.executePatch(targetUrl, myPayload, header, allowedStatuses);
// }catch(Exception ex){
// wsLog.error("Exception is:" + ex );
// }
// if response contains token it can be updated in the requestEndpoint header or body
// the requestEndpoint will be used for execution of the particular operation configured
wsLog.debug("BEFORE RULE: requestEndpoint Updated ==> response: " + response);
JSONParser parser = new JSONParser();
JSONObject jsonReponse = (JSONObject) parser.parse(response);
groupMap = JsonUtil.getSerializedObjectFromJson(response,new HashMap());
wsLog.debug("BEFORE RULE: requestEndpoint Updated status ==> " + groupMap);
//return groupMap;
}
//get ID for user by name
public String getUserIdByUseName( Map authMap,String userName ){
//GET User ID Info begin
String projectBaseURL =application.getAttributeValue("genericWebServiceBaseUrl");
String responseUserId = null;
WebServicesClient client = new WebServicesClient();
Map header = new HashMap();
Map args = new HashMap();
userURL= projectBaseURL + "/Users?filter=userName eq \""+ userName + "\"";
args.put(WebServicesClient.ARG_URL, userURL);
client.configure(args);
header.put("Authorization", authMap.get("Authorization") );
header.put("X-Authorization", authMap.get("X-Authorization"));
header.put("Accept","application/scim+json;v=1");
header.put("Content-Type","application/json");
List<String> allowedStatuses = new ArrayList();
allowedStatuses.add("2**");
String response = "";
wsLog.debug("getUserId RULE: set url ==> "+ userURL);
try{
response = client.executeGet(userURL, header, allowedStatuses);
}catch(Exception ex){
wsLog.error( "Error while UserInfo() lookup : " +ex + " -- URL:" + userURL);
}
if(response !=null){
wsLog.debug("User response: "+response);
JSONParser parser = new JSONParser();
JSONObject jsonReponse = (JSONObject) parser.parse(response);
responseUser = jsonReponse.get("Resources");
wsLog.debug(" responseUser ==>" + responseUser);
responseUser0 = responseUser.get(0);//
wsLog.debug("RULE: User responseUser0 ==>" + responseUser0);
responseUserId= responseUser0.get("id");
}
return responseUserId;
}
if(requestEndPoint!=null){
//Is there an offset value? Then Manage Account aggregation variables
Map obj = (Map) application.getAttributeValue("transientValues");
wsLog.debug("BEFORE RULE: Transient Values ==> " + obj);
wsLog.debug("BEFORE RULE: getFullUrl" +requestEndPoint.getFullUrl() );
pageNumberConfig=requestEndPoint.getPagingInitialOffset();
pageSizeConfig=requestEndPoint.getPagingSize();
pageNumberCurrent =pageNumberConfig;
wsLog.debug("BEFORE RULE: pageNumber and pageSize Values ==> " + pageNumberConfig + " and " + pageSizeConfig);
String offset = null;
if(null != obj)
{
pageNumberCurrent= obj.get("offset");
wsLog.debug("BEFORE RULE: pageNumberCurrent ==> " + pageNumberCurrent);
}
//Populate Auth Tokens
Map authMap = populateAuthTokens();
requestEndPoint.addHeader("X-Authorization", authMap.get("X-Authorization") );
requestEndPoint.addHeader("Authorization",authMap.get("Authorization"));
opType = requestEndPoint.getOperationType();
Object reqBody = requestEndPoint.getBody();
url = requestEndPoint.getFullUrl();
wsLog.debug(" operation: "+opType);
if(null!=reqBody && null!=opType && null!=application){
appName = application.getName();
Map requestBodyMap = (Map) reqBody;
// Setting nativeIdentity
if(provisioningPlan != null && !Util.isEmpty(provisioningPlan.getAccountRequests())){
AccountRequest accReq = provisioningPlan.getAccountRequests().get(0);
if(accReq!=null)
nativeIdentity = accReq.getNativeIdentity();
}
String userID= getIdentityLinkAttribute(appName, nativeIdentity, "id");
