Which IIQ version are you inquiring about?
8.4p1
Please share any other relevant files that may be required (for example, logs).
IQService log:
IQTrace.txt (10.9 KB)
Share all details about your problem, including any error messages you may have received.
Hello!
We have a issue regarding a AfterProvisioning rule in the SQLLoader connector. As per this documentation in Compass, it is possible to run powershell scripts via the IQService and using Client Authentication to do so. To use client authentication one option is to pass an application object to the RPCService in the AfterProvisioning rule.
However we can only make this work with the AD application. When passing the SQLLoader application object (which has a IQService configuration) it doesn’t seem to be able to decrypt the password for the IQService user? Has anyone had this problem before and how can i properly pass the credentials to IQSerivce?
The powershell script is a simple script that copies a file created by IIQ to another server
The AfterProvisioning rule:
import sailpoint.object.RpcRequest;
import sailpoint.object.RpcResponse;
import sailpoint.connector.RPCService;
import sailpoint.object.Rule;
import sailpoint.object.Application;
import org.apache.log4j.Logger;
import org.apache.log4j.Level;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningPlan.Operation;
Logger log = Logger.getLogger("Transfer File");
log.setLevel(Level.DEBUG);
Rule rule = context.getObjectByName(Rule.class,"RK CWT PowerShell");
Application cwt = context.getObjectByName(Application.class,"CWT2");
log.debug("got application: " + cwt);
Map data = new HashMap();
data.put("postScript", rule);
data.put("Application", cwt.getAttributes());
log.debug("Map Created: " + data);
List fakeAttributeRequests = new ArrayList();
// Fake account request
AccountRequest objectAccountRequest = new AccountRequest();
objectAccountRequest.setApplication("IIQ");
objectAccountRequest.setNativeIdentity("*FAKE*");
objectAccountRequest.setOperation(AccountRequest.Operation.Modify);
// Fake attribute request
AttributeRequest fakeAttribute = new AttributeRequest();
fakeAttribute.setOperation(Operation.Add);
fakeAttribute.setName("param");
fakeAttribute.setValue("value");
fakeAttributeRequests.add(fakeAttribute);
objectAccountRequest.setAttributeRequests(fakeAttributeRequests);
// Add to the IQService params
data.put("Request", objectAccountRequest);
RPCService service = new RPCService("*hostname*", *port*, false, false);
log.debug("RPCService: " + service);
service.setConnectorServices(new sailpoint.connector.DefaultConnectorServices());
RpcRequest request = new RpcRequest("ScriptExecutor", "runAfterScript", data);
log.debug("RPCRequest: " + request);
RpcResponse response = service.execute(request);
log.debug("Response recieved: " + response.getErrors());
The Powershell Script (ConnectorAfterCreate rule) can be seen in the log file.
The error message:
12/09/2024 14:37:08 : AbstractConnector [ Thread-7 ] DEBUG : "Exception occurred in executing the script : The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters. "