Connectivity Customizer not working with SailPoint delivered SaaS apps

Hi there. I’m hoping to get some advice from the community, because I’m sure that what I’m observing is not the intended experience. I figure I must be doing something wrong.

I am attempting to set up a couple of the SailPoint delivered SaaS connectors, namely Google and Okta. I started with Google several months ago. I observed that while the connector worked fine, I could not use a connectivity customizer to modify behavior for our specific business requirements. I would see when running a sail conn logs tail that the customizer was being invoked, but absolutely nothing defined in the customizer worked. I opened a support case which was escalated to ES, and I’ve heard very little since then.

This afternoon I was trying to swap from the VA-based Okta connector to the Okta SaaS connector. I attempted to add a connectivity customizer. I made a small modification to the .afterStdTestConnectorCustomizer() method and packed the zip and uploaded/linked to the Okta SaaS source. Again, I am seeing nothing to indicate that my connectivity customizer is successfully executing, but it is referenced in the logs.

Relevant section from index.ts:

    return createConnectorCustomizer()
        .afterStdTestConnection(async (context: Context, output: StdTestConnectionOutput) => {
            logger.info('Running after test connection')
            console.log('********************test*********************');
            return output
        })

Relevant logs from sail conn logs tail after running a test connection. Note that the customizer is referenced. But I’m not seeing the output of logger.info() or console.log(). I do see several warnings in the log though.

