Difficulty Mapping Variables in JSON Body for Add Entitlement Operation - Need Help

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

I’m having trouble mapping the rest of the variables in the body below.

As per the example:

{
    "name": "??????",
    "username": "??????",
    "enabled": true,
    "cpf": "??????",
    "profiles": [
        {
            "id": $plan.profiles$
        }
    ]
}

When I map it in the following way, it only sends $plan.profiles$:

{
    "name": "$plan.name$",
    "username": "$plan.emails$",
    "enabled": true,
    "cpf": "$plan.IdentityNumber$",
    "profiles": [
        {
            "id": $plan.profiles$
        }
    ]
}

but without success.

2

Hi @clebercarvalhoRaise,

Can you try this :

{
    "name": "$plan.name$",
    "username": "$plan.emails$",
    "enabled": true,
    "cpf": "$plan.IdentityNumber$",
    "profiles": [
        {
            "id": "$plan.profiles[0]$"
        }
    ]
}

For see if the problem coming from structure.

3

My problem is with the variables ‘name’, ‘email’, and ‘IdentityNumber’ which I am unable to send in the body.

4

in update operation ?

$plan contains thoses other attributes only in CReate account operation.

In update those attributes are not exist. You can use a before provisioning rule to populate this attributes.

5

Hi @clebercarvalhoRaise ,

Update operation plan always contain the changes in the attributes. In your case, if name, username, cpf values do not change, the plan do not contain that value.

Plan only contains the values that are changed/requested which are not on the account. If you request profile, plan will only contain that. Hence, you will always see the other values empty since plan.name/email/identitynumber do not resolve to anything as there is no change in it.

If your body mandatorily needs those attributes, you need to handle to replace the empty values of name, username, cpf using a webservice before operation rule by understanding their existing values.

Hope this helps.

Regards,
Uday Kilambi

6

{
“description”: “Add more Attributes to the Plan”,
“type”: “WebServiceBeforeOperationRule”,
“signature”: {
“input”: ,
“output”: null
},
“sourceCode”: {
“version”: “2020-09-21 05:27:31”,
“script”: “import java.util.ArrayList;\r\nimport java.util.HashMap;\r\nimport java.util.Map;\r\nimport connector.common.JsonUtil;\r\nimport connector.common.Util;\r\nimport sailpoint.connector.webservices.EndPoint;\r\nimport sailpoint.connector.webservices.WebServicesClient;\r\nimport sailpoint.object.Application;\r\nimport sailpoint.object.ProvisioningPlan;\r\nimport sailpoint.object.ProvisioningPlan.AccountRequest;\r\n\r\nMap body = requestEndPoint.getBody();\r\nString jsonBody = (String) body.get("jsonBody");\r\nlog.info("Rule - Extract User Details: running");\r\n\r\ntry {\r\n Map jsonMap = JsonUtil.toMap(jsonBody);\r\n if (jsonMap != null) {\r\n // Extracting name and email\r\n String name = (String) jsonMap.get("name");\r\n String email = (String) jsonMap.get("email");\r\n\r\n log.info("Extracted name: " + name);\r\n log.info("Extracted email: " + email);\r\n\r\n // Making name and email available for further processing\r\n requestEndPoint.setVariable("extractedName", name);\r\n requestEndPoint.setVariable("extractedEmail", email);\r\n\r\n // Additional processing if needed\r\n String webID = "";\r\n if (provisioningPlan != null) {\r\n log.info("Rule - Extract User Details: plan is not null");\r\n for (AccountRequest accReq : Util.iterate(provisioningPlan.getAccountRequests())) {\r\n log.info("Rule - Extract User Details: iterating over account requests");\r\n for (ProvisioningPlan.AttributeRequest attReq : Util.iterate(accReq.getAttributeRequests())) {\r\n log.info("Rule - Extract User Details: iterating over attribute requests");\r\n String attrName = attReq.getName();\r\n if (attrName != null && "webId".equalsIgnoreCase(attrName)) {\r\n webID = (String) attReq.getValue();\r\n log.info("Rule - Extract User Details: setting webID = " + webID);\r\n }\r\n }\r\n }\r\n } else {\r\n log.info("Rule - Extract User Details: plan is null");\r\n }\r\n\r\n if (!"".equals(webID)) {\r\n jsonMap.put("webID", webID);\r\n }\r\n\r\n // Ensure required fields are present\r\n if (!jsonMap.containsKey("webLogonEmail")) {\r\n jsonMap.put("webLogonEmail", "");\r\n }\r\n if (!jsonMap.containsKey("taxID")) {\r\n jsonMap.put("taxID", "");\r\n }\r\n if (!jsonMap.containsKey("taxIdType")) {\r\n jsonMap.put("taxIdType", "");\r\n }\r\n if (!jsonMap.containsKey("actorLogonId")) {\r\n jsonMap.put("actorLogonId", "");\r\n }\r\n\r\n String finalBody = JsonUtil.render(jsonMap);\r\n body.put("jsonBody", finalBody);\r\n requestEndPoint.setBody(body);\r\n }\r\n} catch (Exception ex) {\r\n log.error("Rule - Extract User Details: " + ex);\r\n}\r\n\r\nreturn requestEndPoint;”
},
“attributes”: {
“sourceVersion”: “2020-09-21 05:27:31”
},
“id”: “f94a709412bd4464836376bff5c83986”,
“name”: “NeuroV2”,
“created”: “2024-06-17T15:50:52.200Z”,
“modified”: “2024-06-17T15:50:52.200Z”
}

is correct ?

7

Hi @clebercarvalhoRaise ,

In your rule, you seems trying to verifying if the attribute, say, webLogonEmail is not present in the map, you add an entry with value as “”.

Is that what you are trying to achieve? or do you want to actually pass webLogonEmail with email value?

Regards,
Uday Kilambi

8

Take a look at this blog post detailing this scenario for several connector types (including webservices).

You would want to use a before provision rule to add these additional attribute values to the accountRequest (as Arguments, not attributeRequests).

Then use a beforeOperation rule to retrieve the values from the accountRequest, and place them into your json body:

9

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.