Error executing PowerShell script via rule in SailPoint IIQ: 'Value cannot be null. Parameter name: s'

victorsantos2 · December 19, 2024, 10:30am

IIQ 8.4

Aux - Invoke Powershell:

  import sailpoint.object.RpcRequest;
  import sailpoint.object.RpcResponse;
  import sailpoint.connector.RPCService;
  import sailpoint.object.Rule;
  import sailpoint.object.Application;
  import org.apache.log4j.Level;
  import org.apache.log4j.Logger;

  Map data = new HashMap();

  Rule rule = context.getObjectByName(Rule.class, "Aux - powershell command" );

  Application ad = context.getObjectByName(Application.class, "Active Directory" ); 

  data.put("Application", ad.getAttributes());
  data.put("postScript", rule); //es postscript por defecto

  RPCService service = new RPCService("10.8.8.8", 5050, false, false); 

  service.setConnectorServices(new sailpoint.connector.DefaultConnectorServices());

  RpcRequest request = new RpcRequest("ScriptExecutor", "runAfterScript", data);
 
  RpcResponse response = service.execute(request);

  return response.toXml();

Hi all,

I’m encountering an issue while trying to execute a PowerShell script using a custom rule in SailPoint IIQ. My goal is to manage the “Out of Office” status for users in Exchange. Here’s the setup and details:

Implementation Details

Rule 1: Aux - PowerShell Command

This rule contains the PowerShell script (.ps1) code that will handle the user status in Exchange.

Rule 2: Aux - Invoke PowerShell

This rule is responsible for invoking the previous rule (Aux - PowerShell Command) and executing it via an RcpRequest on a specified host.

The Issue:

When I execute the second rule (Aux - Invoke PowerShell), I get the following error:

Exception running rule: The application script threw an exception: sailpoint.tools.GeneralException: Errors returned from IQService. Value cannot be null.  
Parameter name: s  
BSF info: Aux-Invoke powershell at line: 0 column: columnNo

What I Have Checked

The PowerShell script works as expected when executed outside SailPoint IIQ.
The RcpRequest host configuration seems correct.
I’ve reviewed both rules to ensure they match the documentation examples, but I cannot pinpoint the issue.

Questions

Has anyone encountered this “Value cannot be null” error before in the context of IQService?
Are there specific configurations or debugging steps I should follow to troubleshoot further?
Could this error be related to how the parameters are being passed between the two rules?

Any guidance or suggestions would be greatly appreciated!

paul_hilchey · December 20, 2024, 4:57am

Your beanshell looks good.

It could be something in your powershell code, or possibly it is not being started with the same environment as when you tested it outside of IIQ.

ryan_toornburg · December 20, 2024, 4:47pm

@victorsantos2 Can you provide a sample of the PS script?