[2024-10-03T14:51:10.511-07:00] INFO  | invokeCommand    ▶︎ Command execution started : std:test-connection, for connector version 14 and customizer version 2.
[2024-10-03T14:51:10.602-07:00] INFO  | connectorMessage ▶︎ NOTE: Picked up JDK_JAVA_OPTIONS: -Xmx3686m
[2024-10-03T14:51:10.603-07:00] INFO  | connectorMessage ▶︎ NOTE: Picked up JDK_JAVA_OPTIONS: -Xmx3686m
[2024-10-03T14:51:12.328-07:00] WARN  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:12.290Z","logger":"com.sailpoint.valess.OpenConn","message":"System properties after overriding via warpper: {awt.toolkit=sun.awt.X11.XToolkit, java.specification.version=11, sun.cpu.isalist=, sun.jnu.encoding=UTF-8, java.class.path=/app/connector/infra/bcpkix-jdk18on-1.75.jar:/app/connector/infra/bcprov-jdk18on-1.75.jar:/app/connector/infra/bcutil-jdk18on-1.75.jar:/app/connector/infra/commons-logging-1.2.jar:/app/connector/infra/log4j-1.2-api-2.17.2.jar:/app/connector/infra/log4j-api-2.21.1.jar:/app/connector/infra/log4j-core-2.21.1.jar:/app/connector/infra/log4j-jcl-2.17.2.jar:/app/connector/infra/log4j-layout-template-json-2.21.1.jar:/app/connector/connector-libs/connector-bundle-webservices.jar:/app/connector/saas-sp-conn-adapter-117.jar, java.vm.vendor=Alpine, sun.arch.data.model=64, java.vendor.url=https://alpinelinux.org/, user.timezone=GMT, os.name=Linux, java.vm.specification.version=11, sun.java.launcher=SUN_STANDARD, user.country=US, sun.boot.library.path=/usr/lib/jvm/java-11-openjdk/lib, sun.java.command=com.sailpoint.valess.OpenConn, jdk.debug=release, sun.cpu.endian=little, user.home=/home/conn, user.language=en, java.specification.vendor=Oracle Corporation, java.version.date=2024-07-16, java.home=/usr/lib/jvm/java-11-openjdk, file.separator=/, java.vm.compressedOopsMode=Zero based, line.separator=\n, java.specification.name=Java Platform API Specification, java.vm.specification.vendor=Oracle Corporation, java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment, sun.management.compiler=HotSpot 64-Bit Tiered Compilers, java.runtime.version=11.0.24+8-alpine-r0, user.name=conn, path.separator=:, os.version=6.1.58, java.runtime.name=OpenJDK Runtime Environment, file.encoding=UTF-8, java.vm.name=OpenJDK 64-Bit Server VM, java.vendor.url.bug=https://gitlab.alpinelinux.org/alpine/aports/issues, java.io.tmpdir=/tmp, isIdentityNow=true, java.version=11.0.24, user.dir=/, os.arch=amd64, java.vm.specification.name=Java Virtual Machine Specification, java.awt.printerjob=sun.print.PSPrinterJob, sun.os.patch.level=unknown, java.library.path=/usr/lib/jvm/java-11-openjdk/lib/server:/usr/lib/jvm/java-11-openjdk/lib:/usr/lib/jvm/java-11-openjdk/../lib:/usr/java/packages/lib:/usr/lib64:/lib64:/lib:/usr/lib, java.vm.info=mixed mode, java.vendor=Alpine, java.vm.version=11.0.24+8-alpine-r0, java.specification.maintenance.version=2, sun.io.unicode.encoding=UnicodeLittle, java.class.version=55.0}","thread_name":"main"}
[2024-10-03T14:51:12.381-07:00] WARN  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:12.350Z","logger":"com.sailpoint.valess.OpenConn","message":"System properties after overriding via connector: {awt.toolkit=sun.awt.X11.XToolkit, java.specification.version=11, sun.cpu.isalist=, sun.jnu.encoding=UTF-8, java.class.path=/app/connector/infra/bcpkix-jdk18on-1.75.jar:/app/connector/infra/bcprov-jdk18on-1.75.jar:/app/connector/infra/bcutil-jdk18on-1.75.jar:/app/connector/infra/commons-logging-1.2.jar:/app/connector/infra/log4j-1.2-api-2.17.2.jar:/app/connector/infra/log4j-api-2.21.1.jar:/app/connector/infra/log4j-core-2.21.1.jar:/app/connector/infra/log4j-jcl-2.17.2.jar:/app/connector/infra/log4j-layout-template-json-2.21.1.jar:/app/connector/connector-libs/connector-bundle-webservices.jar:/app/connector/saas-sp-conn-adapter-117.jar, java.vm.vendor=Alpine, sun.arch.data.model=64, java.vendor.url=https://alpinelinux.org/, user.timezone=GMT, os.name=Linux, java.vm.specification.version=11, sun.java.launcher=SUN_STANDARD, user.country=US, sun.boot.library.path=/usr/lib/jvm/java-11-openjdk/lib, sun.java.command=com.sailpoint.valess.OpenConn, jdk.debug=release, sun.cpu.endian=little, user.home=/home/conn, user.language=en, java.specification.vendor=Oracle Corporation, java.version.date=2024-07-16, java.home=/usr/lib/jvm/java-11-openjdk, file.separator=/, java.vm.compressedOopsMode=Zero based, line.separator=\n, java.specification.name=Java Platform API Specification, java.vm.specification.vendor=Oracle Corporation, java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment, sun.management.compiler=HotSpot 64-Bit Tiered Compilers, java.runtime.version=11.0.24+8-alpine-r0, user.name=conn, path.separator=:, os.version=6.1.58, java.runtime.name=OpenJDK Runtime Environment, file.encoding=UTF-8, java.vm.name=OpenJDK 64-Bit Server VM, java.vendor.url.bug=https://gitlab.alpinelinux.org/alpine/aports/issues, java.io.tmpdir=/tmp, isIdentityNow=true, java.version=11.0.24, user.dir=/, os.arch=amd64, java.vm.specification.name=Java Virtual Machine Specification, java.awt.printerjob=sun.print.PSPrinterJob, sun.os.patch.level=unknown, java.library.path=/usr/lib/jvm/java-11-openjdk/lib/server:/usr/lib/jvm/java-11-openjdk/lib:/usr/lib/jvm/java-11-openjdk/../lib:/usr/java/packages/lib:/usr/lib64:/lib64:/lib:/usr/lib, java.vm.info=mixed mode, java.vendor=Alpine, java.vm.version=11.0.24+8-alpine-r0, java.specification.maintenance.version=2, sun.io.unicode.encoding=UnicodeLittle, java.class.version=55.0}","thread_name":"main"}
[2024-10-03T14:51:12.421-07:00] INFO  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:12.391Z","logger":"com.sailpoint.valess.Shim","message":"Active commands: 1","thread_name":"main"}
[2024-10-03T14:51:12.475-07:00] WARN  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:12.445Z","logger":"com.sailpoint.valess.handler.CommandHandler","message":"spConnDebugLoggingEnabled: false","thread_name":"pool-2-thread-1"}
[2024-10-03T14:51:12.491-07:00] INFO  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:12.461Z","logger":"com.sailpoint.valess.handler.CommandHandler","message":"Received command of type: std:test-connection","thread_name":"pool-2-thread-1"}
