ISC Workflow - Convert String into JSON

gaurav_jain · August 28, 2024, 12:37pm

Hi,

I am writing a workflow which fetches the events and uses that data for further processing. The data I am interested in looks like this:

“IdnAccessRequestAttributes”: “{"deniedCommentsRequired":false,"requestedObjectId":"785d141225f34ad7b330a5e188b70567","accessRequestType":"REVOKE_ACCESS","requestedObjectDescription":"Okta role","requestedObjectName":"Bobby - Test Okta","requestedObjectType":"ROLE"}”

I am able to access IdnAccessRequestAttributes using JSON Path but it returns the data as string. I would like to convert this String into JSON or Map using Java APIs as I need to extract data from within this string e.g. I want to extract the value of requestedObjectId. Is there any way to do this in Workflow?

Thanks,
Gaurav

Anshu_Kunal · August 28, 2024, 3:06pm

ISC workflow does not have capability to do these operations, but you should be able to get ‘requestedObjectId’ using jsonpath like

$.requestedObjectId

gaurav_jain · August 28, 2024, 4:49pm

Unfortunately, that does not work.

$.attributes.IdnAccessRequestAttributes gives the following:

[
  "{\"deniedCommentsRequired\":false,\"requestedObjectId\":\"785d141225f34ad7b330a5e188b70567\",\"accessRequestType\":\"REVOKE_ACCESS\",\"requestedObjectDescription\":\"Okta role\",\"requestedObjectName\":\"Bobby - Test Okta\",\"requestedObjectType\":\"ROLE\"}"
]

But $.attributes.IdnAccessRequestAttributes.requestedObjectId does not match anything.

Anshu_Kunal · August 28, 2024, 5:07pm

Can you try this and if possible share your JSON?

$.attributes.IdnAccessRequestAttributes[?(@.accessRequestType==‘REVOKE_ACCESS’)].requestedObjectId

baoussounda · August 28, 2024, 5:30pm

With this type of format:

[
“{"deniedCommentsRequired":false,"requestedObjectId":"785d141225f34ad7b330a5e188b70567","accessRequestType":"REVOKE_ACCESS","requestedObjectDescription":"Okta role","requestedObjectName":"Bobby - Test Okta","requestedObjectType":"ROLE"}”
]

You can try also : $.attributes.IdnAccessRequestAttributes[0].requestedObjectId

If your $.attributes.IdnAccessRequestAttributes is an array you itterate on it by using workflows.

gaurav_jain · August 28, 2024, 5:33pm

Sorry, it did not work.

gaurav_jain · August 28, 2024, 5:33pm

It did not work, sorry!!

baoussounda · August 28, 2024, 5:39pm

@gaurav_jain can you please confirm your input data ?

gaurav_jain · August 28, 2024, 5:51pm

"attributes": {
            "accountName": "Test User",
            "attributeName": "assignedRoles",
            "attributeValue": "Bobby - Test Okta [cloudRole-1694622119513]",
            "flow": "appRequest",
            "IdnAccessRequestAttributes": "{\"deniedCommentsRequired\":false,\"requestedObjectId\":\"785d141225f34ad7b330a5e188b70567\",\"accessRequestType\":\"REVOKE_ACCESS\",\"requestedObjectDescription\":\"Okta role\",\"requestedObjectName\":\"Bobby - Test Okta\",\"requestedObjectType\":\"ROLE\"}",
            "info": "Bobby - Test Okta",
            "interface": "LCM",
            "operation": "RoleRemove",
            "sourceName": "IIQ"
        }

shaileeM · August 29, 2024, 1:15am

Hi @gaurav_jain,

Can you share the full JSON ?

Thanks,
Shailee

gaurav_jain · August 29, 2024, 12:46pm

[
	{
		"_type": "event",
		"_version": "v2",
		"action": "RoleRemove",
		"actor": {
			"name": "test.user1"
		},
		"attributes": {
			"accountName": "Test User",
			"attributeName": "assignedRoles",
			"attributeValue": "Test Okta [cloudRole-1694622119513]",
			"flow": "appRequest",
			"IdnAccessRequestAttributes": "{\"deniedCommentsRequired\":false,\"requestedObjectId\":\"785d141225f34ad7b330a5e188b70567\",\"accessRequestType\":\"REVOKE_ACCESS\",\"requestedObjectDescription\":\"Okta role\",\"requestedObjectName\":\"Test Okta\",\"requestedObjectType\":\"ROLE\"}",
			"info": "Test Okta",
			"interface": "LCM",
			"operation": "RoleRemove",
			"sourceName": "IIQ"
		},
		"created": "2023-09-13T17:14:50.102Z",
		"id": "3e95ad4b24ab1283e32290bec6d124db0fc6f82460c7ec60331f589386c0aad0",
		"name": "Remove Role Passed",
		"objects": [
			"ROLE"
		],
		"operation": "REMOVE",
		"org": "testorg",
		"pod": "testpod",
		"stack": "wps",
		"status": "PASSED",
		"synced": "2023-09-13T17:14:50.432Z",
		"target": {
			"name": "Test User"
		},
		"technicalName": "ROLE_REMOVE_PASSED",
		"trackingNumber": "0f97adc460334f34aa7ebe25c2467812",
		"type": "ACCESS_ITEM"
	}
]

shaileeM · August 29, 2024, 3:56pm

Hi @gaurav_jain ,

The JSON string contains IdnAccessRequestAttributes in a string format and Workflows currently cannot convert String to JSON. Hence there are multiple combinations of steps required in the workflow to fetch the requestedObjectId

