Has anyone implement customizer for Webservice SaaS connector to update the requestEndPoint for aggregation ? We have use-case where after authentication we get the server URL which needs to be used for account aggregation. With VA based Webservice connector we are able to achieve this using beforeoperation rule. However we are trying to use the WebService SaaS connector since target application is also an SaaS application. Wondering if any one has implemented similar scenario with SaaS Connector customizers. if yes, can you also share the code snippet ?
I think is the same thing , the difference is that the SaaS you need to have Sailpoint as a intermediary?
Not sure.
Hi @ipobeidi
We want to avoid VA based connector and use SaaS based connector because using VA based connector requires us to use our internal API gateway which is becoming single point of failure for account aggregation.
Hi @cgurung
Can you try to implement the below approach:
Apart from Test Connection, configure two HTTP Operations for Account Aggregation as below :
- Account Aggregation 1 - Configure the authentication endpoint here where you get the server URL in the response.
- Account Aggregation 2 - Here, in the “parent endpoint” tab, select “Account Aggregation 1”. And in the context URL, configure it as below:
$response.<server URL attribute path from previous operation's JSON response>$
In a parent child configuration, the connector stores the previous operations response in a variable called$response$and you can use it in the child operations to iterate through the JSON path for the attribute which contains the server URL. For example :$response.serverurl$(or)$response.attributes.serverurl$
Since your endpoints for account aggregation are chained together in a parent-child relationship, whenever a full account aggregation is run, both the above operations will execute in a sequence. Using this approach, you don’t need to have any rules involved and the connector tries to handle this out of the box.
Let me know if this helps?
Thanks,
Arshad.
Hi @Arshad
Thank you for the idea, I have couple queries,
-
After authentication, we received a server url (base url) and not sure how can I add it to context URL to form a proper endpoint. for instance. Base URL is “https://xyz.abc.com”. Authentication Context URL is “/rest/api/login”. After authentication, API return server url as “https://xyz.abc.com/prod10/api/” which should be used for account aggregation with Context URL “data/people?fieldList=id,name&count=100&start=0”, so server url becomes the base url for account aggregation. full account aggregation URL should be https://xyz.abc.com/prod10/api/data/people?fieldList=id,name&count=100&start=0
-
Does pagination works on child account aggregation operations as well ?
@cgurung, From the authentication API response, does the server url always contain /prod10/api/ ?
If yes, you can add the context URL in the Aggregation 2 operation as below:
/prod10/api/$response.serverurl$
Note : Update the response part above like this : $response.<server URL attribute path from previous operation's JSON response>$
And then handle the "data/people?fieldList=id,name&count=100&start=0" part in the pagination configuration. You don’t need to have it in the context URL as the connector will handle it to update it with query params - ‘fieldList’, ‘count’ & ‘start’ as long as you have defined this in the pagination configuration in the pagin tab of that HTTP operation. You’ll find references below:
Hi @Arshad authentication URL does not always return the “/prod10/api/”. This part is dynamic sometimes it return “/prod5/api” or “/prod4/api/” or another url depends upon which server is available to process.
Based on below documentation , paging is supported only for the first operation instance of Account or Entitlement Aggregation. With the approach you suggested pagination is need on second operation instance of account aggregation.
@cgurung If your URL keeps changing, which I was not aware of initially, then the only next route here is to take webservice before operation rule to get the response from the server APIs, use the restClient object to set the context URL dynamically. Also, the pagination needs to be handled within a before operation rule which you can find references for in the connector documentation.
Hi @Arshad , Since We are trying to use the Webservice SaaS connector, before and after rule is not available for SaaS connector. so wanted to find out how to achieve this with saas connector customizer.
VA based connector is an option for us but we have to comply with company policy to use the API gateway which is causing problem due to 3sec API response timeout configuration which they donot want to change it at all.
as far as i know. we are only able to customize provisioning plan attributes in the customizer. it sits before the configuration you mentioned and after sailpoint builds provisioning plan