Issue to API connection through RPC request

sailpoint.tools.GeneralException: BeanShell script error: bsh.EvalError: Sourced file: inline evaluation of: import sailpoint.tools.GeneralException; import sailpoint.object.RpcRequest; . . . '' : Typed variable declaration : Undefined argument: identityName : at Line: 11 : in file: inline evaluation of: import sailpoint.tools.GeneralException; import sailpoint.object.RpcRequest; . . . ‘’ : ( Identity .class , identityName )
BSF info: Powershell-Customization-Provisioning at line: 0 column: columnNo
at sailpoint.server.BSFRuleRunner.runRule(BSFRuleRunner.java:219)
at sailpoint.server.InternalContext.runRule(InternalContext.java:1262)
at sailpoint.server.InternalContext.runRule(InternalContext.java:1234)
at sailpoint.api.Identitizer.notifyListeners(Identitizer.java:4391)
at sailpoint.api.Identitizer.promoteAttribute(Identitizer.java:4130)
at sailpoint.api.Identitizer.promoteAttributes(Identitizer.java:3753)
at sailpoint.api.Identitizer.refresh(Identitizer.java:2306)
at sailpoint.api.Aggregator.finishLastIdentity(Aggregator.java:4653)
at sailpoint.api.Aggregator.aggregateAccount(Aggregator.java:3551)
at sailpoint.api.Aggregator.aggregateAccounts(Aggregator.java:3242)
at sailpoint.api.Aggregator.primaryAccountAggregation(Aggregator.java:2822)
at sailpoint.api.Aggregator.aggregateApplication(Aggregator.java:2670)
at sailpoint.api.Aggregator.phaseAggregate(Aggregator.java:2571)
at sailpoint.api.Aggregator.execute(Aggregator.java:2221)
at sailpoint.request.AggregationRequestExecutor.execute(AggregationRequestExecutor.java:95)
at sailpoint.request.RequestHandler.run(RequestHandler.java:163)
Caused by: org.apache.bsf.BSFException: BeanShell script error: bsh.EvalError: Sourced file: inline evaluation of: import sailpoint.tools.GeneralException; import sailpoint.object.RpcRequest; . . . '' : Typed variable declaration : Undefined argument: identityName : at Line: 11 : in file: inline evaluation of: import sailpoint.tools.GeneralException; import sailpoint.object.RpcRequest; . . . ‘’ : ( Identity .class , identityName )
BSF info: Powershell-Customization-Provisioning at line: 0 column: columnNo
at bsh.util.BeanShellBSFEngine.eval(BeanShellBSFEngine.java:202)
at org.apache.bsf.BSFManager$5.run(BSFManager.java:445)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at org.apache.bsf.BSFManager.eval(BSFManager.java:442)
at sailpoint.server.BSFRuleRunner.eval(BSFRuleRunner.java:245)
at sailpoint.server.BSFRuleRunner.runRule(BSFRuleRunner.java:216)
… 15 more

Received the above error for distribution list. but i think this is related with connection issue. Kindly Help

Hello Amit, the error seems to be a beanshell syntax error.
import sailpoint.tools.GeneralException; import sailpoint.object.RpcRequest; . . . '' : Typed variable declaration : Undefined argument: identityName : at Line: 11 : in file: inline evaluation of: import sailpoint.tools.GeneralException; import sailpoint.object.RpcRequest; . . . ‘’ : ( Identity .class , identityName )

Can you share the rule which you are using? (removing any sensitive info)

Error clearly says that you have not declared variable for identityName

Add below line of code and try again
String identityName = null;

Hi Aishwarya,

This is the test code we are using for the distribution list

import sailpoint.tools.GeneralException;
  import sailpoint.object.RpcRequest;
  import sailpoint.object.Rule;
  import sailpoint.connector.RPCService;
  import sailpoint.object.Application;
  import sailpoint.object.ProvisioningPlan.AccountRequest;
  import sailpoint.object.Identity;
  import java.util.ArrayList;
  import sailpoint.api.SailPointContext;

