Create a drop-down that includes a manual input and set string

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Below you will find a field (Supervisor) that has been created for the create identity form. The field already successfully has a drop-down that is filled out depending on what region the user will be based in (work location). Is it possible to also include in the drop-down a fixed string to choose from ex…OIS with this?

 <Field displayName="Supervisor" dynamic="true" helpKey="The VDOT user’s manager or whom they report to" name="manager" postBack="true" required="true" type="sailpoint.object.Identity">
      <Attributes>
        <Map>
          <entry key="filterString">
            <value>
              <Script>
                <Source>

                              import java.util.List;

                              import java.util.ArrayList;


                            import sailpoint.object.Filter; 

                            import sailpoint.object.Filter.MatchMode;

                            import sailpoint.object.Field;

                            import sailpoint.object.Form;

                            

                            // Get values the user has currently selected
                 				 serilog=org.apache.commons.logging.LogFactory.getLog("sailpoint.cutom.rule.logger");

															
														//Filter filter =Filter.and(Filter.eq("inactive", "false"), Filter.eq("type", "employee"));
                            Field region = form.getField("region");

                            serilog.debug("Create Form : Supervisor Filter, region selected is " + region.getValue() + " Filter is  " + filter );

Filter filter=Filter.eq("inactive","false");
                           
                             

                            if(null != region) {

                                                           
                                String regionValue = region.getValue();
  															serilog.debug("Create Form : Supervisor Filter, region selected is " + regionValue );
 															
                            
                                

                                if (regionValue != null &amp;&amp; !regionValue.isEmpty()) {

                                    

                                       

                                            filter = Filter.and(Filter.eq("type","employee"), Filter.eq("region",regionValue));

                                   

serilog.debug("Create Form : Supervisor Filter, Filter selected is " + filter );

                                
                                }

                            }

                            field.setFilterString(filter.toString());  

                        </Source>
              </Script>
            </value>
          </entry>
        </Map>
      </Attributes>
      <ValidationRule>
        <Reference class="sailpoint.object.Rule" id="7f000001811b181881811be9340103c9" name="Validate Supervisor region"/>
      </ValidationRule>
    </Field>

If so, where would go, at the top before the filter screen?

2

here is what i tried and the result. Could it be due to the type because it has to stay.

image
image1196×238 16.4 KB

3 
import sailpoint.object.Field;
import sailpoint.object.Filter;
import sailpoint.object.Form;

Field region = form.getField("region");
Filter filter = Filter.eq("inactive", "false");

if (null != region) {
    String regionValue = region.getValue().toString();

    if (regionValue != null && !regionValue.isEmpty()) {
        filter = Filter.and(Filter.eq("type", "employee"), Filter.eq("region", regionValue));
    }
}

field.setFilterString(filter.toString());
4

HI @derrickthomasvdot

what is the type of region field?

try as @jgruendike mentioned

 String regionValue = region.getValue().toString();
5

Hi @derrickthomasvdot ,

The field type of Supervisor(manager) is Identity. Hence you cannot have a String attribute in the manager field. If the String OIS you are referring to an identity name, then you can use can try the below piece of code snippet.

import sailpoint.object.Field;
import sailpoint.object.Filter;
import sailpoint.object.Form;


Field supervisor = form.getField("manager");

Field region = form.getField("region");
Filter filter = null;

if(region != null){
  String regionValue = (String) region.getValue();
  if(regionValue != null && !regionValue.isEmpty()){
  Filter f1 = Filter.and(Filter.eq("inactive","false"), Filter.eq("type","employee"), Filter.eq("region",regionValue));
  filter = Filter.or(f1, Filter.eq("name", "OIS"));
  }
}

if(filter != null){
  supervisor.setFilterString(filter.toString());
}
6

All,

I only want to add a fixed option in the drop-down named “OIS” along with what is already written in the supervisor field. So no matter what option is given, the “OIS” option is also given.

7

Hi @derrickthomasvdot ,

The dropdown mentioned is for Identity object, the fixed option you are referring to is String. According to my understanding in order to have OIS in dropdown you should be having an identity OIS.

8

Thank you all.

Is there a way to then add a workgroup with the filtered identity objects in the drop-down?

