akkochman
February 10, 2026, 5:06pm
1
My team and I are configuring a new web services connector and setting up the account aggregation. The source gives an XML response, a few sample accounts from the Postman response are given below. I will also list our current settings for root path, schema attributes, etc. Currently when running an aggregation, it is successful but 0 accounts are returned. If we add a header like Accept: application/xml or text/xml, we get an “XML cannot be parsed” error when running aggregation. What are we doing incorrectly?
Context URL: /msp/user_list.php
HTTP operation: GET
Headers: X-Requested-With: SailPoint
Root Path: /USER_LIST_OUTPUT/USER_LIST/USER
Schema attributes and paths: id = /USER_ID, login = /USER_LOGIN
Sample API response:
<?xml version="1.0" encoding="UTF-8" ?>
<USER_LIST_OUTPUT>
<USER_LIST>
<USER>
<USER_LOGIN>login1</USER_LOGIN>
<USER_ID>9999999</USER_ID>
<EXTERNAL_ID>
<!\[CDATA\[ex1@ex.com\]\]>
</EXTERNAL_ID>
<CONTACT_INFO>
<FIRSTNAME>
<!\[CDATA\[Example\]\]>
</FIRSTNAME>
<LASTNAME>
<!\[CDATA\[User1\]\]>
</LASTNAME>
<TITLE>
<!\[CDATA\[Engineer\]\]>
</TITLE>
<PHONE>
<!\[CDATA\[123-456-7890\]\]>
</PHONE>
<FAX>
<!\[CDATA\[\]\]>
</FAX>
<EMAIL>
<!\[CDATA\[ex1@ex.com\]\]>
</EMAIL>
<COMPANY>
<!\[CDATA\[Our Company\]\]>
</COMPANY>
<ADDRESS1>
<!\[CDATA\[1234 Example Dr\]\]>
</ADDRESS1>
<ADDRESS2>
<!\[CDATA\[\]\]>
</ADDRESS2>
<CITY>
<!\[CDATA\[Example\]\]>
</CITY>
<COUNTRY>United States of America</COUNTRY>
<STATE>NA</STATE>
<ZIP_CODE>
<!\[CDATA\[12345\]\]>
</ZIP_CODE>
<TIME_ZONE_CODE>
<!\[CDATA\[Auto\]\]>
</TIME_ZONE_CODE>
</CONTACT_INFO>
<USER_STATUS>Active</USER_STATUS>
<CREATION_DATE>2023-07-07T19:28:33Z</CREATION_DATE>
<LAST_LOGIN_DATE>2025-02-26T15:20:45Z</LAST_LOGIN_DATE>
<USER_ROLE>Manager</USER_ROLE>
</USER>
<USER>
<USER_LOGIN>login2</USER_LOGIN>
<USER_ID>8888888</USER_ID>
<EXTERNAL_ID>
<!\[CDATA\[ex2@ex.com\]\]>
</EXTERNAL_ID>
<CONTACT_INFO>
<FIRSTNAME>
<!\[CDATA\[Example\]\]>
</FIRSTNAME>
<LASTNAME>
<!\[CDATA\[User2\]\]>
</LASTNAME>
<TITLE>
<!\[CDATA\[Team Lead\]\]>
</TITLE>
<PHONE>
<!\[CDATA\[098-765-4321\]\]>
</PHONE>
<FAX>
<!\[CDATA\[\]\]>
</FAX>
<EMAIL>
<!\[CDATA\[ex2@ex.com\]\]>
</EMAIL>
<COMPANY>
<!\[CDATA\[Our Company\]\]>
</COMPANY>
<ADDRESS1>
<!\[CDATA\[1234 Example Dr\]\]>
</ADDRESS1>
<ADDRESS2>
<!\[CDATA\[\]\]>
</ADDRESS2>
<CITY>
<!\[CDATA\[Example\]\]>
</CITY>
<COUNTRY>United States of America</COUNTRY>
<STATE>NA</STATE>
<ZIP_CODE>
<!\[CDATA\[12345\]\]>
</ZIP_CODE>
<TIME_ZONE_CODE>
<!\[CDATA\[US-AL\]\]>
</TIME_ZONE_CODE>
</CONTACT_INFO>
<USER_STATUS>Active</USER_STATUS>
<CREATION_DATE>2023-07-11T14:12:23Z</CREATION_DATE>
<LAST_LOGIN_DATE>2026-02-09T14:59:59Z</LAST_LOGIN_DATE>
<USER_ROLE>Manager</USER_ROLE>
</USER>
shirbhatea
February 11, 2026, 5:15am
2
Can you provide the valid xml response? seems the root path user providing is right.
//USER_LIST_OUTPUT//USER_LIST//USER
Regards
vguleria
February 11, 2026, 7:49am
3
Hi @akkochman
Please try this xpath
Root path –> //USER_LIST_OUTPUT//USER_LIST
For individual path for example id please try below
id –> //USER//USER_ID
login –> //USER//USER_LOGIN
I hope this helps.