//List<String> emailList = new ArrayList<>();
List emailList = new ArrayList();
  
  emailList.add("email id");
  
    
  String server = "servername";
  String userO365 = "account name";
  String passO365 = encrypted password;


for (String email : emailList) {

    
      try {
        Map dataMap = new HashMap();
        Map testApplication = new HashMap();
        testApplication.put("appAttributeKey", "appAttributeValue");
        dataMap.put("Application", testApplication);
        Rule rule = context.getObjectByName(Rule.class, "RulePowerShell");
        dataMap.put("postScript", rule);
        AccountRequest accountRequest = new AccountRequest();
        accountRequest.addArgument("email", email);
        accountRequest.addArgument("dl", "dl name");
        accountRequest.addArgument("userO365", userO365);
        accountRequest.addArgument("passO365", passO365);
        dataMap.put("Request", accountRequest);
        RPCService service = new RPCService(server, 5050);
        RpcRequest request = new RpcRequest("ScriptExecutor", "runAfterScript", dataMap);
        log.error("result::"+service.execute(request));
        service.checkForErrors(false);
        return service.execute(request);
      } catch (Exception e) {
        log.error(e.getMessage(), e);
        log.error("result::"+"Unsuccessful");
      }

}

and below is the error we are receiving in syslog
sailpoint.tools.GeneralException: Errors returned from IQService. After script returned non zero exit code : 1 : 
	at sailpoint.connector.RPCService.checkForErrors(RPCService.java:875)
	at sailpoint.connector.RPCService.parseResponse(RPCService.java:711)
	at sailpoint.connector.RPCService.execute(RPCService.java:513)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at bsh.Reflect.invokeMethod(Reflect.java:166)
	at bsh.Reflect.invokeObjectMethod(Reflect.java:99)
	at bsh.Name.invokeMethod(Name.java:858)
	at bsh.BSHMethodInvocation.eval(BSHMethodInvocation.java:75)
	at bsh.BSHPrimaryExpression.eval(BSHPrimaryExpression.java:102)
	at bsh.BSHPrimaryExpression.eval(BSHPrimaryExpression.java:47)
	at bsh.BSHBinaryExpression.eval(BSHBinaryExpression.java:123)
	at bsh.BSHArguments.getArguments(BSHArguments.java:65)
	at bsh.BSHMethodInvocation.eval(BSHMethodInvocation.java:69)
	at bsh.BSHPrimaryExpression.eval(BSHPrimaryExpression.java:102)
	at bsh.BSHPrimaryExpression.eval(BSHPrimaryExpression.java:47)
	at bsh.BSHBlock.evalBlock(BSHBlock.java:130)
	at bsh.BSHBlock.eval(BSHBlock.java:80)
	at bsh.BSHBlock.eval(BSHBlock.java:46)
	at bsh.BSHTryStatement.eval(BSHTryStatement.java:88)
	at bsh.BSHBlock.evalBlock(BSHBlock.java:130)
	at bsh.BSHBlock.eval(BSHBlock.java:80)
	at bsh.BSHBlock.eval(BSHBlock.java:46)
	at bsh.BSHEnhancedForStatement.eval(BSHEnhancedForStatement.java:80)
	at bsh.Interpreter.eval(Interpreter.java:664)
	at bsh.Interpreter.eval(Interpreter.java:758)
	at bsh.Interpreter.eval(Interpreter.java:747)
	at bsh.util.BeanShellBSFEngine.eval(BeanShellBSFEngine.java:186)
	at org.apache.bsf.BSFManager$5.run(BSFManager.java:445)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at org.apache.bsf.BSFManager.eval(BSFManager.java:442)
	at sailpoint.server.BSFRuleRunner.eval(BSFRuleRunner.java:245)
	at sailpoint.server.BSFRuleRunner.runRule(BSFRuleRunner.java:216)
	at sailpoint.server.InternalContext.runRule(InternalContext.java:1262)
	at sailpoint.server.InternalContext.runRule(InternalContext.java:1234)
	at sailpoint.rest.DebugResource.updateObject(DebugResource.java:466)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167)
	at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:219)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:469)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:391)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:80)
	at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:253)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
	at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
	at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:232)
	at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680)
	at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:392)
	at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346)
	at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:365)
	at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:318)
	at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at sailpoint.rest.RestCsrfValidationFilter.doFilter(RestCsrfValidationFilter.java:71)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at sailpoint.rest.AuthenticationFilter.doFilter(AuthenticationFilter.java:100)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at sailpoint.web.SailPointContextRequestFilter.doFilter(SailPointContextRequestFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at sailpoint.web.SailPointPollingRequestFilter.doFilter(SailPointPollingRequestFilter.java:142)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at sailpoint.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:63)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:834)

