Custom Connector - Create Account - Expected a value of type `objectId` for `profileId` but received `undefined`

IdentityIQ (IIQ) IIQ Discussion and Questions
, ,
1

Which IIQ version are you inquiring about?

8.1

Share all details about your problem, including any error messages you may have received.

Hello everyone!

I’m new to SailPoint and currently working on configuring my first custom WebService connector for the company I work for.

I have already completed the initial configuration, mapped all the schemas, and created functional operations for Test Connection, Account Aggregation, and Group Aggregation, all of which are working as expected.

At the moment, I’m working on developing a simple Create Account operation. All the information I need to send to the API exists in SailPoint’s user records. To handle this, I created a Provisioning Policy that returns the required information from the user and inserts it into the body of the API request. I configured the body as raw JSON, containing the following data:

{
   "email": "$plan.email$",
   "profileId": $plan.profileId$",
   "firstname": "$plan.firstname$",
   "lastname": "$plan.lastname$",
   "documentNumber": "$plan.documentNumber$",
   "type": "$plan.type$",
   "employeeId": "$plan.employeeId$",
   "status": "$plan.status$"
 }

The only two required fields for the destination API are email and profileId.

However, I keep encountering the following error message every time I try to create an account using Manage User Access:

Exception occurred while performing ‘Create’ operation on identity ‘[email protected]’: {“message”:“Expected a value of type objectId for profileId but received undefined.”,“messageVariables”: {}}

I’ve tried various approaches, but everything seems correct when I inspect the Provisioning Plan. Unfortunately, I’m stuck on this issue and running out of options.

As I mentioned earlier, I’m very new to SailPoint, and this is the first custom connector I’ve developed on my own. I apologize if this problem turns out to be a simple one. I would greatly appreciate any guidance or suggestions to resolve it.

Please share any other relevant files that may be required (for example, logs).

Provisioning Plan:

<ProvisioningPlan nativeIdentity="200123" targetIntegration="JANIS" trackingId="e35acc51d7e748fbb83ed3063e60e55e">
  <AccountRequest application="JANIS" assignmentIds="60bbb75b48554f928eed61d7866e4435" nativeIdentity="[email protected]" op="Create">
    <Attributes>
      <Map>
        <entry key="comments" value="Teste"/>
      </Map>
    </Attributes>
    <AttributeRequest name="profileId" op="Add" value="609165f883c5850008aabfbe"/>
    <AttributeRequest name="firstname" op="Set" value="ZACARIAS"/>
    <AttributeRequest name="lastname" op="Set" value="DOS SANTOS GOMES"/>
    <AttributeRequest name="documentNumber" op="Set" value="000.000.000-00"/>
    <AttributeRequest name="type" op="Set" value="regular"/>
    <AttributeRequest name="employeeId" op="Set" value="200123"/>
    <AttributeRequest name="status" op="Set" value="active"/>
  </AccountRequest>
  <Attributes>
    <Map>
      <entry key="identityRequestId" value="0000014126"/>
      <entry key="requester" value="901514792"/>
      <entry key="source" value="LCM"/>
    </Map>
  </Attributes>
</ProvisioningPlan>
2

Hi @diego_romero_1

You never have to apologize when you’re trying to learn something.

Aboout your error, you are sending a value for profileId different from the one desired and the webservice cannot elaborate the request.

I think the problem is on this part:

image

you must add a " before the variable.

Correct the body and retry.

3

I have already corrected this issue, but the tests keep showing the same errors.

I even tried removing the profileId from the body and tested it like this:

{
  "email": "$plan.email$",
  "firstname": "$plan.firstname$",
  "lastname": "$plan.lastname$",
  "documentNumber": "$plan.documentNumber$",
  "type": "$plan.type$",
  "employeeId": "$plan.employeeId$",
  "status": "$plan.status$"
}

Even after removing it, nothing changed at all. This is my Provisioning Plan test without specifying the profileId:

</ProvisioningPlan>
            <ProvisioningPlan nativeIdentity="BIG - 70972028587" targetIntegration="JANIS" trackingId="f089473558384b1f90fd58607c54832b">
              <AccountRequest application="JANIS" assignmentIds="6ec204c0f9464ba0935035620d0507f8" nativeIdentity="[email protected]" op="Create">
                <Attributes>
                  <Map>
                    <entry key="comments" value="Teste"/>
                    <entry key="provisioningTransactionId" value="0a178220939b1c4981939bf144db0098"/>
                  </Map>
                </Attributes>
                <AttributeRequest name="profileId" op="Add" value="609165f883c5850008aabfbe"/>
                <AttributeRequest name="firstname" op="Set" value="ABILIO"/>
                <AttributeRequest name="lastname" op="Set" value="MOREIRA DIAS"/>
                <AttributeRequest name="documentNumber" op="Set" value="000.000.000-00"/>
                <AttributeRequest name="type" op="Set" value="regular"/>
                <AttributeRequest name="employeeId" op="Set" value="BIG - 70972028587"/>
                <AttributeRequest name="status" op="Set" value="active"/>
                <ProvisioningResult status="failed">
                  <Errors>
                    <Message key="Exception occurred while performing &apos;Create&apos; operation on identity &apos;[email protected]&apos;: &#x9;{&quot;message&quot;:&quot;Expected a value of type `objectId` for `profileId` but received `undefined`.&quot;,&quot;messageVariables&quot;:  {}}&#xA;" type="Error"/>
                  </Errors>
                </ProvisioningResult>

