JDBC Source "Identity attribute [XXXX] not found"

SindhuVMurthy · August 7, 2024, 8:49am

Hi Team,

I have an attributes which should be considered as entitlements in JDBC Source and i have configured it as below

Account Schema

image1670×680 33.5 KB
Entitlement Type

image1881×344 18.7 KB

However we are getting an error while running entitlement aggregation as below.

The attributes which we are using is solely an account attributes and not identity attribute. We do not want to store it as identity attribute too.
I have checked few discussions for same and understood it is because the attributes are having null values. Is it the same issue here? Can you please guide me here if i am missing something.

Thanks,
Sindhu V Murthy

filip_johansson · August 7, 2024, 9:45am

Hello @SindhuVMurthy

Is this only happening during Entitlement Aggregation or Account Aggregation as well?

Have you configured the group query settings properly?

It would cause a similiar error if RESOURCE_ID has null values. It should not have null values, so in that case you may have to filter them out using the SQL query. But practically, this would be a group that doesn’t exist - i.e. invalid.

Regarding the wording “Identity Attribute”, see this as “Entitlement Attribute”. I believe this is the entitlement group “identity’s” attribute.

SindhuVMurthy · August 7, 2024, 9:51am

Hi @filip_johansson ,

Thanks for responding to me.
I see this error only in entitlement aggregation.
Please find the group query below, i have also tried the query as to get the values where resource id is not null.

SELECT CAST(NULL AS CHARACTER) as ACTION_ID, RTRIM(CHAR(MNKEY)) AS RESOURCE_ID, RTRIM(MNAPPL)||‘-’||RTRIM(MNFMT)||‘-’||RTRIM(MNOPTN) AS INTERNAL_KEY, ‘MENU OPTION’ AS ENTITLEMENT_TYPE, RTRIM(MNAPPL) AS ENTITY_TYPE
FROM table WHERE MNKEY IS NOT NULL
UNION
SELECT DISTINCT CASE WHEN FSPMFG = ‘N’ AND FSAUFG = ‘Y’ THEN ‘AUTHORITY’
WHEN FSPMFG = ‘Y’ AND FSAUFG = ‘N’ THEN ‘PRIMARY’
ELSE ‘ERROR’
END AS ACTION_ID,
FSSVCD AS RESOURCE_ID,
CAST(NULL AS CHARACTER) AS INTERNAL_KEY,
‘OFFICE CODE’ AS ENTITLEMENT_TYPE,
CAST(NULL AS CHARACTER) AS ENTITY_TYPE
FROM table WHERE FSSVCD IS NOT NULL
UNION
SELECT DISTINCT RTRIM(SAPGSC) AS ACTION_ID, RTRIM(SAPGCD) AS RESOURCE_ID, CAST(NULL AS CHARACTER) AS INTERNAL_KEY, ‘PRODUCT CODE’ AS ENTITLEMENT_TYPE, CAST(NULL AS CHARACTER) AS ENTITY_TYPE
FROM table WHERE SAPGCD IS NOT NULL;

But then again i get the below error

filip_johansson · August 7, 2024, 9:59am

If you run this query to the database, do you get expected results?
Can you provide a sample of the query results?

SindhuVMurthy · August 7, 2024, 10:01am

They do not have a tool like SQL to run this query. Their DB looks like below

But i will check with them once and get back.

ashutosh08 · August 7, 2024, 10:13am

Hi @SindhuVMurthy,

Are you able to get the rows details with the query that you have shared?

Thanks

filip_johansson · August 7, 2024, 10:52am

If it uses JDBC you should be able to access it the same way the Sailpoint VA accesses it, right?

Either through a database management tool like DBeaver or similiar, or through a script. Here is a sample one in Python (SSH-tunneling through the VA since I can’t access the DB, however the VA can).

import os
import jaydebeapi
from sshtunnel import SSHTunnelForwarder


ssh_host = '{VA_IP}'
ssh_port = {VA_SSH_PORT}
ssh_username = 'sailpoint'
ssh_password = '{VA_PASSWORD}'

remote_bind_address = '{DATABASE_IP}'
remote_bind_port = {DATABASE_PORT}

jdk_path = '{PATH TO JDK}' #Ignore if JAVA_HOME is populated
jdbc_url_template = "jdbc:mysql://localhost:{}/{DATABASE_NAME}"
driver_class = "{JDBC_DRIVER_CLASS}"
driver_path = "{PATH_TO_JDBC_DRIVER}"
db_username = '{DATABASE_USERNAME}'
db_password = '{DATABASE_PASSWORD}'

