Create form as a way in SailPoint IIQ to turn on or off "pwdlastset" for AD's "change password at next logon"

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Which IIQ version are you inquiring about?

8.3

Please share any images or screenshots, if relevant.

image
image204×124 3.17 KB

image
image590×556 12.1 KB

Please share any other relevant files that may be required (for example, logs).

[Please insert files here, otherwise delete this section]

Share all details about your problem, including any error messages you may have received.

We would like to Create a form as a way in SailPoint IIQ to turn on or off “pwdlastset” for AD’s “change password at next logon”. it would be found under our “User Management” menu. it would be called “Change Password at Next Logon Flag”. Once you click on the form, it would bring it up, choose then identity and then submit to remove the CHECKMARK in Active Directory or click the cancel button.

2

Hi @derrickthomasvdot

In order to implement your usecase -

  1. Create a workflow and add your logic across various steps in that workflow
  2. Create a quicklink and attach this to previously developed workflow
  3. Add this quicklink to your User Management quicklink category

Thanks,
Harshith

3

I need a better representation of what this would look like. Is there any template/example that could be used to obtain this?

4

Hi @derrickthomasvdot ,

Please refer the attached workflow and quicklink for reference.

Workflow-Self_Service_Change_pwdlastset.xml (3.5 KB)
Change Password at Next Logon Flag quicklink.xml (708 Bytes)

5

can’t open the Change Password at Next Logon Flag quicklink.xml file

6

Hi

Refer this

  <?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE QuickLink PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<QuickLink action="workflow" category="User Management" messageKey="Change Password at Next Logon Flag" name="Change Password at Next Logon Flag">
  <Attributes>
    <Map>
      <entry key="workflowName" value="Self Service View Workflow"/>
	  <entry key="workflowSuccess" value="Request submitted successfully"/>
    </Map>
  </Attributes>
  <Description>Self Service Account Invite</Description>
  <QuickLinkOptions allowSelf="true">
    <DynamicScopeRef>
      <Reference class="sailpoint.object.DynamicScope" name="Self Service"/>
    </DynamicScopeRef>
  </QuickLinkOptions>
</QuickLink>
7

The quicklink installed successfully after some tweaks, but the actual wokflow did not. I’m receiving the following error:

image
image626×170 5.67 KB

It looks like it is pointing to something wrong with the first line

8

Hi @derrickthomasvdot ,

Ensure that the following XML declaration and document type definition are included at the top of the workflow before attempting to import it

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Workflow PUBLIC "sailpoint.dtd" "sailpoint.dtd">
9

The form work and installed correctly, but it looks like the workflow is not working. When I look in the syslog, I get the following error:

sailpoint.tools.GeneralException: sailpoint.tools.GeneralException: BeanShell script error: bsh.ParseException: Parse error at line 1, column 1189.  Encountered: <EOF> BSF info: script at line: 0 column: columnNo
	at sailpoint.server.ScriptletEvaluator.doScript(ScriptletEvaluator.java:268)
	at sailpoint.server.ScriptletEvaluator.evalSource(ScriptletEvaluator.java:71)
	at sailpoint.api.Workflower.evalSource(Workflower.java:5932)
	at sailpoint.api.Workflower.advanceStep(Workflower.java:5171)
	at sailpoint.api.Workflower.advance(Workflower.java:4558)
	at sailpoint.api.Workflower.assimilate(Workflower.java:4208)
	at sailpoint.api.Workflower.handleWorkItem(Workflower.java:7646)
	at sailpoint.api.Workflower.process(Workflower.java:1856)
	at sailpoint.api.Workflower.process(Workflower.java:1880)
	at sailpoint.api.WorkflowSession.advance(WorkflowSession.java:468)
	at sailpoint.service.WorkflowSessionService.advance(WorkflowSessionService.java:105)
	at sailpoint.service.form.FormService.next(FormService.java:192)
	at sailpoint.service.form.FormService.submit(FormService.java:115)
	at sailpoint.rest.ui.form.BaseFormResource.submitOrValidate(BaseFormResource.java:162)
	at sailpoint.rest.ui.form.BaseFormResource.submit(BaseFormResource.java:122)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167)
	at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:475)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:397)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:81)
	at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:255)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
	at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
	at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:234)
	at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680)
	at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394)
	at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346)
	at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:366)
	at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:319)
	at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at sailpoint.web.SailPointResponseFilter.doFilter(SailPointResponseFilter.java:76)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at sailpoint.rest.jaxrs.MethodOverrideFilter.doFilter(MethodOverrideFilter.java:90)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at sailpoint.rest.RestCsrfValidationFilter.doFilter(RestCsrfValidationFilter.java:71)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at sailpoint.rest.AuthenticationFilter.doFilter(AuthenticationFilter.java:109)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at sailpoint.web.SailPointContextRequestFilter.doFilter(SailPointContextRequestFilter.java:61)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at sailpoint.web.SailPointPollingRequestFilter.doFilter(SailPointPollingRequestFilter.java:151)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at sailpoint.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:63)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1726)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: sailpoint.tools.GeneralException: BeanShell script error: bsh.ParseException: Parse error at line 1, column 1189.  Encountered: <EOF> BSF info: script at line: 0 column: columnNo
	at sailpoint.server.BSFRuleRunner.runScript(BSFRuleRunner.java:349)
	at sailpoint.server.InternalContext.runScript(InternalContext.java:1296)
	at sailpoint.server.ScriptletEvaluator.doScript(ScriptletEvaluator.java:263)
	... 87 more
Caused by: org.apache.bsf.BSFException: BeanShell script error: bsh.ParseException: Parse error at line 1, column 1189.  Encountered: <EOF> BSF info: script at line: 0 column: columnNo
	at bsh.util.BeanShellBSFEngine.eval(BeanShellBSFEngine.java:202)
	at org.apache.bsf.BSFManager$5.run(BSFManager.java:445)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at org.apache.bsf.BSFManager.eval(BSFManager.java:442)
	at sailpoint.server.BSFRuleRunner.runScript(BSFRuleRunner.java:347)
	... 89 more
10

Could it be the application.class is showing: Application.class,“AD_Active-Directory”. Our AD application is called something different. Should I replace that? I made that change but nothing happens. Just the same error.