Overview

This connector is used to aggregate NERM user accounts and roles. It is not a connection to NERM as an authoritative source.

Requirements

Configuring

When configuring a new source using this connector, the following parameters must be provided:

• NERM Base URL - This is the base URL of the NERM API (i.e. https://<customer>.seczetta.com/api)
• Authentication Token - The API Key that was generated in NERM
  https://documentation.sailpoint.com/ne-admin/help/setup/api.html
• (optional) Number of records to fetch at a time - If not specified, a default limit of 100 is used. Some APIs allow for a maximum of 500 but this value should not exceed 100.
  https://developer.sailpoint.com/nerm/api/pagination-metadata-filtering

Additional Steps

• In the account schema, the attribute type of the “roles” attribute must be changed to role. This is because the connector specification only allows for primitive types by default. Only after this correction is made can you perform an entitlement aggregation and subsequent account aggregation.

Notes

• The manager_id attribute is the ID of the user’s manager’s account in NERM
• The API allows for multiple user-manager relationships but this connector only supports one
• The login attribute is unique across all accounts in NERM and should not be included in attribute sync

Guide

Supported Operations

• Test Connection
• Account Create
• Account Enable
• Account Disable
• Account List
• Account Read
• Account Update
• Entitlement List

Hi

I am trying to use this connector, I have followed the steps you describe but when adding accounts or testing the connection I get the following error:

