Hi Sailors,
My webservice create operation expects JSON body in the below format along with the list of roles to add. Could you please let me know how I can customize the provisioning plan to accommodate this?
{
"roles": [{
"id": 1
},
{
"id": 2
}
],
"active": true,
"username": "testuser"
}
Are you transforming the JSON input into a ProvisioningPlan object yourself in your API? If so, log the XML of the plan you’re constructing and trying to execute.
Also, the JSON you provided does seem to be missing a lot of context needed to construct a provisioning plan, like target Identity, target Application, whether it’s an account Create or Modify, etc.
Finally, if this plan is intended for a target application (one managed by IIQ and you’re using this to trigger IIQ provisioning), make sure that the roles attribute in that app’s Account schema is flagged as multi (multi-valued).
Hi Brian,
Attached the plan generated by SailPoint when I add two entitlements using Manage User Access:
Plan.txt (1.6 KB)
This is how SailPoint OOTB connector translates into
{
jsonBody = {
"roles": [
["217", "292"]
],
"enableAutoLogin": true,
"username": "TEST05",
"firstName": "TEST05 ",
"lastName": "Test ",
"email": "[email protected]",
"description": "Created by SailPoint",
"licenseFeatures": [
"DEVELOPMENT"
]
}, bodyFormat = raw
}
But I wanted in the below format
{
jsonBody = {
"roles": [{
"id": 217
},
{
"id": 292
}
],
"enableAutoLogin": true,
"username": "TEST05",
"firstName": "TEST05 ",
"lastName": "Test ",
"email": "[email protected]",
"description": "Created by SailPoint",
"licenseFeatures": [
"DEVELOPMENT"
]
}, bodyFormat = raw
}
Please let me know if you have any questions.
What type of connector are you using for this application? My guess would probably be the IIQ Web Services connector. If that’s the case, could you share your Web Service Create Operation template?
Yes , using SailPoint Web services connector, attached application xml -
application.xml (22.4 KB)
I am trying some before provisioning rule but not working as Sailpoint is added some extra double codes and square brackets.
import java.util.Iterator;
import java.util.List;
import org.apache.log4j.Logger;
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningPlan.Operation;
Logger a360Logger = Logger.getLogger("com.venu.iam.application.a360");
List accountReqs = plan.getAccountRequests();
for (AccountRequest accountRequest : accountReqs) {
String strRoles = null;
List attributeReqs = accountRequest.getAttributeRequests();
Iterator attributeReqsItr = attributeReqs.iterator();
while (attributeReqsItr.hasNext()) {
AttributeRequest attributeRequest = (AttributeRequest) attributeReqsItr.next();
if(attributeRequest.getName().equalsIgnoreCase("roles")) {
a360Logger.debug("Attribute Value:"+attributeRequest.getValue());
if( null == strRoles) {
strRoles = "{ \"id\": " + Integer.valueOf((String)attributeRequest.getValue())+ " }";
} else {
strRoles = ",{'id': " + attributeRequest.getValue() + "}";
}
attributeReqsItr.remove();
}
}
if(strRoles != null) {
AttributeRequest roleReq = new AttributeRequest();
roleReq.setName("roles");
roleReq.setOperation(ProvisioningPlan.Operation.Set);
roleReq.setValue(strRoles);
accountRequest.add(roleReq);
}
}
That’s probably a mix of both your rule logic, as well as your JSON request template. In the rule, I’d try adding your reformatted roles to the plan as a plan attribute (via plan.put(Sting key, Object value) (not forgetting to save the updated plan before exiting the rule) and try referencing that new plan attribute in your JSON request template.
Also, not sure if this might apply as well: Configuring Multiple Entitlement Requests