I am inside a identity attribute rule util, and should use attributes from its authoritative Source. As identity is not created yet, I get “null” when calling to identity.getAttribute on mapped attribute. So I think I can use the getAccountAttribute method to obtain the source attribute directly.
But it is not much clear to me how to use it. I have no application attached to the source, should I have to create one? Also, what is expected as “nativeIdentity”?
If someone has already used this method, help will be appreciated. Thanks!
Spoiler: I am trying with getSourceAttributeBySourceId and getSourceAttributeBySourceName methods. When I can try it and if nobody already answered, I will share results. Waiting for support to deploy rule.
Are you using this inside a BeforeProvisioning Rule? In that case: applicationName = application.getName() nativeIdentity = accountRequest.getNativeIdentity()
Have you considered using Link?
Use identity.getLinks() to get all the Links for the identity. Then iterate through these Links to find the one specific to the Source you want to use by comparing link.getApplicationName() to the Source Name. Then link.getNativeIdentity() to get the nativeIdentity of the account
Application Name:
Your application name should be something like : SourceName [source-XXXXX]
SourceName is Source display name and XXXXX is 5 digit cloudExternalID of your source.
If you are passing this application name from a transform you can use below function to retrieve it or you can hard code in rule, its up to you.
String applicationName = application.getName();
OR
String applicationName = "SourceName [source-XXXXX]"
Native Identity :
This is the account id attribute from your source.
If its AD, nativeIdentity is distinguishedName or usually its employee_number etc. depending n your source.
Thank you @sharvari ! I see that I can obtain sourceName and cloudExternalID from Rest. I should hardcode it because I am at an identity attribute rule. This means algo that I should change code when passing from sandbox to production.
This didn’t work for me. I have mentioned the details of the identity attribute rule. Please have a look if there is something wrong in the below code.
I tried passing the application name in the below format.
String applicationName = “SourceName [source-XXXXX]”
example value : String applicationName = “HR Application [source-12345]”
Also the native Id is derived from combination of 2 identity attributes as mentioned below.
Hi Shivam, I extracted the Links object from identity (getLinks) and ther I iterated over all applications (link.getApplication). I saw there that applications names are in the form “name as you see in the UI” + " " + “[source]”. They have nothing more after “source”, like “-xxxx”. Other thing is that I renamed a source, and the old name remains in the application name.
I enden in a code like this:
List links = identity.getLinks();
Iterator iterator = links.iterator();
int max = 0;
while(max < 20 && iterator.hasNext()) {
Link link = (Link)iterator.next();
String applicationName = link.getApplicationName();
Application source = link.getApplication();
if(applicationName.toLowerCase().contains("_PART_OF_YOUR_SOURCE_NAME_")) {
someStringVariable = idn.getAccountAttribute(applicationName, link.getNativeIdentity(), "_TECHNICAL_ATTRIBUTE_NAME__AS__IS__ON_THE_SCHEMA__");
break;
}
max++;
}
Thanks Julian Sosa, i will try this out and confirm if it works or not.
I was already trying to print all the application names from the link using the below code but the log was not getting printed. which made me understand that the link was empty. I will try the iterator that you have shared also.
List appLinks = identity.getLinks();
if(null != appLinks) {
for(Link lin : appLinks){
log.info(“applications are” + lin.getApplicationName());
}
}
Hi Shivam, don’t worry. I fall there some months ago, it is because in cloud rules, log logs to somewhere in the cloud and only Sailpoint staff can see it. It was all the time on documentation, but as I did not see this warning, I though as you that the rule was not working:
What I begun to do after I realized about it, is that log every to return. So, after I aggregate I can see errors in the field itself. One thing I always do is to enclose entire code in a try, and return catch as a message:
Note: where I return variables, I always concatenate some fixed string, to help me realize the point of the code where the error could be
Note2: do not forget that deploys are billable, they take about 15-30 min in doing it, ant they taxi meter is running, I also code all things that are not dependant of idn or identity objects in eclipse with hardcoded values to help minimize errors before deploying
I might have not clearly explained before but the other logs were getting printed which were above and below the application name log. I was getting the logs with the help from Sailpoint support only. Since the link is coming as empty , I am not able to see the application names getting printed. Rest all other logs are getting printed.
Now the issue which still persists is why is the appLinks coming as null.
List appLinks = identity.getLinks();
if(null != appLinks) {
for(Link lin : appLinks){
log.info(“applications are” + lin.getApplicationName());
}
}