java.lang.RuntimeException - java.lang.IllegalStateException: [ConnectorError] error receiving response from connector: stream client connection is broken (connector process may have crashed) (requestId: bb67cbf3efa94f6d9217402681cf207c) - java.lang.RuntimeException: java.lang.IllegalStateException: [ConnectorError] error receiving response from connector: stream client connection is broken (connector process may have crashed) (requestId: bb67cbf3efa94f6d9217402681cf207c) at com.sailpoint.mantis.qpoc.message.AccountAggregation.iterateResourceObjects_aroundBody6(AccountAggregation.java:645) at com.sailpoint.mantis.qpoc.message.AccountAggregation$AjcClosure7.run(AccountAggregation.java:1) at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:179) at com.sailpoint.tracing.otel.TracedAspect.lambda$traceExecution$0(TracedAspect.java:38) at com.sailpoint.tracing.otel.GlobalTracer.trace(GlobalTracer.java:170) at com.sailpoint.tracing.otel.GlobalTracer.trace(GlobalTracer.java:143) at com.sailpoint.tracing.otel.TracedAspect.traceExecution(TracedAspect.java:40) at com.sailpoint.mantis.qpoc.message.AccountAggregation.iterateResourceObjects(AccountAggregation.java:578) at com.sailpoint.mantis.qpoc.message.AccountAggregation.handleMessage_aroundBody0(AccountAggregation.java:358) at com.sailpoint.mantis.qpoc.message.AccountAggregation$AjcClosure1.run(AccountAggregation.java:1) at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:179) at com.sailpoint.atlas.metrics.MessageMetricsAspect.meterMessageTimeAndExceptions(MessageMetricsAspect.java:65) at com.sailpoint.mantis.qpoc.message.AccountAggregation.handleMessage(AccountAggregation.java:339) at com.sailpoint.atlas.messaging.server.TypeMessageHandler.handleMessage(TypeMessageHandler.java:87) at com.sailpoint.mantis.qpoc.utility.QpocMessageHandler.handleMessage_aroundBody0(QpocMessageHandler.java:60) at com.sailpoint.mantis.qpoc.utility.QpocMessageHandler$AjcClosure1.run(QpocMessageHandler.java:1) at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:179) at com.sailpoint.atlas.metrics.MessageMetricsAspect.meterMessageTimeAndExceptions(MessageMetricsAspect.java:65) at com.sailpoint.mantis.qpoc.utility.QpocMessageHandler.handleMessage(QpocMessageHandler.java:52) at com.sailpoint.mantis.platform.message.ObjectConfigMessageHandler.handleMessage(ObjectConfigMessageHandler.java:33) at com.sailpoint.atlas.tracing.plugin.otel.TraceMessageHandler.lambda$handleMessage$0(TraceMessageHandler.java:60) at com.sailpoint.atlas.tracing.otel.Trace.trace(Trace.java:54) at com.sailpoint.atlas.tracing.plugin.otel.TraceMessageHandler.handleMessage(TraceMessageHandler.java:55) at com.sailpoint.atlas.message.DynamicMessageHandler$ChainedMessageHandlerAdapter.handleMessage(DynamicMessageHandler.java:44) at com.sailpoint.atlas.tracing.plugin.TracingMessageHandler.handleMessage(TracingMessageHandler.java:88) at com.sailpoint.atlas.message.DynamicMessageHandler$ChainedMessageHandlerAdapter.handleMessage(DynamicMessageHandler.java:44) at com.sailpoint.atlas.usage.plugin.UsageMessageHandler.handleMessage(UsageMessageHandler.java:36) at com.sailpoint.atlas.message.DynamicMessageHandler$ChainedMessageHandlerAdapter.handleMessage(DynamicMessageHandler.java:44) at com.sailpoint.atlas.message.DynamicMessageHandler.handleMessage(DynamicMessageHandler.java:34) at com.sailpoint.mantis.platform.message.SailPointContextMessageHandler.handleMessage(SailPointContextMessageHandler.java:55) at com.sailpoint.atlas.message.FailureNotificationHandler.handleMessage(FailureNotificationHandler.java:55) at com.sailpoint.atlas.message.RequestContextMessageHandler.handleMessage(RequestContextMessageHandler.java:72) at com.sailpoint.mantis.platform.message.ExceptionMessageHandler.handleMessage(ExceptionMessageHandler.java:49) at com.sailpoint.atlas.messaging.server.MessageProcessor.handleJobMessage(MessageProcessor.java:249) at com.sailpoint.atlas.messaging.server.MessageProcessor.handleMessage(MessageProcessor.java:136) at com.sailpoint.atlas.messaging.server.MessageProcessor.lambda$null$0(MessageProcessor.java:106) at com.sailpoint.atlas.messaging.server.MessageProcessor.withOrgLogging(MessageProcessor.java:173) at com.sailpoint.atlas.messaging.server.MessageProcessor.withReportingAndOrgLogging(MessageProcessor.java:163) at com.sailpoint.atlas.messaging.server.MessageProcessor.lambda$asyncHandleMessage$1(MessageProcessor.java:106) at com.sailpoint.atlas.messaging.server.impl.SourceRunnableImpl.run(SourceRunnableImpl.java:77) at com.sailpoint.atlas.messaging.server.impl.BufferedSourceQueue$IncrementingSourceRunnable.run(BufferedSourceQueue.java:181) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:829) Caused by: java.lang.IllegalStateException: [ConnectorError] error receiving response from connector: stream client connection is broken (connector process may have crashed) (requestId: bb67cbf3efa94f6d9217402681cf207c) at com.sailpoint.connector.cloud.spconnect.SpConnectProxy$1.nextResponse_aroundBody0(SpConnectProxy.java:336) at com.sailpoint.connector.cloud.spconnect.SpConnectProxy$1$AjcClosure1.run(SpConnectProxy.java:1) at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:179) at com.sailpoint.tracing.otel.TracedAspect.lambda$traceExecution$0(TracedAspect.java:38) at com.sailpoint.tracing.otel.GlobalTracer.trace(GlobalTracer.java:170) at com.sailpoint.tracing.otel.GlobalTracer.trace(GlobalTracer.java:143) at com.sailpoint.tracing.otel.TracedAspect.traceExecution(TracedAspect.java:40) at com.sailpoint.connector.cloud.spconnect.SpConnectProxy$1.nextResponse(SpConnectProxy.java:320) at sailpoint.connector.cloud.CloudConnector$CloudBridgeIterator.buildDataBlockIterator(CloudConnector.java:1166) at sailpoint.connector.cloud.CloudConnector$CloudBridgeIterator.checkForMoreData(CloudConnector.java:1154) at sailpoint.connector.cloud.CloudConnector$CloudBridgeIterator.hasNext(CloudConnector.java:1080) at sailpoint.connector.ConnectorProxy$CustomizingIterator.peek(ConnectorProxy.java:738) at sailpoint.connector.ConnectorProxy$CustomizingIterator.hasNext(ConnectorProxy.java:765) at com.sailpoint.mantis.qpoc.message.AccountAggregation.iterateResourceObjects_aroundBody6(AccountAggregation.java:613) … 45 more

I have checked the logs and see the following messages:

