Unable to access Identity from WebServices Connector After Rule

Hello

I am trying to access the identity to update the link that was just created but keep getting errors when trying to access the identity. I am hoping to add an attribute on the link in iiq that is returned from the account create action.

Here are a couple of tries and the errors they are throwing

Identity currentIdentity = identity;

Parsed Response:-
Exception Message: BeanShell script error: bsh.EvalError: Sourced file: inline evaluation of: ``import java.text.ParseException;  import java.text.SimpleDateFormat;  import sai . . . '' : Typed variable declaration : Void initializer. : at Line: 25 : in file: inline evaluation of: ``import java.text.ParseException;  import java.text.SimpleDateFormat;  import sai . . . '' : currentIdentity = identity 
 BSF info: USDA-Rule-AfterOperation-Cority at line: 0 column: columnNo

Application my_app = context.getObjectByName(Application.class, "myapp");


Link myLink=identity.getLink(my_app);
if(myLink!=null) {
log.error("xxx here is my link " + myLink);
} else {
log.error("xxx i did not get a link);
}


Exception Message: BeanShell script error: bsh.EvalError: Sourced file: inline evaluation of: ``import java.text.ParseException;  import java.text.SimpleDateFormat;  import sai . . . '' : Typed variable declaration : Attempt to resolve method: getLink() on undefined variable or class name: identity : at Line: 28 : in file: inline evaluation of: ``import java.text.ParseException;  import java.text.SimpleDateFormat;  import sai . . . '' : identity .getLink ( my_app ) 

Hi @Seadog ,

Please use identityService class:

import sailpoint.api.IdentityService;

IdeneityService idnSrv=new IdeneitService(context);
List linkList=idnSrv.getLinks(My_app,identity); //identity should be identity Object, i guess it coming as an input argument in you rule.

for(Link link : linkList){
   if(link!=null) {
       log.error("xxx here is my link " + myLink);
    } else {
        log.error("xxx i did not get a link);
  }
}

If identity is there in argument of the after ProvisioningRule then you do not need below line

Thanks. I tried but had no luck.

It doesn’t find the identity like this.

List linkList = identityService.getLinks(identity); 

 Typed variable declaration : Undefined argument: identity  : at Line: 28

I also tried like this.

 Identity currentIdentity = identity;
IdentityService identityService = new IdentityService(context);

List linkList = identityService.getLinks(identity); 

 
 Typed variable declaration : Void initializer. : at Line: 25 : in file: inline evaluation of: ``import java.text.ParseException;  import java.text.SimpleDateFormat;  import sai . . . '' : currentIdentity = identity 

can you share you rule xml?

Hi richard,

1. Can you tell me what version of IIQ are you on ?
2. Are you trying to get the identity on the WebServiceAfterOperationRule ? if so that rule doesnt have identity as the default argument. you need to retrieve the username from the response or from the payload and use context to fetch the identity.

YEs. I am using the webServiceAfterOperationRule. I will try with the uid from the response. Thanks for that tip!

i see the identity is not a default argument for the rule. that why is your are getting the earlier error of void intialization and undefined variable.

Agree to @chaitanyav, I can see Application is available as default argument in after rule so you need not to create application object, you will have to retrieve the userName from rawResponseObject and then create an identity object to get its links.

Once identity object is created you can use identityService to get the Links for specific application.

Giving this a try after working out some other issues and getting the error below. Is there a better way to do the identity search? I am getting the data back from the user create.

