Hi,
I am looking to extend user schema to include active access reviews, similar to capabilities or entitlements assigned to the user.
As we know, there is no /Certifications endpoint and I am working to implement this endpoint as well. But for now, as a quick win, objective is to get list of certifications using /Users with the following filter
http://localhost:8080/identityiq/scim/v2/Users?filter=urn:ietf:params:scim:schemas:sailpoint:1.0:Use…
To achieve this, I have done the following, please correct me if I am missing anything in this process.
Step1:
Added the following schema extensions into the scimFixedServerSchemas.json
{
"name" : "certifications",
"type" : "complex",
"multiValued" : true,
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"uniqueness" : "none",
"returned" : "request",
"description" : "List of the certifications",
"subAttributes" : [
{
"name" : "id",
"type" : "string",
"multiValued" : false,
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"uniqueness" : "none",
"returned" : "request",
"description" : "Id of the certification"
},
{
"name" : "phase",
"type" : "string",
"multiValued" : false,
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"uniqueness" : "none",
"returned" : "request",
"description" : "Phase of the certification"
},
{
"name" : "expiration",
"type" : "string",
"multiValued" : false,
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"uniqueness" : "none",
"returned" : "request",
"description" : "expiration date in long epochMilli"
},
{
"name" : "statistics.itemPercentComplete",
"type" : "string",
"multiValued" : false,
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"uniqueness" : "none",
"returned" : "request",
"description" : "statistics.itemPercentComplete"
}
]
},
Step 2:
Added the following class that implements AttributePropertyGetter interface like this
public class UserCertificationsGetter implements AttributePropertyGetter {
private static final Log log = LogFactory.getLog(UserCertificationsGetter.class);
private static final String COLUMNS_KEY = "uiCertificationCardColumns";
private static class IdAppenderColumnSelectorCertification extends BaseListResourceColumnSelector {
public IdAppenderColumnSelectorCertification(String columnsKey) {
super(columnsKey);
}
@Override
public List<ColumnConfig> getColumns() throws GeneralException {
List<ColumnConfig> columns = super.getColumns();
columns.add(new ColumnConfig("id", "id"));
return columns;
}
}
@Override
public Object getAttributeValue(Object object, AttributeMapping mapping, ServerContext context) throws SCIMException {
if (object instanceof Identity) {
Identity ma = (Identity) object;
try {
CertificationListService listService = new CertificationListService((UserContext)context.getContext(),
new SimpleListServiceContext(context.getUserContext()), new IdAppenderColumnSelectorCertification(COLUMNS_KEY));
return listService.getCurrentCertifications(true, false);
} catch (GeneralException e) {
throw new IllegalStateException(e);
}
}
log.error(" >>>> RETURNING NULL OBJECT");
return null;
}
}
Step 3:
Under
, similar to roles and entitlements, I have added the following mapping
Once the compiled classes and jar files are placed in WEB-INF/classes and lib respectively, I tried to query the following
…scim/v2/Users?filter=urn:ietf:params:scim:schemas:sailpoint:1.0:User:certifications.id eq “12345”
getting:
“schemas”: [
“urn:ietf:params:scim:api:messages:2.0:Error”
],
“scimType”: “invalidFilter”,
“detail”: “Invalid filter, attribute not found
ietf:params:scim:schemas:sailpoint:1.0:User:certifications.id”,
“status”: “400”
}
Please advise. Also I would like to extend /Certifications endpoint too. Please kindly advise what is the best way to do this?