Manager correlation rule in ISC

Hi Experts,

I’m writing a manager correlation rule where an account attribute is multivalued. I’m fetching the first value and need to check whether the associated identity LCS is active, if yes, map to the identity else look for its manager’s LCS and assign to its manager.

Need to perform the lookup until identity with active LCS is found. Can someone help me with this usecase

Account attribute : spn_owners [multivalued]
example :

"spn_owners": [
            "Priya K:e79c3f56-feba-4a45-b5d8-0f3c8f6a0040",
            "Praveenkumar H:1c5af482-fe4d-4bdb-a3e9-6b04c0751102"
        ]

Identity attribute : objectID
example : e79c3f56-feba-4a45-b5d8-0f3c8f6a0040

here is the basic rule which i have written.

String spnType = link.getAttribute("spn_servicePrincipalType");
  String spnOwners = link.getAttribute("spn_owners");

  String finalValue = "";
  
  Map returnMap = new HashMap();

  if(spnType != null && spnType == "Application){
  if((spnOwners != null) && (spnOwners.size() > 0)){
  if(spnOwners.contains(":")){
    finalValue= spnOwners.substring(spnOwners.lastIndexOf(":"),spnOwners.length());
  }

  }
  }

  finalValue=finalValue.trim();
  
  returnMap.put( "identityAttributeName", "trFedrampObjectid");
  returnMap.put( "identityAttributeValue", finalValue );
  
  return returnMap;

Just a modified version of your snippet with assumption that you are using cloud rule and username is being kept in your multi valued attribute and lifecycle state is as I named it. Similarly you may change it depending upon your use case.

if(spnType != null && spnType == “Application){
	if((spnOwners != null) && (spnOwners.size() > 0)){
		if(spnOwners.contains(":")){
		finalValue= spnOwners.substring(spnOwners.lastIndexOf(":"),spnOwners.length());
		
		do
		{
			List identityList=idn.findIdentitiesBySearchableIdentityAttribute("username","Equals",finalValue,"username");
identity=identityList.get(0);
			if(identity.getAttribute("cloudLifeCycleState")!=null && identity.getAttribute("cloudLifeCycleState").equals("active"))
			{
				finalValue=identity.getAttribute("username");
				break;
			}
		}while(identity!=null && identity.getAttribute("cloudLifeCycleState")!=null && identity.getAttribute("cloudLifeCycleState")!="active");
		if(identity!=null)
		{
			
		}
		}

	}
}

@ashutosh08

Thankyou for your reply!

This helps me… In this above snippet, I think we have not covered the logic to find the manager’s lifecycle state when the Identity is “not active”

@ashutosh08

to check for manager’s life cycle state, I have add the below condition in the while loop.

do
	{
		List identityList=idn.findIdentitiesBySearchableIdentityAttribute("trFedrampObjectid","Equals",finalValue,"trFedrampObjectid");

	identity=identityList.get(0);
	if(identity.getAttribute(“cloudLifeCycleState”)!=null && identity.getAttribute(“cloudLifeCycleState”).equals(“active”))
	{
	finalValue=identity.getAttribute(“trFedrampObjectid”);
	break;
	}
	}while(identity.getManager() !=null && identity..getManager().getAttribute(“cloudLifeCycleState”)!=null && identity..getManager().getAttribute(“cloudLifeCycleState”)!=“active”);

Thanks for pointing out.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.