How can I propagate an AfterCreate script error to IDN?

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

Hi all,

I am looking for a solution to have the “create account” fail in IdentityNow when a AfterCreate Powershell script fails.

I see that when the script fails there is a RpcResponse with a message and a WARN in the IQService log.

09/29/2022 13:16:37 : AbstractConnector [ Thread-8 ] WARN : "Create operation is successful but post script execution failed : After script returned non zero exit code : 1 : "
09/29/2022 13:16:37 : RpcHandler [ Thread-8 ] INFO : "OutgoingResponse:
<?xml version="1.0" encoding="utf-8"?>
<RpcResponse version="1.0" requestId="367ac339-7e20-4c97-b466-c296059f8feb" complete="true">
  <RpcMessages>
    <List>
      <String>Create operation is successful but post script execution failed : After script returned non zero exit code : 1 : </String>
    </List>
  </RpcMessages>

However, in IdentityNow the request is successful.

My reasoning for this is that it’s a bit problematic now to find errors during the execution of the AfterCreate scripts unless you forward logging to some tooling or actively monitoring the logfiles.

Anyone got some pointers or idears how I can achieve my goal?

2

Hi Vincent,
I stumbled upon this resource:
Running Powershell via SailPoint’s IQService | Identity Works LLC](Running Powershell via SailPoint's IQService | Identity Works LLC)

it is no official SailPoint site so read and execute carefully. It is also about the IdentityIQ product but that also uses IQservice so maybe it is still helpful. I’m experimenting with this myself at the moment as well.

3

Hi Vincent,

While I am working on PowerShell scripts included log files in the script which generates log files in IQservice host

$Logfile = “C:\XX\ScriptLog.log”;
To check whether values sent to script are correct
Add-content $Logfile -value “$Stamp Reading user Attr:: $attr from request”
and the command executed should be given something like $result = Invoke-XXX
and you can display $result in the above log file
Also set enable debug for VA through SailPoint idn console and IQ service in debug through command

This helped me. Hope it helps you as well.