Hi @ayadav_12,

Make sure to pass the Active Directory application attribute values in dataMap. This can be reason for this issue because I was also receiving something similar when I tried different application (Azure AD).

    Application app = context.getObjectByName(Application.class, "Active Directory");
    data.put("Application", app.getAttributes());

Additionally, what I can suggest is setting ConnectorServices.

    RPCService service = new RPCService ("192.168.56.101", 5051, false, false);
    service.setConnectorServices(new DefaultConnectorServices());
    RpcRequest request = new RpcRequest("ScriptExecutor", "runAfterScript", data);

Hi @Jarin_James,

Thank you for the reply. since starting we are updating users in distribution list in the azure AD itself. also, we have 4 AD applications but we are connecting through iqservice from one of our IAM servers. It was working fine till 25th july 2023. but somehow it automatically stopped. we are using version 8.2p1. can you please help on this to fix it or what could be exact issue through which the powershell rule is not working. I will be awaiting for your response.

Thanks
Amit

Hi @ayadav_12 ,

A non-zero exit code is the standard outcome for any kind of error that can come out of powershell scripts run by IQService. Can you share IQ Service logs so that someone from the community can look into the issue.

Hi @Jarin_James

please refer to the IQservice logs as you have mentioned before.
Unhandled Exception: System.TypeInitializationException: The type initializer for ‘IQService.ServiceMain’ threw an exception. —> System.TypeInitializationException: The type initializer for ‘sailpoint.Utils.tools.LogFactory’ threw an exception. —> System.Security.SecurityException: Requested registry access is not allowed.
at System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)
at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
at sailpoint.Utils.objects.Configuration.readConfiguration()
at sailpoint.Utils.objects.Configuration.get_Instance()
at sailpoint.Utils.tools.LogFactory…cctor()
— End of inner exception stack trace —
at sailpoint.Utils.tools.LogFactory.get_Instance()
at sailpoint.Utils.tools.LogFactory.getLog(String className)
at IQService.ServiceMain…cctor()
— End of inner exception stack trace —
at IQService.ServiceMain.ServiceEntry(ServiceEntryPoints service, String args)
at IQService.IQServiceMain.Main(String args)

Looks like the account that you are running the IQService Windows Service as does not have permissions to the IQService registry keys.

See the following: Required Permissions

Section: Steps to assign full permissions to the user that is required to manage the IQService instance

Hi Patrick,

Kindly please check the script and let me know if there’s any issue. or if it’s related with RPC request. please let me know how to remediate the issue.

<?xml version='1.0' encoding='UTF-8'?> Email address to call powershell script Response of the Powershell script.

