JDBC Provisioning rule to read the nativeIdentity that gets generated in the Database

schouhan · November 4, 2021, 6:14pm

Hi All,

I am working on the JDBC provisioning rule. I have an attribute called “UID” which is set as Account ID and Account Name and it gets generated when a new account is created in the database. I am able to create the account successfully but when I look into the accounts it is showing ??? on the account Link in IDN.(I can see the ??? getting replaced with the UID when I aggregated the source) I have configured the single account aggregation query as well (Select * from table where UID = ‘$(identity)’). I think it showing ??? in the link because UID is getting generated at the time of account creation in DB and it is not able to aggregate that account.

Is there a way to read that generated value for UID and aggregate that account so that it won’t show ??? on the link in IDN?

Here is my JDBC provisioning rule

public String getAttributeRequestValue(AccountRequest acctReq, String attribute) {

if ( acctReq != null ) {
AttributeRequest attrReq = acctReq.getAttributeRequest(attribute);
if ( attrReq != null ) {
return attrReq.getValue();
}
}
return null;
}

ProvisioningResult result = new ProvisioningResult();
PreparedStatement statement;

if ( plan != null ) {

List accounts = plan.getAccountRequests();
if ( ( accounts != null ) && ( accounts.size() > 0 ) ) {
for ( AccountRequest account : accounts ) {
try {
if ( AccountRequest.Operation.Create.equals( account.getOperation() ) ) {

statement = connection.prepareStatement( "insert into table (prefferedFirstName,lastName,accessCode,active,email) values (?,?,?,?,?)" );
statement.setString ( 1, getAttributeRequestValue(account,"prefferedFirstName") );
statement.setString ( 2, getAttributeRequestValue(account,"lastName") );
statement.setString ( 3, getAttributeRequestValue(account,"accessCode") );
statement.setString ( 4, getAttributeRequestValue(account,"active") );
statement.setString ( 5, getAttributeRequestValue(account,"email") );
statement.executeUpdate();

result.setStatus( ProvisioningResult.STATUS_COMMITTED );

} else if ( AccountRequest.Operation.Modify.equals( account.getOperation() ) ) {

// Modify Operation
}
}
catch( SQLException e ) {
result.setStatus( ProvisioningResult.STATUS_FAILED );
result.addError( e );
}
finally {
if(statement != null) {
log.error("------");
}
}
}
}
}

return result;

Thanks,
Subash

AnamicaShroti · February 17, 2022, 1:27pm

Hi @schouhan

Seems you are generating UID on DB instead of passing it from IDN. Since it is generated on DB side, IDN is unable to get it without aggregation.
If you can pass the UID from IDN to DB then it won’t show ???

Regards,
Anamica

ruben_elizondo · September 15, 2022, 3:30pm

Hello @schouhan, I realize this is an older thread but I recently learned a way to write back as part of the JDBC provisioning rule by passing in a resource object to the result.

Here is an example below where I’ve created a hashmap of the account attributes that where just provisioned to the source. These should match or at least be a subset of the account source schema in IDN. Assume the account ID “USER_ID” was created by the end system and returned as part of the account creation or queried in a call after account creation but still in the JDBC provisioning rule.

Creation of the resource object will take 3 parameters: accountID, accountDisplayName, Map of attributes.

This makes the provisioning much cleaner and will eliminate the “???” account id behavior.

Here is an example.

import sailpoint.object.ResourceObject;

// Holds all the account attributes;
Map attributesMap = new HashMap(); 

// Add account attributes
attributesMap.put("USER_ID", newID);
attributesMap.put("USER_NAME", usrNm);
attributesMap.put("EMAIL", email);
attributesMap.put("START_DATE", createDate);
                            
ResourceObject ro = new ResourceObject( 
                newID,   // accountID just created
                usrNm,   // accountDisplayName
                Connector.TYPE_ACCOUNT,   //Object Type
                attributesMap );

result.setObject( ro );
result.setStatus(ProvisioningResult.STATUS_COMMITTED);

Hope this proves helpful!

-Ruben

Michael_Tai · May 27, 2023, 11:29pm

Java Docs | SailPoint Developer Community

I coud not find this in above doc and even in this package " sailpoint.object"

Is there any document on this class? import sailpoint.object.ResourceObject;

system · July 26, 2023, 11:29pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
JDBC Provisioning - JDBC Account not reflected or linked to Identity ISC Discussion and Questions rules , identity-security-cloud , provisioning , jdbc-connector	6	378	February 2, 2024
Update NativeIdentity within AccountRequest of ProvisioningPlan ISC Discussion and Questions	5	2356	July 19, 2023
Retrieve account attributes in JDBC Provision Rule IIQ Discussion and Questions identity-security-cloud , identityiq , provisioning	13	266	August 20, 2024
Provisioning plan attributes ISC Discussion and Questions rules , provisioning	8	3704	July 19, 2023
How to access account attributes data in JDBC connnector rule? ISC Discussion and Questions rules , identity-security-cloud , provisioning	7	583	February 11, 2024

JDBC Provisioning rule to read the nativeIdentity that gets generated in the Database

Related topics