Build Provisoning Plan web services connector

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Which IIQ version are you inquiring about?

8.4.2.1

Please share any images or screenshots, if relevant.

image
image1873×630 47.5 KB

Schema: 
<Schema aggregationType="group" created="1749138938743" displayAttribute="displayName" id="ac12000399c910eb819a1626d49a5612" identityAttribute="keyId" modified="1762516402459" nativeObjectType="passwordCredentials" objectType="passwordCredentials" significantModified="1762516402459">

connectionParameters:

     <entry key="connectionParameters">
        <value>
          <List>
<Map>
              <entry key="afterRule" value=""/>
              <entry key="beforeRule"/>
              <entry key="body">
                <value>
                  <Map>
                    <entry key="bodyFormData"/>
                    <entry key="bodyFormat" value="raw"/>
                    <entry key="jsonBody"/>
                  </Map>
                </value>
              </entry>
              <entry key="contextUrl" value="/v1.0/servicePrincipals/{id}/addPassword"/>
              <entry key="curlCommand"/>
              <entry key="curlEnabled">
                <value>
                  <Boolean></Boolean>
                </value>
              </entry>
              <entry key="customAuthUrl"/>
              <entry key="header"/>
              <entry key="httpMethodType" value="POST"/>
              <entry key="operationType" value="Create-passwordCredentials"/>
              <entry key="paginationSteps"/>
              <entry key="pagingInitialOffset">
                <value>
                  <Integer>0</Integer>
                </value>
              </entry>
              <entry key="pagingSize">
                <value>
                  <Integer>50</Integer>
                </value>
              </entry>
              <entry key="parentEndpointName"/>
              <entry key="resMappingObj">
                <value>
                  <Map>
                   
                  </Map>
                </value>
              </entry>
              <entry key="responseCode">
                <value>
                  <List>
                    <String>200</String>
                  </List>
                </value>
              </entry>
              <entry key="rootPath"/>
              <entry key="sequenceNumberForEndpoint" value="9"/>
              <entry key="uniqueNameForEndPoint" value="Create PasswordCredentials"/>
              <entry key="xpathNamespaces"/>
            </Map>

Share all details about your problem, including any error messages you may have received.

I want to create a provisioning plan to launch the specified endpoint, so that I can then assign a passwordcredential object of type group to an account using the endpoint's response. However, I'm getting the following error in the plan. How should I build it?
2

@x745368

Have you written a provisioning plan for the above screenshot, or is it generated through a SailPoint request?

3 
I have generated it
4

Please share with me the provision plan code that you are using.

5 
ProvisioningPlan plan = new ProvisioningPlan();  
ProvisioningPlan.ObjectRequest objRequest = new ProvisioningPlan.ObjectRequest();
String pwdDN =“CN=”+spnDisplayName;
objRequest.setApplication(targetAppName);
objRequest.setNativeIdentity(pwdDN);
objRequest.setOp(ObjectOperation.Create);
objRequest.setType(“passwordCredentials”);
objRequest.add(new AttributeRequest(“ObjectType”, ProvisioningPlan.Operation.Set, “passwordCredentials”));
objRequest.add(new AttributeRequest(“sysDisplayName”, ProvisioningPlan.Operation.Set, pwdDN));
objRequest.add(new AttributeRequest(“description”, ProvisioningPlan.Operation.Set, pwdDN));
List listObjectRequest = new ArrayList();
listObjectRequest.add(objRequest);
plan.setObjectRequests(listObjectRequest);          
log.trace("plan: "+ plan.toXml());
plan.setIdentity(identity);

return plan;
6 
Do you understand the goal I'm trying to achieve?
7

Are you trying to create/modify a group?