[2024-10-03T14:51:12.494-07:00] INFO  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:12.464Z","logger":"com.sailpoint.valess.handler.CommandHandler","message":"Feature flags received via command context: [CON_OKTA_RESOLVE_STACK_OVERFLOW]","thread_name":"pool-2-thread-1"}
[2024-10-03T14:51:12.502-07:00] WARN  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:12.472Z","logger":"com.sailpoint.valess.handler.CommandHandler","message":"spConnDebugLoggingEnabled: false","thread_name":"pool-2-thread-1"}
[2024-10-03T14:51:12.540-07:00] INFO  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:12.508Z","logger":"com.sailpoint.valess.handler.OpenConnectorCommandHandler","message":"setting delta agg flags","thread_name":"pool-2-thread-1"}
[2024-10-03T14:51:12.667-07:00] INFO  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:12.636Z","logger":"openconnector.connector.okta.OktaConnector","message":"oktaResolveStackOverflowFF flag: true","thread_name":"pool-2-thread-1"}
[2024-10-03T14:51:12.684-07:00] INFO  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:12.653Z","logger":"openconnector.connector.okta.OktaConnector","message":"oktaResolveStackOverflowFF flag is: true","thread_name":"pool-2-thread-1"}
[2024-10-03T14:51:13.807-07:00] INFO  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:13.777Z","logger":"openconnector.connector.okta.OktaConnector","message":"Total time aggregation process sleep due to X-Rate limit exceeds : 0 seconds.","thread_name":"pool-2-thread-1"}
[2024-10-03T14:51:13.811-07:00] INFO  | connectorMessage ▶︎ WARNING: An illegal reflective access operation has occurred
[2024-10-03T14:51:13.811-07:00] INFO  | connectorMessage ▶︎ WARNING: Illegal reflective access by com.google.gson.internal.reflect.ReflectionHelper (file:/app/connector/connector-libs/connector-bundle-webservices.jar) to constructor java.util.Collections$EmptyMap()
[2024-10-03T14:51:13.812-07:00] INFO  | connectorMessage ▶︎ WARNING: Please consider reporting this to the maintainers of com.google.gson.internal.reflect.ReflectionHelper
[2024-10-03T14:51:13.812-07:00] INFO  | connectorMessage ▶︎ WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
[2024-10-03T14:51:13.812-07:00] INFO  | connectorMessage ▶︎ WARNING: All illegal access operations will be denied in a future release
[2024-10-03T14:51:13.816-07:00] WARN  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:13.786Z","logger":"com.sailpoint.valess.handler.CommandHandler","message":"spConnDebugLoggingEnabled: false","thread_name":"pool-2-thread-1"}
[2024-10-03T14:51:13.818-07:00] INFO  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:13.787Z","logger":"com.sailpoint.valess.Shim","message":"Active commands: 0","thread_name":"pool-2-thread-1"}
[2024-10-03T14:51:13.833-07:00] INFO  | commandOutcome   ▶︎ Command completed: std:test-connection, for connector version 14 and customizer version 2.output_count=1 keep_alive_count=0 state_count=0. Elapsed time 3239ms
[2024-10-03T14:51:39.159-07:00] INFO  | invokeCommand    ▶︎ Command execution started : std:test-connection, for connector version 14 and customizer version 2.
[2024-10-03T14:51:39.161-07:00] INFO  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:39.130Z","logger":"com.sailpoint.valess.Shim","message":"Active commands: 1","thread_name":"main"}
[2024-10-03T14:51:39.168-07:00] WARN  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:39.138Z","logger":"com.sailpoint.valess.handler.CommandHandler","message":"spConnDebugLoggingEnabled: false","thread_name":"pool-2-thread-2"}
[2024-10-03T14:51:39.172-07:00] INFO  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:39.141Z","logger":"com.sailpoint.valess.handler.CommandHandler","message":"Received command of type: std:test-connection","thread_name":"pool-2-thread-2"}
[2024-10-03T14:51:39.175-07:00] INFO  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:39.142Z","logger":"com.sailpoint.valess.handler.CommandHandler","message":"Feature flags received via command context: [CON_OKTA_RESOLVE_STACK_OVERFLOW]","thread_name":"pool-2-thread-2"}
[2024-10-03T14:51:39.181-07:00] WARN  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:39.150Z","logger":"com.sailpoint.valess.handler.CommandHandler","message":"spConnDebugLoggingEnabled: false","thread_name":"pool-2-thread-2"}
[2024-10-03T14:51:39.183-07:00] INFO  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:39.153Z","logger":"com.sailpoint.valess.handler.OpenConnectorCommandHandler","message":"setting delta agg flags","thread_name":"pool-2-thread-2"}
[2024-10-03T14:51:39.187-07:00] INFO  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:39.157Z","logger":"openconnector.connector.okta.OktaConnector","message":"oktaResolveStackOverflowFF flag: true","thread_name":"pool-2-thread-2"}
[2024-10-03T14:51:39.190-07:00] INFO  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:39.160Z","logger":"openconnector.connector.okta.OktaConnector","message":"oktaResolveStackOverflowFF flag is: true","thread_name":"pool-2-thread-2"}
[2024-10-03T14:51:39.497-07:00] INFO  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:39.464Z","logger":"openconnector.connector.okta.OktaConnector","message":"Total time aggregation process sleep due to X-Rate limit exceeds : 0 seconds.","thread_name":"pool-2-thread-2"}
[2024-10-03T14:51:39.498-07:00] WARN  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:39.468Z","logger":"com.sailpoint.valess.handler.CommandHandler","message":"spConnDebugLoggingEnabled: false","thread_name":"pool-2-thread-2"}
[2024-10-03T14:51:39.498-07:00] INFO  | connectorMessage ▶︎ {"@timestamp":"2024-10-03T21:51:39.468Z","logger":"com.sailpoint.valess.Shim","message":"Active commands: 0","thread_name":"pool-2-thread-2"}
[2024-10-03T14:51:39.512-07:00] INFO  | commandOutcome   ▶︎ Command completed: std:test-connection, for connector version 14 and customizer version 2.output_count=1 keep_alive_count=0 state_count=0. Elapsed time 352ms