Regards
akkochman
February 11, 2026, 1:56pm
5
The XML response from Postman is included in my original post.
akkochman
February 11, 2026, 1:57pm
6
Thanks for your response. Unfortunately, using these paths returned the same errors as before.
vguleria
February 11, 2026, 2:23pm
7
Hi @akkochman
Can you please try then
Root path –> /USER_LIST_OUTPUT/USER_LIST/USER
OR//USER_LIST_OUTPUT//USER_LIST
And please try changing // to single / or vice versa. I do believe one of the above two options should work unless there is something missing.
Thank You.
akkochman
February 11, 2026, 2:48pm
8
Still returning 0 accounts with any of these configurations. Thank you for the response though!
j_place
February 11, 2026, 3:37pm
9
Hi @akkochman Looks like your problem is that the api is escaping the [ character with a backslash meaning that the response is not parsable XML.
akkochman
February 11, 2026, 3:43pm
10
The actual response doesn’t include those, I used an xml formatter to format the response before pasting it in, and I believe that added the escape characters
shirbhatea
February 11, 2026, 3:53pm
11
You response xml is contains the CDATA, that’s the reason you can not simply use the xpath. I would suggest explorer the after operation rule to get the raw response and then extract the data.
Regards
shirbhatea
February 11, 2026, 4:00pm
12
Yep this could be the issue, i quickly check and it’s working.
Xml response
<USER_LIST>
<USER>
<USER_LOGIN>login1</USER_LOGIN>
<USER_ID>9999999</USER_ID>
<EXTERNAL_ID>
<![CDATA[ex1@ex.com]]>
</EXTERNAL_ID>
<CONTACT_INFO>
<FIRSTNAME>
<![CDATA[Example]]>
</FIRSTNAME>
<LASTNAME>
<![CDATA[User1]]>
</LASTNAME>
<TITLE>
<![CDATA[Engineer]]>
</TITLE>
<PHONE>
<![CDATA[123-456-7890]]>
</PHONE>
<FAX>
<![CDATA[]]>
</FAX>
<EMAIL>
<![CDATA[ex1@ex.com]]>
</EMAIL>
<COMPANY>
<![CDATA[Our Company]]>
</COMPANY>
<ADDRESS1>
<![CDATA[1234 Example Dr]]>
</ADDRESS1>
<ADDRESS2>
<![CDATA[]]>
</ADDRESS2>
<CITY>
<![CDATA[Example]]>
</CITY>
<COUNTRY>United States of America</COUNTRY>
<STATE>NA</STATE>
<ZIP_CODE>
<![CDATA[12345]]>
</ZIP_CODE>
<TIME_ZONE_CODE>
<![CDATA[Auto]]>
</TIME_ZONE_CODE>
</CONTACT_INFO>
<USER_STATUS>Active</USER_STATUS>
<CREATION_DATE>2023-07-07T19:28:33Z</CREATION_DATE>
<LAST_LOGIN_DATE>2025-02-26T15:20:45Z</LAST_LOGIN_DATE>
<USER_ROLE>Manager</USER_ROLE>
</USER>
<USER>
<USER_LOGIN>login2</USER_LOGIN>
<USER_ID>8888888</USER_ID>
<EXTERNAL_ID>
<![CDATA[ex2@ex.com]]>
</EXTERNAL_ID>
<CONTACT_INFO>
<FIRSTNAME>
<![CDATA[Example]]>
</FIRSTNAME>
<LASTNAME>
<![CDATA[User2]]>
</LASTNAME>
<TITLE>
<![CDATA[Team Lead]]>
</TITLE>
<PHONE>
<![CDATA[098-765-4321]]>
</PHONE>
<FAX>
<![CDATA[]]>
</FAX>
<EMAIL>
<![CDATA[ex2@ex.com]]>
</EMAIL>
<COMPANY>
<![CDATA[Our Company]]>
</COMPANY>
<ADDRESS1>
<![CDATA[1234 Example Dr]]>
</ADDRESS1>
<ADDRESS2>
<![CDATA[]]>
</ADDRESS2>
<CITY>
<![CDATA[Example]]>
</CITY>
<COUNTRY>United States of America</COUNTRY>
<STATE>NA</STATE>
<ZIP_CODE>
<![CDATA[12345]]>
</ZIP_CODE>
<TIME_ZONE_CODE>
<![CDATA[US-AL]]>
</TIME_ZONE_CODE>
</CONTACT_INFO>
<USER_STATUS>Active</USER_STATUS>
<CREATION_DATE>2023-07-11T14:12:23Z</CREATION_DATE>
<LAST_LOGIN_DATE>2026-02-09T14:59:59Z</LAST_LOGIN_DATE>
<USER_ROLE>Manager</USER_ROLE>
</USER>
</USER_LIST>
Xpath
//USER_LIST//USER
You can quick test here Free Online XPath Tester / Evaluator - FreeFormatter.com
Regards
akkochman
February 11, 2026, 4:06pm
13
Ok, thank you… are there any SailPoint documentation resources that cover how to write an after operation rule for this case?