And this is the error i keep getting:

Exception occurred while performing ‘Create’ operation on identity ‘[email protected]’: {“message”:“Expected a value of type objectId for profileId but received undefined.”,“messageVariables”: {}}

4

I aso tried the same thing but using Python with a code like this:

    headers = {
        'janis-api-key': api_key,
        'janis-api-secret': api_secret,
        'janis-client': janis_client,
    }

    body = {
        'email': "[email protected]",
        'profileId': "609165f883c5850008aabfbe",
        'firstname': "ZACARIAS",
        'lastname': "DOS SANTOS GOMES",
        'documentNumber': "000.000.000-00",
        'type': "regular",
        'employeeId': "200123",
        'status': "active",
    }

    response = requests.post(url, headers=headers, json=body)

    if response.status_code == 200:
        print('JANIS QA - Conexão bem-sucedida')

        try:
            response_json = response.json()
            print(json.dumps(response_json, indent=4, ensure_ascii=False))
        except requests.exceptions.JSONDecodeError:
            print("A resposta da API não está no formato JSON.")
            print(f"Resposta: {response.text}")
    else:
        print(f'Erro: {response.status_code}')
        print(f'Detalhes: {response.text}')

And everything worked just as i expected, the user was created with the info that i wanted.

5

Hi @diego_romero_1 ,

To ensure the correct value for profileId is being used, implement a “before operation rule” to create HTTP operation that will log the request body. This will allow you to verify if the profileId in the provisioning plan matches the expected value before the operation is executed.

  Map requestMap = requestEndPoint.getBody();
  
  log.error("requestEndPoint "+requestMap);

  String jsonBody = (String)requestMap.get("jsonBody");  
  
  log.error("jsonBody "+jsonBody);

If the profileId is a native identity attribute, you should pass the profileId as follows:

 "profileId": $plan.nativeIdentity$
1 Like
6

Hello, @Arun-Kumar!

I implemented your suggestion and this is what my catalina.out returned:

{
  "requestEndPoint": {
    "jsonBody": {
      "firstname": "MARIA",
      "lastname": "NAZARE MATIAS",
      "documentNumber": "000.000.000-00",
      "type": "regular",
      "employeeId": "0006000865",
      "status": "active",
      "email": "[email protected]"
    },
    "bodyFormat": "raw"
  }
}

I noticed that the profileId is not in the jsonBody and probably this is causing the error. Do you have any suggestion to solve this?

7

Hi @diego_romero_1,

on webservice we can build the call in different way. You can use a prov. form and build the body how are you doing or you can build all (or a part into the before op. rule).

Before all, you need understand why you dont have profileId attribute in the body but you have all the others. Review the form and plan in a Before Provisioning rule.

Later, if you dont find the problem,trivially, you can add this attribute into the before operation rule. You can save the body in a map(like @Arun-Kumar example), add the profileId attribute and save the bady on the request end point with setBody funcion.

8

@diego_romero_1 Just adding another note, I see from your plan that, profileId is of operation “Add”. So, profileId will be a list and $plan.profileId$ would return value in list format like .

image

9

@Arpitha1
Weird, profileId is a unique atribute, so it should not be a list.

10

Hi @diego_romero_1 ,

If the profileId is present in the provisioningPlan but not in the jsonBody. Retrieve the profileId value from the provisioningPlan and add it to the jsonBody. This should be done within the “Before Operation Rule”

import sailpoint.object.ProvisioningPlan.Operation;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;


Map requestMap = requestEndPoint.getBody(); 


String jsonBody = requestMap.get("jsonBody");
String profileId = "";
AttributeRequest attributeRequest = provisioningPlan.getAcctountRequest("JENIS").getAttributeRequest("profileId");
if (null != attributeRequest) {
profileId = attributeRequest.getValue();
}

try {
ObjectMapper mapper = new ObjectMapper();
JsonNode jsonNode = mapper.readTree(jsonBody);

ObjectNode objectNode = (ObjectNode) jsonNode;

objectNode.put("profileId", profileId);

String updatedJsonBody = mapper.writeValueAsString(objectNode);

log.error("updatedJsonBody: "+updatedJsonBody);

requestMap.put("jsonBody", updatedJsonBody);
requestEndPoint.setBody(requestMap);

log.error("requestEndPoint: "+requestEndPoint);
} catch (Exception e) {
e.printStackTrace();
}
11

Hi @diego_romero_1 ,

If the profileId attribute is designated as an entitlement, you can add the following entry to the application XML from the debug page. Afterward, you can trigger the create operation, and the JSON body will include the profileId.

      <entry key="createAccountWithEntReq">
        <value>
          <Boolean>true</Boolean>
        </value>
12

The problem was the profileId atribute marked as managed in my account schema, i remove it and now everything is working as i wanted.