Add-type -path “E:\IQService\Utils.dll”

$sReader = New-Object System.IO.StringReader([System.String]$env:Request); 

$xmlReader = System.xml.XmlTextReader;
$requestObject = New-Object Sailpoint.Utils.objects.AccountRequest($xmlReader);
$resultObject = New-Object Sailpoint.Utils.objects.ServiceResult;

$allDLs =
$delDLs = @() ;

$email = $requestObject.getStringAttribute(“email”);
$dl = $requestObject.getStringAttribute(“dl”);

$office365AdminUsername = $requestObject.getStringAttribute(“userO365”);
$o365Password = $requestObject.getStringAttribute(“passO365”);

$secpasswd = ConvertTo-SecureString $o365Password -AsPlainText -Force

$cred = New-Object System.Management.Automation.PSCredential ($office365AdminUsername, $secpasswd);

$testconnection = ($session).state
if($testconnection -ne “Opened”)
{
#Connect to Office365
Import-Module msonline
Connect-MsolService -Credential $cred

  #Connect Exchange-Online
 $msoExchangeURL = "https://ps.outlook.com/powershell/";
 $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $msoExchangeURL -Credential $cred -Authentication Basic -AllowRedirection;
 Import-PSSession $session

}

$arr = $dl -split ‘,’

foreach($item in $arr){


Add-DistributionGroupMember -Identity $item -Member $email -ErrorAction silentlycontinue

  $logfile = "E:\IQService\logsdl\log.txt"
  $fileDate = (Get-Date).tostring("MM-dd-yyyy")
  Add-Content $logfile "$email $item $fileDate"

}

$delDLs = $allDLs | Where {$arr -NotContains $_}

foreach($item in $delDLs){

Remove-DistributionGroupMember -Identity $item -Member $email -confirm:$false -ErrorAction silentlycontinue

}

$logfile = “E:\IQService\logsdl\removelog.txt”
$fileDate = (Get-Date).tostring(“MM-dd-yyyy”)
Add-Content $logfile “$email $delDLs $fileDate”

Hi Amit,

Reading this thread I see multiple errors and multiple solutions provided for the same. Also the errors are not directly related to the provided PowerShell.

Keep in mind you are not catching any errors for the New-PSSession, Add-DistributionGroupMemberand Remove-DistributionGroupMember commands. This make troubleshooting a bit more difficult.

Can you state what the latest issue/error is you are facing at the moment?

And an additional question, do you see anything in the E:\IQService\logsdl\removelog.txt file? (as this is the last command from your powershell)

– Remold

Hi @Remold ,

the script is working but receiving these error and i am unable to stacktrace. Can you please let me know what exactly is this issue.

Do you see anything in the sailpoint.log (the log4j2 log file of Identityiq), the IQService.log or in the output file E:\IQService\logsdl\removelog.txt ?

The error from the syslog does not provide enough data to see what the error is.

– Remold

Hi @Remold,

Thanks for your quickly reply. I don’t see any sailpoint logs also with limited permissions to iqservice unable to check that as well. Any other ways you can help me with. in removelog.txt file the distribution list data is updated which we are trying to push through our distribution list rule
Also i have attached the powershell error for your reference. please check

I found a similar issue on the Microsoft forum:

It looks like the Execution Policy was not set correctly, please run Set-ExecutionPolicy RemoteSigned before your test.

Also check if Basic client authentication is still enabled using: winrm get winrm/config/client/auth

– Remold

Hi @Remold ,

the execution policy is already ser as remotesigned. is it due the certification issue. As we are trying to connect to outlook from untrusted source. can you please check.

The RDP connection (and the certificate warning) is completely not relevant for the PowerShell commands.

Please take a look a the accepted answer on the MicroSoft forum post:

– Remold

So, you are using RPC which is nothing but executing set of Powershell commands. you need to check below items.

1. PowerShell Script
Just execute your PowerShell script by passing sample data and see if it is working as expected or not. If it is working fine then RPC task will be just triggering the PS script.

2. RPC service
If your PS script is working fine as expected (if everything is fine with scripting, service account, permissions) then see if RPC is passing all the data or not from SailPoint to IQ service server. Add some logs in your PS script and print the data.

Just breakdown your implementation to see where the problem is.

Hi @Remold

i tried the command and still facing the issue. please help

Can you state what you have done before you ran the command again?

– Remold