The Web Services connector successfully completes Account Aggregation, the Groups are not being retrieved under the users' accounts

Hi All,

The account aggregation for the web service source is success, But it is not displaying groups under all user accounts.

Account Aggregation: We will get only all users.
Context URL: /v1/users

Group Aggregation: We will get only all groups.
Context URL: /v1/usergroups

The context URLs for Account Aggregation and Group Aggregation are different.

We require a method to combine two distinct endpoints using a Before and After operation rule?

Have you marked any attribute as entitlement on the Account schema?

1 Like

Hi @shaikidn,

You can check if there is any attribute in account schema has Type as Group and just mark them as entitlement & multivalued. Then you may try aggregating account.

-Vasanth

Hi @shaikidn

Thank you for the question. I checked the response from both the APIs as shared above and i could not find information about user group assignments in the response in either of the API /users or /groups but not sure if i overlooked something.

But ideally one of the API should provide you the identity assignment or may be there should be another API that can grant you this information, then you can use the parent endpoint configuration to retrieve the assignments details without having to write a rule.

I hope this helps.

Regards
Vikas.

Yes, I have marked “usergroups” attribute as entitlement on the account schema.

Hello Raj,

I confirm that the account schema includes the “usergroups” attribute. Please see the screenshot provided below. I have attempted account aggregation multiple times, but the results remain unchanged.

Hi @shaikidn ,

You need to have two account aggregations setup, like

  1. Which will be used to receive user information
  2. Will be executed once for every row returned the 1st aggregation (parent aggregation will be set us Aggregation-1)

Do you have any API that will return only one user group, like /v1/usergroups/?

Thanks,
Karthi

Hi @shaikidn ,

You need two Account Aggregation Operations to complete these requirements. Here is the complete configuration,

Http Operations Configurations:

Account Aggregation 1:

Account Aggregation 2:



Accounts After Aggregation:




In case you don’t have an API to pull one user groups then you need to have an After Operation rule to filter the groups related to one user.

Regards,
Karthi

Hello @vguleria,

User Management:

  1. Listing Users: We will get all list of users.
    GET: https://server_address.com:8443/biprws/v1/users
    Context URL: https://server_address.com:8443/biprws
    Base URL: /v1/users

  1. Getting Users Details: We will get particular user details.
    GET: https://server_address.com:8443/biprws/v1/users/user_id.
    Context URL: https://server_address.com:8443/biprws
    Base URL: /v1/users/12246
    user id is: 12246

Group Management:

  1. Listing User Groups. Get the list of all groups.
    GET: https://server_address.com:8443/biprws/v1/usergroups.
    Context URL: https://server_address.com:8443/biprws
    Base URL: /v1/usergroups

  2. Getting User Group Details. We will get particular user group details.
    GET: https://server_address.com:8443/biprws/v1/usergroups/<usergroup_id>
    Context URL: https://server_address.com:8443/biprws
    Base URL: /v1/1547098
    usergroup_id is: 1547098

  3. Listing All Users in an User Group. We will get all users in a particular usergroup.
    GET:https://server_address.com:8443/biprws/v1/userGroups/<usergroup_id>/users
    Context URL: https://server_address.com:8443/biprws
    Base URL: /v1/userGroups/1547098/users
    usergroup_id is: 1547098

User Id is different, and Group Id is different.
Please tell me which URL is follow aggregation 1 and aggregation 2, Group Aggregation Operations.

Hi @shaikidn

Thank you for the response. Can you please confirm if there is no API to retrieve the group assignments from user level ? If that is the case then you may need to go for web service after operation rule as well which is a connector rule and you will need to use this role to add the groups assignments for the user when you invoke account aggregation operation.

So below will be the structure in my opinion and not sure if there is an easy way to achieve this.

For Account Aggregation

  1. Configure Account aggregation operation contextURL /v1/users. This will give you the all the users. You may also need to configure pagination here and of course response status code and response body mapping needs to be maintained.

  2. You may need to use the parent endpoint configuration ONLY if you need additional details like lastLogon information to be stored in ISC. So you will use the parent endpoint configuration here such that after the first step is executed this step will start and you will use here API GET: https://server_address.com:8443/biprws/v1/users/$response.user_id. Make sure to retrieve user_id in first API call in response body configuration and here you can configure additional details in response body.

So till this step you will be able to cover all identity attribute assignments. And assuming that there is no API to retrieve the identity assignments from account aggregation, you will need to use either in step 1 or step2 after connector rule. I would prefer to add it at step 2 although.

In after operation rule, then you will need make API call to read all the groups and then check for each group if the current person is assigned, if that is the case then update the response json to include the group assignment so that you will have the information about user assignment.

I can think of only this way to achieve the requirement and i hope the groups are not very large in number otherwise the aggregation can take very long as we are looping over each group in connector rule.

So in my opinion, if you are developing this API , then have an endpoint like v2/userId/groupAsignment that will give you group assignments from user’s endpoint. Otherwise the above approach can be followed to make it work.

I hope this information helps. If you need more information, please let us know.

Regards
Vikas.

Hello @Karthikeyan_U

Please find the below API it will return only one user group details.
Getting User Group Details. We will get particular user group details.
GET: https://server_address.com:8443/biprws/v1/usergroups/<usergroup_id>
Context URL: https://server_address.com:8443/biprws
Base URL: /v1/usergroups/1547098
usergroup_id is: 1547098

Hello @Karthikeyan_U

Please provide me example After Operation rule to filter the groups related to one user.

Hello @vguleria

Please provide me example After Operation rule to filter the groups related to one user.

Hi @shaikidn

You will need to use the the xPath libraries in the java code like DocumentBuilder, DocumentBuilderFactory and node to extract this node value from the xml response.

The xPath to extract the id field should be i believe like this attr[@name=‘id’]/text() but please double check this with the xPath validators available online.

Complete java code for xml use-case i do not have but there are numerious examples you can get online easily :slight_smile: . You can also check in the API by passing the header accept= aplication/json if that gives you response in json format and then you can use json libraries to get it work but that generally depends on the application.

I hope this helps.

Regards
Vikas.