j_place
February 11, 2026, 4:08pm
14
Hi @akkochman Can you check whether the response includes a schema definition as DOCTYPE and if so is the URL reachable?
akkochman
February 11, 2026, 4:12pm
16
Yes it is, below is the DTD file content at the URL:
<!-- QUALYS USER LIST OUTPUT DTD -->
<!-- $Revision$ -->
<!ELEMENT USER_LIST_OUTPUT (ERROR | USER_LIST)>
<!ELEMENT ERROR (#PCDATA)*>
<!ATTLIST ERROR number CDATA #IMPLIED>
<!ELEMENT USER_LIST (USER*)>
<!ELEMENT USER (USER_LOGIN?, USER_ID?, EXTERNAL_ID?, CONTACT_INFO, ASSIGNED_ASSET_GROUPS?, USER_STATUS,
CREATION_DATE, LAST_LOGIN_DATE?, USER_ROLE?, BUSINESS_UNIT?, UNIT_MANAGER_POC?, MANAGER_POC?,
UI_INTERFACE_STYLE?, PERMISSIONS?, NOTIFICATIONS?)>
<!ELEMENT USER_LOGIN (#PCDATA)>
<!ELEMENT USER_ID (#PCDATA)>
<!ELEMENT EXTERNAL_ID (#PCDATA)>
<!ELEMENT CONTACT_INFO (FIRSTNAME, LASTNAME, TITLE, PHONE, FAX, EMAIL, COMPANY,
ADDRESS1, ADDRESS2, CITY, COUNTRY, STATE, ZIP_CODE, TIME_ZONE_CODE)>
<!ELEMENT FIRSTNAME (#PCDATA)>
<!ELEMENT LASTNAME (#PCDATA)>
<!ELEMENT TITLE (#PCDATA)>
<!ELEMENT PHONE (#PCDATA)>
<!ELEMENT FAX (#PCDATA)>
<!ELEMENT EMAIL (#PCDATA)>
<!ELEMENT COMPANY (#PCDATA)>
<!ELEMENT ADDRESS1 (#PCDATA)>
<!ELEMENT ADDRESS2 (#PCDATA)>
<!ELEMENT CITY (#PCDATA)>
<!ELEMENT COUNTRY (#PCDATA)>
<!ELEMENT STATE (#PCDATA)>
<!ELEMENT ZIP_CODE (#PCDATA)>
<!ELEMENT TIME_ZONE_CODE (#PCDATA)>
<!ELEMENT ASSIGNED_ASSET_GROUPS (ASSET_GROUP_TITLE+)>
<!ELEMENT ASSET_GROUP_TITLE (#PCDATA)>
<!ELEMENT USER_STATUS (#PCDATA)>
<!ELEMENT CREATION_DATE (#PCDATA)>
<!ELEMENT LAST_LOGIN_DATE (#PCDATA)>
<!ELEMENT USER_ROLE (#PCDATA)>
<!ELEMENT BUSINESS_UNIT (#PCDATA)>
<!ELEMENT UNIT_MANAGER_POC (#PCDATA)>
<!ELEMENT MANAGER_POC (#PCDATA)>
<!ELEMENT UI_INTERFACE_STYLE (#PCDATA)>
<!ELEMENT PERMISSIONS (CREATE_OPTION_PROFILES, PURGE_INFO, ADD_ASSETS,
EDIT_REMEDIATION_POLICY, EDIT_AUTH_RECORDS, SAML?, GUI?, API?)>
<!ELEMENT CREATE_OPTION_PROFILES (#PCDATA)>
<!ELEMENT PURGE_INFO (#PCDATA)>
<!ELEMENT ADD_ASSETS (#PCDATA)>
<!ELEMENT EDIT_REMEDIATION_POLICY (#PCDATA)>
<!ELEMENT EDIT_AUTH_RECORDS (#PCDATA)>
<!ELEMENT SAML (#PCDATA)>
<!ELEMENT GUI (#PCDATA)>
<!ELEMENT API (#PCDATA)>
<!ELEMENT NOTIFICATIONS (LATEST_VULN, MAP, SCAN, DAILY_TICKETS)>
<!ELEMENT LATEST_VULN (#PCDATA)>
<!ELEMENT MAP (#PCDATA)>
<!ELEMENT SCAN (#PCDATA)>
<!ELEMENT DAILY_TICKETS (#PCDATA)>
j_place
February 11, 2026, 4:42pm
17
Hi @akkochman I see a number of posts on the forum about having issues parsing Qualys API responses. I suspect it’s somthing to do with the dtd, but can’t be sure. Did you have to authenticate to get the dtd content?
akkochman
February 11, 2026, 4:53pm
18
I did not have to authenticate. I’ve read a lot of those forum posts but no one seems to have reached a conclusive answer. I’ll set up a session with an architect for our team. Thanks for all your help!