Like the below for example…

John Doe - Identity Object
Jane Doe - Identity Object
OIS - Workgroup
Security - Workgroup

9

Hi @derrickthomasvdot

It is possible. You can use the following code snippet for the same.

import sailpoint.object.Field;
import sailpoint.object.Filter;
import sailpoint.object.Form;


Field supervisor = form.getField("manager");

Field region = form.getField("region");
Filter filter = null;

if(region != null){
  String regionValue = (String) region.getValue();
  if(regionValue != null &amp;&amp; !regionValue.isEmpty()){
  Filter f1 = Filter.and(Filter.eq("inactive",false), Filter.eq("type","employee"), Filter.eq("region",regionValue));
  Filter f2 = Filter.and(Filter.eq("workgroup",true), Filter.or(Filter.eq("name", "OIS"),Filter.eq("name", "Security")));
  filter = Filter.or(f1, f2);
  }
}

if(filter != null){
  supervisor.setFilterString(filter.toString());
}
10

Jarin,

The following is the supervisor field in its entirety which needs to stay, but I am trying to to find where to fit the OIS workgroup into this code:

<Field displayName="Supervisor" dynamic="true" helpKey="The VDOT user’s manager or whom they report to" name="manager" postBack="true" required="true" type="sailpoint.object.Identity">
      <Attributes>
        <Map>
          <entry key="filterString">
            <value>
              <Script>
                <Source>

                              import java.util.List;

                              import java.util.ArrayList;


                            import sailpoint.object.Filter; 

                            import sailpoint.object.Filter.MatchMode;

                            import sailpoint.object.Field;

                            import sailpoint.object.Form;

                            

                            // Get values the user has currently selected
                 				 serilog=org.apache.commons.logging.LogFactory.getLog("sailpoint.cutom.rule.logger");

															
														//Filter filter =Filter.and(Filter.eq("inactive", "false"), Filter.eq("type", "employee"));
                            Field region = form.getField("region");

                            serilog.debug("Create Form : Supervisor Filter, region selected is " + region.getValue() + " Filter is  " + filter );

Filter filter=Filter.eq("inactive","false");
                           
                             

                            if(null != region) {

                                                           
                                String regionValue = region.getValue();
  															serilog.debug("Create Form : Supervisor Filter, region selected is " + regionValue );
 															
                            
                                

                                if (regionValue != null &amp;&amp; !regionValue.isEmpty()) {

                                    

                                       

                                            filter = Filter.and(Filter.eq("type","employee"), Filter.eq("region",regionValue));

                                   

serilog.debug("Create Form : Supervisor Filter, Filter selected is " + filter );

                                
                                }

                            }

                            field.setFilterString(filter.toString());  

                        </Source>
              </Script>
            </value>
          </entry>
        </Map>
      </Attributes>
      <ValidationRule>
        <Reference class="sailpoint.object.Rule" id="7f000001811b181881811be9340103c9" name="Validate Supervisor region"/>
      </ValidationRule>

exactly where would I put the filter for the workgroup OIS?

11

@derrickthomasvdot

Juts change your filter condition as below, it should work

filter = Filter.or(Filter.and(Filter.eq(“type”,“employee”), Filter.eq(“region”,regionValue)),Filter.and(Filter.eq(“workgroup”,“true”),Filter.eq(“name”, “OIS”)));

12

Hi @derrickthomasvdot

You can use the filter as Satish suggested with a slight change

<Field displayName="Supervisor" dynamic="true" helpKey="The VDOT user’s manager or whom they report to" name="manager" postBack="true" required="true" type="sailpoint.object.Identity">
      <Attributes>
        <Map>
          <entry key="filterString">
            <value>
              <Script>
                <Source>

                    import java.util.List;
                    import java.util.ArrayList;
                    import sailpoint.object.Filter; 
                    import sailpoint.object.Filter.MatchMode;
                    import sailpoint.object.Field;
                    import sailpoint.object.Form;                         

                    // Get values the user has currently selected
                 	serilog=org.apache.commons.logging.LogFactory.getLog("sailpoint.cutom.rule.logger");
						
					//Filter filter =Filter.and(Filter.eq("inactive", "false"), Filter.eq("type", "employee"));
                    Field region = form.getField("region");

                    serilog.debug("Create Form : Supervisor Filter, region selected is " + region.getValue() + " Filter is  " + filter );

					Filter filter = Filter.and(Filter.eq("workgroup",true),Filter.eq("name", "OIS"));
                    
                    if(null != region) {           
                        String regionValue = region.getValue();
  						serilog.debug("Create Form : Supervisor Filter, region selected is " + regionValue );
 									                        
                        if (regionValue != null &amp;&amp; !regionValue.isEmpty()) {
                            
                            filter = Filter.or(Filter.and(Filter.eq("type","employee"), Filter.eq("inactive",false), Filter.eq("region",regionValue)),filter);
							serilog.debug("Create Form : Supervisor Filter, Filter selected is " + filter );

