Identity Attribute Rule Problem

Hi Team,

I am facing issue while validating identity attribute rule as below

<?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">

<Rule name="PopulateLCS" type="IdentityAttribute">

<Description>Calculates LCS based on start and end dates.</Description>

<Source><![CDATA[

import java.text.SimpleDateFormat;

import java.util.Date;

import java.util.Calendar;

import sailpoint.tools.GeneralException;

import java.util.Iterator;

import sailpoint.object.*;

import java.util.ArrayList;

import sailpoint.api.*;

import sailpoint.object.*;

import java.util.Iterator;

import java.util.List;

import org.apache.commons.lang.StringUtils;

String orgID = identity.getAttribute("originalId");

String empNumber = identity.getAttribute("identificationNumber");

if (orgID != null && empNumber != null){

if (orgID != empNumber){

//String samAccount = idn.getIdentityById("orgID").getSamaccountname();

sailpoint.rule.Identity foundIdentity = idn.getIdentityById("orgID");

String samaccount = foundIdentity.getSamaccountname();

if (samAccount == null && samAccount.isEmpty()){

return prehire;

}

else

{

return prehire-conversion;

}

}

}

// Date format we expect dates to be in (ISO8601)

SimpleDateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy");

if (identity.getAttribute("onLeave").equals("1")) {

return "loa";

}

// Parse the start date from the identity, and put in a Date object.

Date startDate = null;

if (identity.getAttribute("startDate") != null || !(identity.getAttribute("startDate").isEmpty())) {

startDate = dateFormat.parse(identity.getAttribute("startDate"));

} else return "inactive";

// Define a date for today

Date today = new Date();

// Calculate 7 days before start date

Calendar cal = Calendar.getInstance();

cal.setTime(startDate);

cal.add(Calendar.DAY_OF_YEAR, -7);

Date prehireDate = cal.getTime();

if (identity.getAttribute("endDate") == null || identity.getAttribute("endDate").isEmpty()) {

if ((today.equals(prehireDate)) || today.after(prehireDate) && today.before(startDate)) {

return "prehire";

} else if (today.equals(startDate) || today.after(startDate)) {

return "active";

}

return "inactive";

}

// Parse the end date from the identity, and put in a Date object.

Date endDate = null;

if (identity.getAttribute("endDate") != null) {

endDate = dateFormat.parse(identity.getAttribute("endDate"));

}

// Calculate 91 days after end date

cal.setTime(endDate);

cal.add(Calendar.DAY_OF_YEAR, 91);

Date deleteDate = cal.getTime();

// Calculate lifecycle state based on the attributes.

if ((today.equals(prehireDate)) || today.after(prehireDate) && today.before(startDate)) {

return "prehire";

} else if ((today.equals(endDate)) || (today.equals(startDate)) || (today.after(startDate) && today.before(endDate))) {

return "active";

} else if ((today.after(endDate) && today.before(deleteDate))) {

return "disabled";

} else if (identity.getAttribute("legalHold").equals("Y") || identity.getAttribute("cloudLifecycleState").equals("immediatetermination")){

return identity.getAttribute("cloudLifecycleState");

} else if (today.equals(deleteDate) || today.after(deleteDate)) {

return "delete";

}

// If we haven't calculated a state already, return inactive.

return "inactive";

]]></Source>

</Rule>

Can anyone suggest me how to fix this issue

undefined1695×691 36.4 KB

Hi @ajithkumarreddykallu

There are multiple errors in the rule

1. Already there is identity as input argument for the rule, getting an identity again is not required which is below ( and it is not correct in the rule ) you can use identity as you used in starting of the rule (remove below line from rule)

sailpoint.rule.Identity foundIdentity = idn.getIdentityById(“orgID”);

2. Is samAccountName an identity attribute or account attribute?? If it is identity attribute below line is incorrect

String samaccount = foundIdentity.getSamaccountname();

It should be like

String samaccount = identity.getAttribute(“samAccountName”);

3. As you are returning string it should be as below
   return “prehire”;
   not
   return prehire;

4. Same as point 3 for return prehire-conversion;
   It should be return “prehire-conversion”;

Hope this helped!!!

Thanks

HI @ajithkumarreddykallu,

Is there any specific reason why you could not use Transform to calculate the LCS?

Thanks.

Nope. we thought rule was better. The only problem is sailpoint.rule.Identity foundIdentity = idn.getIdentityById(“orgID”);

We need this identity which is different to normal identity.

ORGID has different UID value.

Hello

Thank you for the response.

Sailpoint.rule.Identity foundIdentity = idn.getIdentityById(“orgID”);

We need to get sam account name of Identity with UID org ID. So we need this.
We can change prehire and pre-hire conversion.

Any help will be appreciated

Hello @ajithkumarreddykallu

I assume that you have an identity attribute with name samAccountName mapped to the AD source’s sAMAccountName account attribute, if not you can create one identity attribute with mapping.

As per java docs, the sailpoint.rule.Identity interface does not provide any method like getAtrribute(“someIdentityAttribute”) or other few methods unlike the sailpoint.object.Identity class which provides them.

With the available methods in sailpoint.rule.Identity, maybe you can try this for you requirement:

Make use of the getAttributes() for the found identity. I am exactly not aware of the key-value contents of the map though.

The snippet looks like:

Sailpoint.rule.Identity foundIdentity = idn.getIdentityById(“orgID”);
Map attributesMap = foundIdentity.getAttributes();

String samAccount = attributesMap.get("samAccountName");

Also, Make sure to use the variable names correctly to avoid any undefined variable name errors.

Thanks!

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.