[2024-04-26T14:00:04.969-06:00] INFO | invokeCommand ︎ Command execution started : std:account:list, for connector version 1.
[2024-04-26T14:00:05.643-06:00] INFO | connectorMessage ︎ node:internal/modules/cjs/loader:1080
[2024-04-26T14:00:05.643-06:00] INFO | connectorMessage ︎ throw err;
[2024-04-26T14:00:05.643-06:00] INFO | connectorMessage ︎ ^
[2024-04-26T14:00:05.643-06:00] INFO | connectorMessage ︎
[2024-04-26T14:00:05.643-06:00] INFO | connectorMessage ︎ Error: Cannot find module ‘/app/connector’
[2024-04-26T14:00:05.643-06:00] INFO | connectorMessage ︎ Require stack:
[2024-04-26T14:00:05.643-06:00] INFO | connectorMessage ︎ - /usr/bin/index.js
[2024-04-26T14:00:05.643-06:00] INFO | connectorMessage ︎ at Module._resolveFilename (node:internal/modules/cjs/loader:1077:15)
[2024-04-26T14:00:05.643-06:00] INFO | connectorMessage ︎ at Module._load (node:internal/modules/cjs/loader:922:27)
[2024-04-26T14:00:05.643-06:00] INFO | connectorMessage ︎ at Module.require (node:internal/modules/cjs/loader:1143:19)
[2024-04-26T14:00:05.643-06:00] INFO | connectorMessage ︎ at Hook._require.i.require (/usr/bin/index.js:35:2011540)
[2024-04-26T14:00:05.643-06:00] INFO | connectorMessage ︎ at require (node:internal/modules/cjs/helpers:121:18)
[2024-04-26T14:00:05.643-06:00] INFO | connectorMessage ︎ at 99318 (/usr/bin/index.js:40:165350)
[2024-04-26T14:00:05.643-06:00] INFO | connectorMessage ︎ at nccwpck_require (/usr/bin/index.js:59:331218)
[2024-04-26T14:00:05.643-06:00] INFO | connectorMessage ︎ at 6144 (/usr/bin/index.js:40:157768)
[2024-04-26T14:00:05.644-06:00] INFO | connectorMessage ︎ at nccwpck_require (/usr/bin/index.js:59:331218)
[2024-04-26T14:00:05.644-06:00] INFO | connectorMessage ︎ at /usr/bin/index.js:59:331546 {
[2024-04-26T14:00:05.644-06:00] INFO | connectorMessage ︎ code: ‘MODULE_NOT_FOUND’,
[2024-04-26T14:00:05.644-06:00] INFO | connectorMessage ︎ requireStack: [ ‘/usr/bin/index.js’ ]
[2024-04-26T14:00:05.644-06:00] INFO | connectorMessage ︎ }
[2024-04-26T14:00:05.644-06:00] INFO | connectorMessage ︎
[2024-04-26T14:00:05.644-06:00] INFO | connectorMessage ︎ Node.js v18.17.1
[2024-04-26T14:00:07.682-06:00] INFO | commandOutcome ︎ Command failed with [ConnectorError] error receiving response from connector: stream client connection is broken (connector process may have crashed): std:account:list, for connector version 1.output_count=0 keep_alive_count=0 state_count=0. Elapsed time 2690ms

what could be the error?

thanks for your support,
Greetings!

I am seeing the same error too.

Hi, @sunnyajmera and anyone who will use this connector in the future.

I have resolved the issue.

1. I downloaded the zip from github.
2. Unzipped it and opened the cmd in that path.
3. Execute the command npm i && npm run pack-zip
4. This command gave me the following error:

Error: [tsl] ERROR in C:\Users.…\Downloads\colab-saas-conn-nerm-users-main\src\index.ts(38,24)
TS2345: Argument of type ‘(context: Context, input: undefined, res: Response) => Promise’ is not assignable to parameter of type ‘StdTestConnectionHandler’.
Types of parameters ‘input’ and ‘input’ are incompatible.

5. I opened the file src/index.ts and after a while, I modified the following

import {
  StdTestConnectionInput,
}

and modified the line:
.stdTestConnection(async (context: Context, input: StdTestConnectionInput, res: Response<StdTestConnectionOutput>) =>

6. I created the connector in CLI and execute the command sail conn upload -c <yourid> -f dist/*.zip

That solved the problem.
Now in IDN I could add entitlements (after changing “roles” to type “role”) and then accounts.

I hope it helps.
This fix should be made to the official repository, @douglas_dempsey