Check Active Policies task is getting failed

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Hi,

I have created a policy for last login > 180 days, triggered check active policies task which is failing. kindly please help here.

image
image1366Ă—768 75.7 KB

configured custom rule for Last login > 180 days

<?xml version='1.0' encoding='UTF-8'?> This rule is used to determine if a Policy has been violated. The log object associated with the SailPointContext. A sailpoint.api.SailPointContext object that can be used to query the database if necessary. The Identity being inspected. The Policy being evaluated. The Constraint being evaluated. The PolicyViolation object. import sailpoint.api.SailPointContext; import sailpoint.object.Attributes;

import sailpoint.object.Custom;
import sailpoint.object.Filter;
import sailpoint.object.Identity;
import sailpoint.object.QueryOptions;
import sailpoint.object.Policy;
import sailpoint.object.PolicyViolation;
import sailpoint.object.Link;

import sailpoint.tools.GeneralException;
import sailpoint.tools.Message;

import java.text.SimpleDateFormat;
import java.text.DateFormat;
import java.util.*;

    /**
     * Returns a date &lt;n> days before today.
     */

    private Date getDateNDaysAgo(int numDays) {
            System.out.println("entering getDateNDaysAgo");

            Calendar cal = Calendar.getInstance();
            Date returnDate = null;

            cal.add(Calendar.DATE, -(numDays));
            returnDate = cal.getTime();
            System.out.println("leaving with date" + returnDate);
            return (returnDate);
    }

  /**
 * Checks if the first date is before the second date ignoring time.
 **/

public static boolean isBeforeDay(Date date1, Date date2) {
    if (date1 == null || date2 == null) {
        throw new IllegalArgumentException("The dates must not be null");
    }
    Calendar cal1 = Calendar.getInstance();
    cal1.setTime(date1);
    Calendar cal2 = Calendar.getInstance();
    cal2.setTime(date2);
    return isBeforeDay(cal1, cal2);
}
       
/**
 * Checks if the first calendar date is before the second calendar date ignoring time.
 */
public static boolean isBeforeDay(Calendar cal1, Calendar cal2) {
    if (cal1 == null || cal2 == null) {
        throw new IllegalArgumentException("The dates must not be null");
    }
    if (cal1.get(Calendar.ERA) < cal2.get(Calendar.ERA)) return true;
    if (cal1.get(Calendar.ERA) > cal2.get(Calendar.ERA)) return false;
    if (cal1.get(Calendar.YEAR) < cal2.get(Calendar.YEAR)) return true;
    if (cal1.get(Calendar.YEAR) > cal2.get(Calendar.YEAR)) return false;
    return cal1.get(Calendar.DAY_OF_YEAR) < cal2.get(Calendar.DAY_OF_YEAR);
}
    
    PolicyViolation v = null;

    String lastLoginDateStr = null;
    List links = identity.getLinks();
if (links == null) {
   return null;
}
for (Link link:links)
{
  String appname = link.getApplicationName();

  if ((appname != null) &amp;&amp; (appname.equalsIgnoreCase("PAM")))
  {
    lastLoginDateStr = link.getAttribute("Last Login Date");
  }
}
    
    if (lastLoginDateStr == null) {
       return null;
    }

    DateFormat formatter = new SimpleDateFormat("MM/dd/yy");

System.out.println("Last Login Date from Link = " + lastLoginDateStr);

Date lastLoginDate = (Date)formatter.parse(lastLoginDateStr);

System.out.println("Last Login Date for" + identity.toString() + " = " + lastLoginDate);

Date testDate = getDateNDaysAgo(180);
    if (isBeforeDay(lastLoginDate, testDate)) {
       System.out.println("old date");
       v = new PolicyViolation();
       v.setActive(true);
       v.setIdentity(identity);
       v.setPolicy(policy);
       v.setConstraint(constraint);
       v.setDescription("[Last Login Date [" + lastLoginDateStr  + "] is more than 180 days ago.]");
       v.setStatus(sailpoint.object.PolicyViolation.Status.Open);

}
if (identity.getManager()!=null) {
v.setOwner(identity.getManager());
} else {
v.setOwner(context.getObjectByName(Identity.class,“spadmin”));
}
return v;

Kindly help.

Thanks

2

Hi I can see that if Last Login Date is in a different format, this will throw a ParseException and cause your rule to fail
Try to wrap it in try catch:

import sailpoint.api.SailPointContext;
import sailpoint.object.*;
import sailpoint.tools.GeneralException;
import sailpoint.tools.Message;

import java.text.SimpleDateFormat;
import java.text.DateFormat;
import java.text.ParseException;
import java.util.*;

PolicyViolation v = null;

String lastLoginDateStr = null;
List<Link> links = identity.getLinks();

if (links == null) return null;

for (Link link : links) {
    String appName = link.getApplicationName();
    if (appName != null && appName.equalsIgnoreCase("PAM")) {
        Object attr = link.getAttribute("Last Login Date");
        if (attr != null) {
            lastLoginDateStr = attr.toString();
        }
    }
}

if (lastLoginDateStr == null) return null;

DateFormat formatter = new SimpleDateFormat("MM/dd/yy");
Date lastLoginDate = null;
try {
    lastLoginDate = formatter.parse(lastLoginDateStr);
} catch (ParseException e) {
    System.out.println("Invalid Last Login Date: " + lastLoginDateStr);
    return null;
}

// Calculate date 180 days ago
Calendar cal = Calendar.getInstance();
cal.add(Calendar.DATE, -180);
Date cutoffDate = cal.getTime();

if (lastLoginDate.before(cutoffDate)) {
    v = new PolicyViolation();
    v.setActive(true);
    v.setIdentity(identity);
    v.setPolicy(policy);
    v.setConstraint(constraint);
    v.setDescription("Last Login Date [" + lastLoginDateStr + "] is more than 180 days ago.");
    v.setStatus(PolicyViolation.Status.Open);

    if (identity.getManager() != null) {
        v.setOwner(identity.getManager());
    } else {
        v.setOwner(context.getObjectByName(Identity.class, "spadmin"));
    }

    return v;
}

return null;

Let me know if this works

3

I Have tried with the code that you have shared, it worked.
Thank you very much @uditsahntl01 .

4

My pleasure . Thanks for your prompt reply