Which IIQ version are you inquiring about?

8.3.p3

Share all details about your problem, including any error messages you may have received.

Title says it all - I’m doing some logging in the before operation rule and I can see the provisioning plan logs just fine.

Rule code:
myLogger("logging provisioning plan: " + provisioningPlan.toXml());

log output:

logging provisioning plan: <?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE ProvisioningPlan PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<ProvisioningPlan nativeIdentity="s12345" targetIntegration="MyApp" trackingId="d168eedd21aa4726b08f7d3392331879">
  <AccountRequest application="MyApp" nativeIdentity="s12345" op="Modify">
    <AttributeRequest name="employeeid" op="Set" value="12345"/>
    <AttributeRequest name="department" op="Set" value="The following is in quotes &quot;something&quot;"/>
    <AttributeRequest name="department_code" op="Set" value="D12345"/>
  </AccountRequest>
  <Attributes>
    <Map>
      <entry key="source" value="IdentityRefresh"/>
    </Map>
  </Attributes>
</ProvisioningPlan>

When I log the requestEndpoint I see all the information about the request, but the body is null (parsing out just the body to sanitize.
Rule code:

myLogger("logging requestEndPoint.getBody: " + requestEndPoint.getBody());

Log output:
logging requestEndPoint.getBody: {jsonBody=null, bodyFormat=raw}

I found this documentation that seems to be exactly my issue, but the recommended changes didn’t seem to change the underlying behavior at all.

“An error occurs during provisioning if the request body includes a multivalued attribute with quotation marks”

Any ideas? Is there a switch that I can enable/disable so that these are properly escaped? When I push the payload manually via postman, everything renders just fine and aggregates back as expected so it’s not an issue with the API itself.

Hi @josefismael,

you can try to change the value into the before op. rule.
Try set the value without " into the prov. form and later add it to the body into the before operation rule.

Question: do you have the " into departament on the indentity or you set it in the form?

Thanks for the reply.

you can try to change the value into the before op. rule.

How would I do this? The value only exists in the provisioningPlan object, and not in the requestEndpoint object.

Try set the value without " into the prov. form and later add it to the body into the before operation rule.

You mean so that the provisioningPlan contains the html-escaped " character (like below)?

<AttributeRequest name="employeeid" op="Set" value="12345"/>
    <AttributeRequest name="department" op="Set" value="The following is in quotes \&quot;something\&quot;"/>
    <AttributeRequest name="department_code" op="Set" value="D12345"/>

Question: do you have the " into departament on the indentity or you set it in the form?

Department is present in the identity.

hi @enistri_devo - did you get a chance to review my reply?

Can you explain better this part? If you put this value into the plan, later, dont you send it to the app into the body or url?

Thanks for the reply. You can see in my example that the value is already in the plan, as it gets written when I log the provisioningPlan.toXml() value.

<AttributeRequest name="department" op="Set" value="The following is in quotes &quot;something&quot;"/>

The problem arises when the plan is converted to the body of the requestEndpoint object (see example above).

Are you saying that I would need to ‘unmarshal’ the provisioningPlan, iterate through all values, manually html-escape them, then re-build the provisioningPlan? Surely there’s a native way to solve for this…

How you convert the plan to body?
Can you share the rule or the body configuration into this endpoint?

This is a web services app so I use the following in the app config for the Body of the Create operation:

{
  "Persons": [
  {
      "employeeid": "$plan.employeeid$",
      "department": "$plan.department$",
      "department_code": "$plan.department_code$"
  }
]
}

Let me know if that makes sense.