Unable to set attribute value in Before Provisioning rule

Hello, I am having issue in my application’ s before provisioning rule. I want to set the Attribute “Active” which is a boolean ptoperty to be set as False, when a user account have a particular entitlement. The issue here is the provisioning plan is not able to set attribute Active as False

I am getting error 'openconnector.ConnectorException: Can not prepare SCIM Resource, inputStream is null.’

In the rule I am checking if an account is requesting a particular entitlement, then I am setting the Account Active status as False. Below is how my code looks like


*List accReqList = plan.getAccountRequests(application.getName());*
*if(accReqList != null && !accReqList.isEmpty()){*
*for(AccountRequest accReq : accReqList){*

*if( null != accReq.getOp() && ProvisioningPlan.AccountRequest.Operation.Create == accReq.getOperation())*
*if(Util.size(AttributeRequests) > 0 ){*
*for(AttributeRequest attrReq: AttributeRequests){*
*if("groups".equalsIgnoreCase(attrName) && "Add".equalsIgnoreCase(attrReq.getOp().toString())){*

*groupName = attrReq.getValue();*
*if(groupName != null){*
*if(groupName instanceof List){*
*newGroups = (List) groupName;*
*if(groupName instanceof String){*



*newAttList.add(new AttributeRequest("active", ProvisioningPlan.Operation.Set, inactive));*
*else if(!("active".equalsIgnoreCase(attrName))){*





While trying to debug , i am getting After provisiong plan as below.

<ProvisioningPlan nativeIdentity="00410231" targetIntegration="XXXApp" trackingId="xxxxxxxxxxx"><AccountRequest application="XXXApp" assignmentIds="TEMP:e60bc931e966452da21bf94f484fd3b4" op="Create">*
*<AttributeRequest name="groups" op="Add" value="181"/>*
*<AttributeRequest name="active" op="Set">*
*<AttributeRequest name="userName" op="Set" value="[email protected]"/>*
*<AttributeRequest name="emails.work.primary.value" op="Set" value="[email protected]"/>*
*<AttributeRequest name="name.givenName" op="Set" value="Ziser"/>*
*<AttributeRequest name="name.familyName" op="Set" value="Zetybu"/>*
*<AttributeRequest name="locale" op="Set" value="en-AU"/>*
*<AttributeRequest name="timeZone" op="Set" value="AUS Eastern Standard Time"/>*
*<AttributeRequest name="addresses.work.country" op="Set" value="GBR"/>*
*<AttributeRequest name="externalId" op="Set" value="04545664"/>*
*<entry key="identityRequestId" value="0000352897"/>*
*<entry key="requester" value="spadmin"/>*
*<entry key="source" value="Batch"/>*
*<Reference class="sailpoint.object.Identity" id="xxxxxxxxxxxxxx" name="spadmin"/>*

But if I try to print the attribute name, attribute value and operation, I can see the active attribute is set as False.

QuartzScheduler_Worker-1 sailpoint.server.InternalContext:166 - Attr Name: active
QuartzScheduler_Worker-1 sailpoint.server.InternalContext:166 - Operation: Set
QuartzScheduler_Worker-1 sailpoint.server.InternalContext:166 - Attr Value: false

Please help me how to update the attribute as False

A couple things to try:

  1. Instead of setting your boolean attribute request as a true boolean, try setting to a string instead
  2. Make sure your account schema has the active attribute type specified correctly
  3. I’m not sure if this will actually capture the raw HTTP requests/responses for that connector, but it’s worth a shot:


1 Like

Hi @sahoos9
As Brian mentioned make sure to verify the account schema has the attribute ‘Active’ specified correctly. If this attribute account status attribute, instead of changing the attribute to false change the account operation to Disable. This will make sure account is disabled and active value is false. If you are using SCIM2 connector enable the following logger to see the json body.

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.