# The SQL query to execute
query = """SELECT CAST(NULL AS CHARACTER) as ACTION_ID, RTRIM(CHAR(MNKEY)) AS RESOURCE_ID, RTRIM(MNAPPL)||‘-’||RTRIM(MNFMT)||‘-’||RTRIM(MNOPTN) AS INTERNAL_KEY, ‘MENU OPTION’ AS ENTITLEMENT_TYPE, RTRIM(MNAPPL) AS ENTITY_TYPE
FROM table WHERE MNKEY IS NOT NULL
UNION
SELECT DISTINCT CASE WHEN FSPMFG = ‘N’ AND FSAUFG = ‘Y’ THEN ‘AUTHORITY’
WHEN FSPMFG = ‘Y’ AND FSAUFG = ‘N’ THEN ‘PRIMARY’
ELSE ‘ERROR’
END AS ACTION_ID,
FSSVCD AS RESOURCE_ID,
CAST(NULL AS CHARACTER) AS INTERNAL_KEY,
‘OFFICE CODE’ AS ENTITLEMENT_TYPE,
CAST(NULL AS CHARACTER) AS ENTITY_TYPE
FROM table WHERE FSSVCD IS NOT NULL
UNION
SELECT DISTINCT RTRIM(SAPGSC) AS ACTION_ID, RTRIM(SAPGCD) AS RESOURCE_ID, CAST(NULL AS CHARACTER) AS INTERNAL_KEY, ‘PRODUCT CODE’ AS ENTITLEMENT_TYPE, CAST(NULL AS CHARACTER) AS ENTITY_TYPE
FROM table WHERE SAPGCD IS NOT NULL;"""

def execute_query_through_ssh(ssh_host, ssh_port, ssh_username, ssh_password, remote_bind_address, remote_bind_port,
                              jdbc_url_template, driver_class, driver_path, db_username, db_password, query):
    with SSHTunnelForwarder(
        (ssh_host, ssh_port),
        ssh_username=ssh_username,
        ssh_password=ssh_password,
        remote_bind_address=(remote_bind_address, remote_bind_port),
        local_bind_address=('localhost', 0)  
    ) as tunnel:

        local_port = tunnel.local_bind_port
        jdbc_url = jdbc_url_template.format(local_port)

# Ignore if JAVA_HOME is already setup properly.
        os.environ['JAVA_HOME'] = jdk_path 
        os.environ['PATH'] = os.environ['JAVA_HOME'] + '\\bin;' + os.environ['PATH']


        conn = jaydebeapi.connect(driver_class, jdbc_url, [db_username, db_password], driver_path)
        curs = conn.cursor()
        
        try:

            curs.execute(query)
            results = curs.fetchall()
            column_names = [desc[0] for desc in curs.description]
            
            return column_names, results
        finally:

            curs.close()
            conn.close()


column_names, results = execute_query_through_ssh(ssh_host, ssh_port, ssh_username, ssh_password,
                                                  remote_bind_address, remote_bind_port, jdbc_url_template,
                                                  driver_class, driver_path, db_username, db_password, query)


print("Columns:", column_names)
for row in results:
    print(row)

SindhuVMurthy · August 7, 2024, 10:54am

Yes, I am able to get the rows, but we see there is one invalid record, have asked them to delete that and will try again.

SindhuVMurthy · August 8, 2024, 5:59am

Hi @filip_johansson,

Thanks much for helping here and clarifying some queries. There was one record which was creating a issue. Aggregation worked once we removed it.

Thanks.

system · October 7, 2024, 5:59am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
JDBC Source getting "Identity attribute [XXXX] was not found" at aggregation ISC Discussion and Questions aggregation , identity-security-cloud	4	73034	March 10, 2024
Issue with Entitlements not showing up in entitlement catalog ISC Discussion and Questions identity-security-cloud , entitlements	4	98	December 15, 2024
JDBC Entitlements not showing in the Entitlement Catalog ISC Discussion and Questions identity-security-cloud , entitlements	16	134	December 23, 2024
Retrieve account attributes in JDBC Provision Rule IIQ Discussion and Questions identity-security-cloud , identityiq , provisioning	13	325	August 20, 2024
Account Aggregation Issue ISC Discussion and Questions aggregation , identity-security-cloud	13	51	December 29, 2024

JDBC Source "Identity attribute [XXXX] not found"

Related topics