Below would be not one of the most elegant way to extract the requestedObjectId value but you can give it a try:

Assuming that your input is as above shared (copied in formatted string as below):

[
    {
        "_type": "event",
        "_version": "v2",
        "action": "RoleRemove",
        "actor": {
            "name": "test.user1"
        },
        "attributes": {
            "accountName": "Test User",
            "attributeName": "assignedRoles",
            "attributeValue": "Test Okta [cloudRole-1694622119513]",
            "flow": "appRequest",
            "IdnAccessRequestAttributes": "{\"deniedCommentsRequired\":false,\"requestedObjectId\":\"785d141225f34ad7b330a5e188b70567\",\"accessRequestType\":\"REVOKE_ACCESS\",\"requestedObjectDescription\":\"Okta role\",\"requestedObjectName\":\"Test Okta\",\"requestedObjectType\":\"ROLE\"}",
            "info": "Test Okta",
            "interface": "LCM",
            "operation": "RoleRemove",
            "sourceName": "IIQ"
        },
        "created": "2023-09-13T17:14:50.102Z",
        "id": "3e95ad4b24ab1283e32290bec6d124db0fc6f82460c7ec60331f589386c0aad0",
        "name": "Remove Role Passed",
        "objects": [
            "ROLE"
        ],
        "operation": "REMOVE",
        "org": "testorg",
        "pod": "testpod",
        "stack": "wps",
        "status": "PASSED",
        "synced": "2023-09-13T17:14:50.432Z",
        "target": {
            "name": "Test User"
        },
        "technicalName": "ROLE_REMOVE_PASSED",
        "trackingNumber": "0f97adc460334f34aa7ebe25c2467812",
        "type": "ACCESS_ITEM"
    }
]

You can first define a variable in the workflow to get the index of requestedObjectId in the value fetched for$.attributes.IdnAccessRequestAttributes :

As the next step, you can define another variable and use this index from the preceding Define Variable to get the requestId value like below:

Your workflow would have these two steps added where the second Define Variable : requestId has the value 785d141225f34ad7b330a5e188b70567. You can use it as $.defineVariable.requestId in the subsequent steps

I hope this helps your case.

Thanks,
Shailee

gaurav_jain · August 30, 2024, 12:33pm

Thanks Shailee!! I appreciate the effort you have put in to respond to my rquestion. It works for requestedObjectId but will not work for others as it has hardcoded index and length values. I am afraid that the code will break if for whatever reason index and length changes. Can you think of any other better way to achieve that?

shaileeM · September 2, 2024, 1:43am

Hi @gaurav_jain ,

Just a thought on your use case, if it suits here - If your use case is to capture the requestObjectId or IdnAccessRequestAttributes.attributes after the request of an access, you can use PowerShell script instead of Workflows. An “After Modify Rule” can be used to trigger the PowerShell script and within the PowerShell script you will be able to parse the required response objects more neatly.

I hope this suggestion helps.

Thanks,
Shailee

gaurav_jain · September 2, 2024, 12:50pm

Thanks for the suggestions Shailee!! But with the help of @IAMpdu, I was able to convert that string into JSON. Basically, we passed the String to a fake URL and got the output in JSON.

“HTTP Request 1”: {
“actionId”: “sp:http”,
“attributes”: {
“authenticationType”: “basic”,
“basicAuthPassword”: “$.secrets.e60445de-6cd0-4988-8ea4-209b6b86d877”,
“basicAuthUserName”: “test”,
“jsonRequestBody.$”: “$.hTTPRequest.body[0].attributes.IdnAccessRequestAttributes”,
“method”: “post”,
“requestContentType”: “json”,
“url”: “https://jsonplaceholder.typicode.com/posts”
},
“displayName”: “Parse String into JSON”,
“nextStep”: “Manage Access”,
“type”: “action”,
“versionNumber”: 2
}

colin_mckibben · September 18, 2024, 2:01pm

Be careful when using third party websites to do this. You don’t know who operates those sites and the data you send to them may be captured. Whatever data you send should not contain PII or other sensitive information.

Topic		Replies	Views
How to parse and filter JSON String in Sailpoint Workflows? ISC Discussion and Questions workflows , identity-security-cloud	7	546	December 29, 2024
Bug in IDN workflow engine to parse integer values from JSON response ISC Discussion and Questions workflows , identity-security-cloud	11	116	May 4, 2025
Workflow HTTP request body parsing error ISC Discussion and Questions workflows , identity-security-cloud	17	764	February 16, 2025
HTTP Workflow Error ISC Discussion and Questions workflows , identity-security-cloud	11	1764	July 19, 2023
Compare String Operator is not able to fetch full JSONPath ISC Discussion and Questions workflows , identity-security-cloud	3	150	May 10, 2025

ISC Workflow - Convert String into JSON

Related topics