NullPointer exception after adding identity to a role

Hello everyone,

I am working on an issue that I’ve simply run out of ideas for troubleshooting.

I setup a webservices connector that is aggregating accounts and entitlements via a couple different REST API endpoints. I have configured the entitlement and account schema and got the aggregations setup so that accounts are being correctly correlated with identities and the entitlements are being correctly correlated with the entitlements that I aggregated.

I setup a role & access profile to test provisioning with after building the add account and add entitlement operations on the connector, however when I add an identity to the role, the identity is flagged as having an error that simply says “java.lang.RuntimeException: sailpoint.tools.GeneralException: java.lang.NullPointerException”.

The entitlements on the account aggregation are an array of objects on each account that just have an id and a name property.

The account schema has an attribute for the roles coming in from the aggregation which is set as an entitlement, with the type group, and is configured as multi-value due to the ability of an account to have multiple roles in the connected system.

The group schema is setup with the generic attributes on the roles from the connected system, including an entitlement ID and name.

The identity error clears if I remove the access profile from the role so I believe the issue has to be either the access profile or the entitlement. Considering there’s not really many ways to screw up an access profile, I can only conclude that the issue is with the entitlement but I’m completely at a loss as to why.

I also cannot find any trace of the tracking ID from the error in either the search logs or the ccg logs on my virtual appliances. I’ve rebuilt the entire connector from scratch twice just to see if I could figure out what I’ve done wrong, to no avail.

If you have any ideas that I could try, I would greatly appreciate your input.

Thanks for reading and for your time.
-Zach

Welcome to the developer community Zach,

The Web Service Connector is challenging to develop, to say the least. As you have pointed out, the logging isn’t very robust, and it can be extremely difficult to track down issues like this. Without seeing how you configured your connector and having access to your tenant logs, this is going to be hard for anyone in the community to figure out.

If the purpose of this web service connector is to connect to a SaaS service, then I highly recommend utilizing our new SaaS Connectivity Framework. This allows you to develop a connector in TypeScript, which is more flexible and has far better debugging options than what you will get with the Web Service connector.

If you must continue to use the Web Service connector, then I think your best path forward is to engage with Professional Services. They will be able to quickly get to the bottom of this.

I’m having the exact same error when adding an Role or Access profile from an Active Directory Source, we have other Active Directories source connected that works great, but only with this specific AD connection we are having trouble.

Our CCG does not log anything, só it seems that IDN is not even sending something to VA/IQService or AD.

Just in case anyone comes across this while searching. I think I finally figured out why I kept getting this.

I didn’t associate it at the time, however I had tried to use an embedded transform in the account profile of my connector and I was using an account attribute reference rather than an identity attribute. I had ran into this error with another connector, and as soon as I changed the account attribute to an identity attribute and refreshed the identity I was testing with, the error went away.