Which IIQ version are you inquiring about?
8.4
Please share any images or screenshots, if relevant.
Please share any other relevant files that may be required (for example, logs).
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule created="1740570884359" id="0ac91edb932b13138195421bf907532c" language="beanshell" modified="1740570973791" name="Demomstrate Single Account Aggregation" significantModified="1740570973791">
<Source>
import sailpoint.object.Application;
import sailpoint.object.Attributes;
import sailpoint.object.Custom;
import sailpoint.object.Filter;
import sailpoint.object.Identity;
import sailpoint.object.Link;
import sailpoint.object.QueryOptions;
import sailpoint.object.ResourceObject;
import sailpoint.object.TaskResult;
import sailpoint.object.Rule;
import sailpoint.connector.JDBCConnector;
import sailpoint.api.Aggregator;
import sailpoint.connector.Connector;
import org.apache.log4j.Logger;
import org.apache.log4j.Level;
// Declare a logger class for us to isolate these messages during aggregation.
// Force the log level to DEBUG for initial testing.
Logger log = Logger.getLogger("sailpoint.services.DemonstrateSingleAccountAggregation");
log.setLevel(Level.DEBUG); // TODO: Turn this off or remove this line when checking in.
// Initialize the error message to nothing.
String errorMessage = "";
// We need some values defined to know which account we want to aggregate.
String applicationName = "Active Directory";
String accountName = "Bernard.Lee";
// We have already validated all of the arguments. No just load the objects.
Application appObject = context.getObjectByName(Application.class, applicationName);
String appConnName = appObject.getConnector();
log.debug("Application " + applicationName + " uses connector " + appConnName);
Connector appConnector = sailpoint.connector.ConnectorFactory.getConnector(appObject, null);
if (null == appConnector) {
errorMessage = "Failed to construct an instance of connector [" + appConnName + "]";
return errorMessage;
}
log.debug("Connector instantiated, calling getObject() to read account details...");
ResourceObject rObj = null;
try {
rObj = (ResourceObject) appConnector.getObject("account", accountName, null);
} catch (sailpoint.connector.ObjectNotFoundException onfe) {
errorMessage = "Connector could not find account: [" + accountName + "]";
errorMessage += " in application [" + applicationName + "]";
log.error(errorMessage);
log.error(onfe);
return errorMessage;
}
if (null == rObj) {
errorMessage = "ERROR: Could not get ResourceObject for account: " + accountName;
log.eror(errorMessage);
return errorMessage;
}
log.debug("Got raw resourceObject: " + rObj.toXml());
// Now we have a raw ResourceObject. The Application in IdentityIQ may have a
// Customization rule defined to transform the ResourceObject. We need to
// honor that configuration, so if the Applicaiton has a Rule then we run it.
Rule customizationRule = appObject.getCustomizationRule();
if (null != customizationRule) {
log.debug("Customization rule found for applicaiton " + applicationName);
try {
// Pass the mandatory arguments to the Customization rule for the app.
HashMap ruleArgs = new HashMap();
ruleArgs.put("context", context);
ruleArgs.put("log", log);
ruleArgs.put("object", rObj);
ruleArgs.put("application", appObject);
ruleArgs.put("connector", appConnector);
ruleArgs.put("state", new HashMap());
// Call the customization rule just like a normal aggregation would.
ResourceObject newRObj = context.runRule(customizationRule, ruleArgs, null);
// Make sure we got a valid resourceObject back from the rule.
if (null != newRObj) {
rObj = newRObj;
log.debug("Got post-customization resourceObject: " + rObj.toXml());
}
} catch (Exception ex) {
// Swallow any customization rule errors, the show must go on!
log.error("Error while running Customization rule for " + applicationName);
}
}
// Next we perform a miniature "Aggregation" using IIQ's built in Aggregator.
// Create an arguments map for the aggregation task.
// To change this (if you need to), the map contains aggregation options and is the same as the
// arguments to the acocunt aggregation tasks. Some suggestied defaults are:
Attributes argMap = new Attributes();
argMap.put("promoteAttributes", "true");
argMap.put("correlateEntitlements", "true");
argMap.put("noOptimizeReaggregation", "true"); // Note: Set to false to disable re-correlation.
// Consturct an aggregator instance.
Aggregator agg = new Aggregator(context, argMap);
if (null == agg) {
errorMessage = "Null Aggregator returned from constructor. Unable to Aggregate!";
log.eror(errorMessage);
return errorMessage;
}
// Invoke the aggregation task by calling the aggregate() method.
// Note: the aggregate() call may take serveral seconds to complete.
log.debug("Calling aggregate() method... ");
TaskResult taskResult = agg.aggregate(appObject, rObj);
log.debug("aggregation complete.");
if (null == taskResult) {
errorMessage = "ERROR: Null taskResult returned from aggregate() call.";
log.eror(errorMessage);
return errorMessage;
}
// Show the task result details for engineers curious about the results.
// These ususally look like the following:
// <?xml version='1.0' encoding='UTF-8'?>
// <!DOCTYPE TaskResult PUBLIC "sailpoint.dtd" "sailpoint.dtd">
// <TaskResult>
// <Attributes>
// <Map>
// <entry key="applications" value="1"/>
// <entry key="exceptionChanges" value="1"/>
// <entry key="extendedAttributesRefreshed" value="1"/>
// <entry key="identityEntitlementsCreated" value="1"/>
// <entry key="identityEntitlementsIndirectLinkUpdates" value="1"/>
// <entry key="identityEntitlementsRoleAssignmentsUpdates" value="4"/>
// <entry key="identityEntitlementsRoleDetectionsUpdates" value="1"/>
// <entry key="identityEntitlementsUpdated" value="1"/>
// <entry key="total" value="1"/>
// <entry key="updated" value="1"/>
// </Map>
// </Attributes>
// </TaskResult>
// Where the "udpated" indiciates the number of account links updated.
log.debug("TaskResult details: \n" + taskResult.toXml());
return ("Success");
</Source>
</Rule>
Hi Experts,
I am trying to implement single AD account aggregation using the rule referenced in the following article:
Aggregating a single account from an application - Compass
However, when running the rule, I encountered the following error:
Exception running rule: The application script threw an exception: sailpoint.connector.InvalidConfigurationException: [ InvalidConfigurationException ]
[ Possible suggestions ] Verify that mandatory fields should not be empty in the application configuration.
[ Error details ] Required string attribute 'authorizationType' is not defined.It must have a valid value. BSF info: Demomstrate Single Account Aggregation at line: 0 column: columnNo
Checked in domain settings, authorizationType is not null as well.
I am seeking your advice on how to resolve this issue.
Thanks in advance!