8 
I am trying to create a group object, which I am assigning to an account.

Schema account:
 <Schema created="1749028215795" displayAttribute="displayName" id="ac12000399c910eb819a1626d49a5611" identityAttribute="id" modified="1762516402459" nativeObjectType="user" objectType="account" significantModified="1762516402459">
      <AttributeDefinition name="id" type="string">
        <Description>The unique identifier for the user</Description>
      </AttributeDefinition>
      <AttributeDefinition name="displayName" type="string">
        <Description>displayName</Description>
      </AttributeDefinition>
      <AttributeDefinition multi="true" name="passwordCredentials" schemaObjectType="passwordCredentials" type="string">
        <Description>passwordCredentials</Description>
      </AttributeDefinition>
      
      </AttributeDefinition>
    </Schema>

schema passwordCredentials:

<Schema aggregationType="group" displayAttribute="displayName" identityAttribute="keyId" modified="1762516402459" nativeObjectType="passwordCredentials" objectType="passwordCredentials" >
      <AttributeDefinition name="keyId" type="string"/>
      <AttributeDefinition name="secretText" type="string"/>

webservices:

              <entry key="afterRule" />
              <entry key="beforeRule"/>
              <entry key="body">
                <value>
                  <Map>
                    <entry key="bodyFormData"/>
                    <entry key="bodyFormat" value="raw"/>
                    <entry key="jsonBody"/>
                  </Map>
                </value>
              </entry>
              <entry key="contextUrl" value="X"/>
              <entry key="curlCommand"/>
              <entry key="curlEnabled">
                <value>
                  <Boolean></Boolean>
                </value>
              </entry>
              <entry key="customAuthUrl"/>
              <entry key="header"/>
              <entry key="httpMethodType" value="POST"/>
              <entry key="operationType" value="Create-passwordCredentials"/>
              <entry key="paginationSteps"/>
              <entry key="pagingInitialOffset">
                <value>
                  <Integer>0</Integer>
                </value>
              </entry>
              <entry key="pagingSize">
                <value>
                  <Integer>50</Integer>
                </value>
              </entry>
              <entry key="parentEndpointName"/>
              <entry key="resMappingObj">
                <value>
                  <Map>
                    <entry key="keyId" value="$.keyId"/>
                    <entry key="secretText" value="$.secretText"/>
                  </Map>
                </value>
              </entry>
              <entry key="responseCode">
                <value>
                  <List>
                    <String>200</String>
                  </List>
                </value>
              </entry>
              <entry key="rootPath"/>
              <entry key="sequenceNumberForEndpoint" value="9"/>
              <entry key="uniqueNameForEndPoint" value="Create PasswordCredentials"/>
              <entry key="xpathNamespaces"/>
            </Map>
            <Map>
9

Here, there is two process that you are trying to do at once. If group is not available and you want to create it in application, then a plan for objectRequest will be created and you need to process that. This will help you to create a group in your target app.

Once group is created then you can assign it to the user.

11

And how would you recommend creating the object from the endpoint?

12 
Actually, I don't intend to assign the group to that account; what I intend is to set the value of the object (which is a group) in a specific field.
13

So, you want to modify a certain group.?

14

No, I’m trying to create a group object, and then assign the value of that group to an account in an attribute of its schema.

15

In order to do this you need to create 2 requests in the plan. ObjectRequest to create group and AccountRequest of modify type for the account to which you want this group to be added

16 
But what would the first plan be? If you look at the image I provided, it gives me an error, and it's by creating the object request itself.
17 
Actually, during aggregation it will be treated as a group, but during creation it will only populate the object associated with the account. However, I'm unable to call the endpoint that would populate that object.
18 
I managed to create the object at the IIQ level using the following plan:
  <ProvisioningPlan trackingId="4d7e233ba5cc46d188998ab7b75e906b">
    <ObjectRequest application="PROTECT-Application-AzureAD-SPN" nativeIdentity="passwordCredentials spn_test_connector" op="Create" type="passwordCredentials">
      <AttributeRequest name="name" op="Set" value="passwordCredentials spn_test_connector"/>
      <AttributeRequest name="sysAttribute" op="Set" value="passwordCredentials"/>
      <AttributeRequest name="sysManagedAttributeType" op="Set" value="passwordCredentials"/>
      <AttributeRequest name="sysDisplayName" op="Set" value="passwordCredentials spn_test_connector"/>
      <AttributeRequest name="entAppName" op="Set" value="PROTECT-Application-AzureAD-SPN"/>
    </ObjectRequest>
    <Requesters>
      <Reference class="sailpoint.object.Identity" id="7f000101994c1b2e81994c4bbced00fd" name="spadmin"/>
    </Requesters>
  </ProvisioningPlan>
But it's not matching the web service I have defined with `create-passwordCredentials`. Why?
19

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.