                        }
                    }
                    field.setFilterString(filter.toString());  
                </Source>
              </Script>
            </value>
          </entry>
        </Map>
      </Attributes>
      <ValidationRule
        <Reference class="sailpoint.object.Rule" id="7f000001811b181881811be9340103c9" name="Validate Supervisor region"/>
      </ValidationRule

I added the inactive condition to the filter and changed the workgroup condition true from String to Boolean type. In the snippet you have shared inactive filter is overwritten with employee type and region. Hence you will be seeing the inactive identities as well the list. Additionally I added the Workgroup condition outside the region check condition. This way the user will be able to select only OIS workgroup if the region value is null or empty. And if region value is entered , employees in that region will also come up to the Supervisor list.

<Field displayName="Supervisor" dynamic="true" helpKey="The VDOT user’s manager or whom they report to" name="manager" postBack="true" required="true" type="sailpoint.object.Identity">
    <Attributes>
        <Map>
          <entry key="filterString">
            <value>
              <Script>
                <Source>

                    import java.util.List;
                    import java.util.ArrayList;
                    import sailpoint.object.Filter; 
                    import sailpoint.object.Filter.MatchMode;
                    import sailpoint.object.Field;
                    import sailpoint.object.Form;                         

                    // Get values the user has currently selected
                 	serilog=org.apache.commons.logging.LogFactory.getLog("sailpoint.cutom.rule.logger");
						
					//Filter filter =Filter.and(Filter.eq("inactive", "false"), Filter.eq("type", "employee"));
                    Field region = form.getField("region");

                    serilog.debug("Create Form : Supervisor Filter, region selected is " + region.getValue() + " Filter is  " + filter );

					Filter filter = Filter.and(Filter.eq("workgroup",true),Filter.eq("name", "OIS"));
                    
                    if(null != region) {           
                        String regionValue = region.getValue();
  						serilog.debug("Create Form : Supervisor Filter, region selected is " + regionValue );
 									                        
                        if (regionValue != null &amp;&amp; !regionValue.isEmpty()) {
                            
                            filter = Filter.or(Filter.and(Filter.eq("type","employee"), Filter.eq("inactive",false), Filter.eq("region",regionValue)),filter);
							serilog.debug("Create Form : Supervisor Filter, Filter selected is " + filter );

                        }
                    }
                    field.setFilterString(filter.toString());  
                </Source>
              </Script>
            </value>
          </entry>
        </Map>
    </Attributes>
    <ValidationRule>
      <Reference class="sailpoint.object.Rule" id="7f000001811b181881811be9340103c9" name="Validate Supervisor region"/>
    </ValidationRule>
</Field>
13

Thank you for the suggestion. But after I put in OIS as Supervisor, I receive an error stating that the supervisor region does not match the selected region. Could this be because of the rule?
See screenshot attached

image
image1012×246 6.39 KB

I have also attached the rule as well
Validate Supervisor region.xml (3.3 KB)

We need to be able to access the OIS workgroup no matter what is chosen in the Work Location field.

14

Hi @derrickthomasvdot

Yes, it is because of the Validation Rule. To debug the issue, share the Rule Library - VDOTUtilsRuleLibrary as well.

15

VDOTUtilsRuleLibrary.xml (35.2 KB)
Please see attached

16

Hi @derrickthomasvdot

Was the validation rule working? As per my understanding it will be throwing Validation failure message for all the identities. This is because the value returned by the Supervisor attribute is id and not name. To fix this issue and handle the workgroup ‘OIS’ you can make the following change to verifySupervisorRegion method.

public boolean verifySupervisorRegion(String region,String supervisorName){
  Identity supervisor=context.getObjectById(Identity.class,supervisorName);
  if(supervisor!=null){
    if(supervisor.isWorkgroup() &amp;&amp; supervisor.getName().equals("OIS")){
      return true;
    }
    String Sregion=supervisor.getAttribute("region");
    if(Sregion!=null &amp;&amp; Sregion.equals(region)){
      return true;
    }else{
     return false; 
    }
  }else{
    serilog.debug("VDOT Rule Library:verifySupervisorRegion,Error cannot get Supervisor NAme ");
    throw new GeneralException("Cannot get Supervisor, Check logs for details");
    return false; 
  }
}

I have changed the method getObjectName() to getObjectId() method. And along with to handle OIS workgroup condition I have added a simple if condition.