Caused by: org.apache.bsf.BSFException: BeanShell script error: bsh.EvalError: Sourced file: inline evaluation of: ``import java.text.ParseException; import java.text.SimpleDateFormat; import sai . . . ‘’ : Typed variable declaration : Class: IdentityQuery not found in namespace

This is how I am trying it

import sailpoint.object.IdentityQuery;
import sailpoint.api.SailPointContext;


log.error("xxx data returned " + id + ", " + loginId);

SailPointContext context = sailpoint.api.SailPointFactory.getCurrentContext();
IdentityQuery identityQuery = context.getObject(IdentityQuery.class);

identityQuery.addFilter("theId", loginId);

List matchingIdenties = identityQuery.getResultList();

for(Identity identity : matchingIdentities) {
	log.error("xxx here are the identities: " + identity.getId());
}

Hi @Seadog

Can you be more specific with the requirement?
If you are trying to add an additional attribute in the application account (Link) which you are getting from Create Account response, try using Response Mapping in Create account operation.

sure

I can try that. Do you have an example of response mapping in the create operation of a webService connector?

I don’t know how to determine the syntax for the attribute path.

I can get the attribute I need like this.
int id = jsonObject.getJSONObject(“record”).getInt(“id”);

What does that translate to in the attribute path?

@Seadog Can you please provide the sample response. So that I could come up with the attribute path.

I guess you can try something like below.

image1341×361 10.6 KB

Sure

Below is a sample response. I parse the json like this to get the value needed

int id = jsonObject.getJSONObject(“record”).getInt(“id”);

“record”: {
“attachDocument”: null,
“barcode”: null,
“building”: null,
“cellPhone”: null,
“consolidatedMedicalReportDate”: null,
“createdDate”: “08/04/2023 10:44”,
“dateOfBirth”: null,
“dateOfHire”: “10/11/xxxx”,
“dateOfTermination”: null,
“declaredPregnant”: false,
“department”: {
“code”: “xxxx”,
“description”: “xxxx”,
“id”: xxxx
},
“division”: {
“code”: “34”,
“description”: “xxxx”,
“id”: xx
},
“driverLicenseClass”: null,
“driverLicenseNumber”: null,
“driverLicenseState”: null,
“ehs”: false,
“email”: null,

"id": 2951,
"jobPosition": {
  "code": "xxxx",
  "description": "xxxx",
  "id": xxx
},
"jobPositionGroup": {
  "code": "xxxx",
  "description": "xxxx",
  "id": xxx
},

},
“subList”: null
}

I tried like that with id for schema attrin, id for attrib path and $.record in Root Path but it did not populate the link.

I can see that the id came back from the response.

Hi @Seadog

Is there id attribute in schema in the application? I tried to do a similar use case and it is working.

Can you share the Application.xml masking the sensitive data if it is not working.

Yes, It is in the schema.
app.xml (15.3 KB)

Here is the app.xml

Hi @Seadog

The app config looks good, A similar setup is working properly in my Sandbox setup. I could see there is an AfterRule attached what is it exactly doing? Also verify the data using BeforeRule and AfterRule which will give you better understanding on the data being send, received and how IIQ is processing it.

BEfore rule is currently printing out the data being sent

log.error("Staring before operation rule");
  Map body = requestEndPoint.getBody();
  log.error("body value is : "+body);
  String jsonBody = (String) body.get("jsonBody");
  log.error("jsonBody value is : "+jsonBody);
  Map jsonMap = JsonUtil.toMap(jsonBody);
  log.error("jsonMap value is:"+jsonMap);
log.error("Ending before operation rule");

after rule was going to be used to grab the response and update the identity

all it does now is print out the data being returned

log.error("xxx Starting after operation rule");
log.error("xxx rawResponseObject " + rawResponseObject);


String jsonResponse = rawResponseObject.toString();
log.error("xxx jsonResponse " + jsonResponse);

JSONObject jsonObject = new JSONObject(jsonResponse);
log.error("xxx jsonObject " + jsonObject);

//access the id value
int id = jsonObject.getJSONObject("record").getInt("id");
String  loginId = jsonObject.getJSONObject("record").getString("loginId");

log.error("xxx data returned " + id + ", " + loginId);


log.error("xxx Ending after operation rule");

This is what the data returned looks like

xxx data returned 12344, 2868202087654324142242

Hi @Seadog ,

Can you print processedResponseObject as well?