Issue with Create Operation in Web Service Application

IdentityIQ (IIQ) IIQ Discussion and Questions
, ,
1

Hi All,

I have been working on application onboarding and encountered an issue while testing the configured operations. The Create operation is failing, even though other functionalities are working as expected.

Onboarded Application Details:

Application Type: Web Service
Authentication Type: Basic Authentication
Test Connection: Successful
Account Aggregation: Successful
Group Aggregation: Successful

Issue with Create Operation:

I have configured the provisioning policy for the Create operation, but it fails with the attached error message Exception occurred while performing ‘Create’ operation on identity ‘ABC123’: null

image
image1243×246 46.2 KB

However, when we manually execute the same JSON payload from the Postman used in the Create operation, the account is successfully created. (Snapshots attached for reference.)

image
image800×478 37.9 KB

Create Operation JSON
image
image800×229 48.9 KB

Provisioning Policy
image
image889×329 13.2 KB

Could you please help me troubleshoot this issue? Let me know if you need any additional details.

Thanks in advance!

2

Hi @Arun-Kumar,

Can you please help me with this the discussion what we have left.

Thanks

3

Hey @GutteStolt,

Could you answer some questions I have before I can help you?

  1. What is the identity attribute/nativeIdentity you have configured for the account schema?
  2. In the create operation body, where you are referencing the said nativeIdentity ?
  3. Could you also provide the logic to create nativeIdentity value that you have configured in the Provisioning Policy?

Thanks!

4

Hi @zeel_sinojia

Thank for your response.

  1. The identity attribute is the identity username as stated in the below snapshot.
    image

  2. The attribute in the create operation is refers is the provision policy as shown below.

image
image776×223 4.42 KB

Thanks

5

Hi @GutteStolt

I’m not sure, but since operation is working in postman, then issue could be with second error
image

Can you maybe disable that policy or fix it to get rid of this error and then try provisioning again?

6

@GutteStolt -

This specific error generally indicates that custom code (most often a Rule, a BeanShell script in a workflow, or a Provisioning Plan transform) is trying to read or set a property called actionPolicy on a ManagedAttribute object—but ManagedAttribute does not have an actionPolicy field. In other words, IdentityIQ does not know about any property named actionPolicy on that object, so it throws:

sailpoint.tools.GeneralException: could not resolve property: actionPolicy of: sailpoint.object.ManagedAttribute

The error message includes BSF info : certification - Exclude low risk entitlement, so it could be in a Certification Rule that attempts to exclude certain entitlements.

Requesting you to check for the customization.

7

Hello @officialamitguptaa

I have gone through the rule configuration the customization rule is just to ignore the account if that are ending with some specific character.

Do you want me send the logic ?

Thanks

8

Hi @GutteStolt ,
As mentioned by @officialamitguptaa, the error always not from the application specific artefacts and may occure due to some other rules which are being used in workflow or refresh etc.
try to figure out “certification - Exclude low risk entitlement” reference.

Thanks.