17

I have inputted the code into the vdotutilrulelibrary. but am receiving the following error when i try to access the create vdot user form:

* sailpoint.tools.GeneralException: BeanShell script error: bsh.ParseException: Parse error at line 806, column 3. Encountered: else BSF info: VDOTUtilsRuleLibrary at line: 0 column: columnNo

here is what I changed in the rule itself:

public boolean verifySupervisorRegion(String region,String supervisorName)
{

  

   Identity supervisor=context.getObjectById(Identity.class,supervisorName);
if(supervisor!=null)
  {
    if(supervisor.isWorkgroup() &amp;&amp; supervisor.getName().equals("OIS")){
      return true;
    }
{
  String Sregion=supervisor.getAttribute("region");
  
  if(Sregion!=null &amp;&amp; Sregion.equals(region))
  {
    return true;
  }
  else
  {
   return false; 
  }
  
}
  else
  {
     serilog.debug("VDOT Rule Library:verifySupervisorRegion,Error cannot get Supervisor NAme ");
    throw new GeneralException("Cannot get Supervisor, Check logs for details");
    return false; 
  }
  

}
18

Hi @derrickthomasvdot
You are having additional { before Sregion

19

Jarin,

Now, I am receiving this error when i try to submit or cancel the form at the bottom…

sailpoint.tools.GeneralException: BeanShell script error: bsh.EvalError: Sourced file: inline evaluation of: import java.util.ArrayList; import sailpoint.object.Identity; import sailpoint. . . . '' : Unknown class: GeneralException : at Line: 809 : in file: inline evaluation of: import java.sql.Connection; import java.sql.DatabaseMetaData; import java.sql.Dr . . . ‘’ : new GeneralException ( “Cannot get Supervisor, Check logs for details” )
BSF info: Validate Supervisor region at line: 0 column: columnNo
at sailpoint.server.BSFRuleRunner.runRule(BSFRuleRunner.java:219)
at sailpoint.server.InternalContext.runRule(InternalContext.java:1262)
at sailpoint.server.InternalContext.runRule(InternalContext.java:1234)
at sailpoint.api.Formicator.doValidationScript(Formicator.java:1981)
at sailpoint.api.Formicator.validate(Formicator.java:1714)
at sailpoint.service.form.renderer.FormRenderer.validate(FormRenderer.java:622)
at sailpoint.web.FormHandler.submit(FormHandler.java:376)
at sailpoint.web.FormHandler.submit(FormHandler.java:332)
at sailpoint.service.form.FormService.next(FormService.java:145)
at sailpoint.service.form.FormService.submit(FormService.java:115)
at sailpoint.rest.ui.form.BaseFormResource.submit(BaseFormResource.java:131)
at jdk.internal.reflect.GeneratedMethodAccessor7131.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167)
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:469)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:391)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:80)
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:253)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:232)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680)
at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:366)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:319)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at sailpoint.rest.jaxrs.MethodOverrideFilter.doFilter(MethodOverrideFilter.java:90)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at sailpoint.rest.RestCsrfValidationFilter.doFilter(RestCsrfValidationFilter.java:71)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at sailpoint.rest.AuthenticationFilter.doFilter(AuthenticationFilter.java:100)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at sailpoint.web.SailPointContextRequestFilter.doFilter(SailPointContextRequestFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at sailpoint.web.SailPointPollingRequestFilter.doFilter(SailPointPollingRequestFilter.java:132)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at sailpoint.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:63)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1726)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: org.apache.bsf.BSFException: BeanShell script error: bsh.EvalError: Sourced file: inline evaluation of: import java.util.ArrayList; import sailpoint.object.Identity; import sailpoint. . . . '' : Unknown class: GeneralException : at Line: 809 : in file: inline evaluation of: import java.sql.Connection; import java.sql.DatabaseMetaData; import java.sql.Dr . . . ‘’ : new GeneralException ( “Cannot get Supervisor, Check logs for details” )
BSF info: Validate Supervisor region at line: 0 column: columnNo
at bsh.util.BeanShellBSFEngine.eval(BeanShellBSFEngine.java:202)
at org.apache.bsf.BSFManager$5.run(BSFManager.java:445)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at org.apache.bsf.BSFManager.eval(BSFManager.java:442)
at sailpoint.server.BSFRuleRunner.eval(BSFRuleRunner.java:245)
at sailpoint.server.BSFRuleRunner.runRule(BSFRuleRunner.java:216)

20

@derrickthomasvdot

Can you share this logger statement output in Validation Rule. Just to confirm whether you are getting id or name.