if(!Util.isEmpty(requestBodyMap) && null!=requestBodyMap.get("jsonBody") ){
JSONParser parser = new JSONParser();
JSONObject requestBody = (JSONObject) parser.parse(requestBodyMap.get("jsonBody"));
if(null != requestBody)
{
if(Util.nullSafeCaseInsensitiveEq( opType, "Add Entitlement"))
{
wsLog.debug("Zuora WS Add Ent operation begin ");
JSONParser parser = new JSONParser();
if(userID==null) {
userID=getUserIdByUseName(authMap, nativeIdentity);
}
requestBody = (JSONObject) parser.parse(requestBody.toJSONString().replaceAll("#id#", userID));
fullroleGroup = url.substring(url.lastIndexOf("/") +1, url.length() );
fullroleGroup = fullroleGroup.replace("USER_", "") ;
fullroleGroup = fullroleGroup.replace("ADMIN_", "");
url = url.substring(0,url.lastIndexOf("/")) +"/"+fullroleGroup ;
requestEndPoint.setFullUrl(url);
wsLog.debug("Zuora WS Entitlements Add Ent operation After url: "+ url );
// if current account disable then enable it
String userStatus= getIdentityLinkAttribute(appName, nativeIdentity, "active");
if(userStatus != null && "false".equalsIgnoreCase(userStatus) ){
updateUserStatus(userID, authMap, "true" ); //enable user
wsLog.debug("Zuora WS Entitlements Add Ent operation ENABLIE USER: "+ userStatus);
}
wsLog.debug("Zuora WS Entitlements Add Ent operation After ");
}
else if(Util.nullSafeCaseInsensitiveEq( opType, "Remove Entitlement"))
{
wsLog.debug("ExceptionsOne Entitlements Remove Ent operation begin ");
JSONParser parser = new JSONParser();
if(userID==null) {
userID=getUserIdByUseName(authMap, nativeIdentity);
}
requestBody = (JSONObject) parser.parse(requestBody.toJSONString().replaceAll("#id#", userID));
fullroleGroup = url.substring(url.lastIndexOf("/") +1, url.length() );
fullroleGroup = fullroleGroup.replace("USER_", "") ;
fullroleGroup = fullroleGroup.replace("ADMIN_", "");
url = url.substring(0,url.lastIndexOf("/")) +"/"+fullroleGroup ;
requestEndPoint.setFullUrl(url);
retAccessList = getFinalizedRequestBody(provisioningPlan, "Remove Entitlement" , "roleGroups" , false);
wsLog.debug("Software Zuora WS Remove Ent operation finalist.Size() :"+ retAccessList.size() );
if(retAccessList.size() ==0){
updateUserStatus(userID, authMap, "false" ); //disable user
wsLog.debug("Software Zuora WS Remove Ent operation Disbling user (no more access found) ");
}
wsLog.debug("Software Zuora WS Remove Ent operation After ");
}
else if(Util.nullSafeCaseInsensitiveEq( opType, "Disable Account"))
{
wsLog.debug("Zuora WS Entitlements Disable Ent operation ");
if(url.contains("#id#") && null!=userID)
{
url = url.replace("#id#",userID);
}
requestEndPoint.setFullUrl(url);
wsLog.debug("Zuora WS Entitlements Disable Ent operation2 ");
}
else if(Util.nullSafeCaseInsensitiveEq( opType, "Enable Account"))
{
wsLog.debug("Zuora WS Entitlements Enable Ent operation1 ");
if(url.contains("#id#") && null!=userID)
{
url = url.replace("#id#",userID);
}
requestEndPoint.setFullUrl(url);
wsLog.debug("Zuora WS Entitlements Enable Ent operation2 ");
}
else if(Util.nullSafeCaseInsensitiveEq( opType, "Delete Account"))
{
wsLog.debug("Zuora WS Entitlements Delete Ent operation ");
}
requestBodyMap.put("jsonBody",requestBody.toString());
requestEndPoint.setBody(requestBodyMap);
}
}
}
}
wsLog.debug("Exiting COF Capital One Software Zuora - OneID Before Operation Rule");
return requestEndPoint;
yup i think that is issue but its not being resolved
can you check my before operation rule
You have to handle in before provisioning rule of the application. I already have provided the snippet code also, please check the document.
2 Likes
Yup worked. Appreciate that
You are welcome, happy to help 
1 Like
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.