Surely this isn’t the expected experience. What am I missing?

I ran into the same with with the Workday SaaS connector. Tried a customizer and no evidence of it getting invoked. SaaS connectors are supposed to be written purely in TypeScript, however, from your logs you can see there is a bunch of stuff going on with invocation of Java classes, which is what the original connector framework is written in. My take is that they are selling some “SaaS” connectors which are really just proxys for using the old original Java based connectors if one exists already form your target application, therefore not invoking customizers. See my similar post here which never got any traction either: SaaS Connectivity: connector customizers - #5 by patrickboston

Indeed, that’s almost identical to what I’ve observed. I also tested with a Web Services connector and was able to see the same customizer applying the intended action. I also wondered if the warnings about invocation of Java classes might indicate that this wasn’t actually a connector compatible with the customizers. But I have a hard time reconciling that with this statement from the top of Connectivity Customizers | SailPoint Developer Community.

SaaS Connectivity Customizers are cloud-based connector customizers that make customizing out of the box SaaS connectors possible. The customizers allow you to customize the out of the box connectors in a similar way to how you can use rules to customize VA (virtual appliance) based connectors.

Additionally, I’m struggling with the fact that our purchase of CIEM requires the use of the SaaS connectors for Google, Okta, etc. but that there’s not a mechanism offered to enable custom business requirements if this doesn’t work as described.

Hopefully this can help find some answers for both of us. I do appreciate your reply!

Bumping for visibility with hopes of getting additional insights here.

@mdraheim @patrickboston

Did you get anywhere with using SaaS customizers with Workday, Okta, or Google, we are seeing the similar behavior that the customizer logic does not fire on other delivered SaaS connectors? If not, did you find a workaround?

I haven’t chased this down any further, so no update from me.

Unfortunately, nothing new here either. I do have an open case with ES who initially identified this as a bug, but the case has gone quite quiet since then.