"unexpected end of JSON input"

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

NOTE*** I added multiple attachments throughout the post that I refer to but had to remove because new users are only allowed one attachment per post. I will try and add the attachments in this thread if possible. Thank you for your time!

I am in the process of creating a workflow that reassigns AP ownership and GG membership. The workflow triggers based off of an identities cloudlifecycle state going from active to inactive. I know there are several workflows posted in this community that do reassignment, but none of them fit my unique requirements so I decided to start from scratch. This hasn’t been fully ironed out and most of the actions I have used can be condensed, but I have kept them as is in fear of breaking what I already have working. The idea behind the workflow is to trigger off of an inactive identities’ cloud lifecycle state going from “Active” to “Inactive”. The issue I am running into is the loop input. I keep getting an error saying, “unexpected end of JSON input”. I have used this http request to grab a list of APs the inactive identity is an owner of: https://sailpoint.api.identitynow.com/beta/identities/:id/ownership.

Workflow:
The point of this workflow is to grab both AP ownership and GG membership and reassign to the identities direct manager. I am also emailing a link to the manager in the case they want this ownership assigned to someone else. I understand there are several instances that may mess up the logic of the workflow(Ex. Manager is inactive as well). Like I said before I am trying to get the basics of the workflow ironed out before I account for these kinds of issues

Background:
The http call works perfectly fine. I even had it working without hard coding the identity ID a couple of weeks back(using dynamic identity ID that changes based off of the identity triggering the workflow). I made sure to download the json script at the time. Tried uploading that exact same script and it doesn’t work anymore. I know the http returns the right info because I am able to use the json path and return a list of APs the identity owned as well as a list of GGs an identity was part of via email. I have linked screenshots with comments.

Grabbing AP ownership in list format (API call using postman):

Json Path Validator on the data returned by API call showing the IDs in list format:

Workflow implementation using this data. Emailing (instead of ID I used Name just for emailing purposes):

 -Here is what the email looks like:

The loop input. The ID is hard coded for now, but I am trying to implement a way to use the trigger: {{$.trigger.identity.id}} in the json path:

^^The context I have set is for the http request in the loop that does the manager reassignment. I am certain this doesn’t affect the loop input at all.

Here is the error that it returns:

What I have tried:
-I have tried to hard code the ID into the json path. Which worked initially but leads me to the unexpected json input error as of the last 2 weeks. I know it is reading something because the loop returns 2 “unexpected end of json input” errors and I have set the specific test identity to own 2 APs.

  • I have tried sending an email right before with hard coded and dynamic json path which returned the right AP ownership list(screenshot provided below). I have also tried using the json path validator to make sure that my path makes sense (screenshot above).

-I also tried using the define variable function, but that did absolutely nothing.

I have tried my best to search for any questions related to this topic, but I am having trouble finding something specific to passing a list of elements to a loop using a http request’s json path. Any help or insight will be greatly appreciated. Like I said I had it working perfectly fine about a month ago and after the dynamic variable implementation started failing, I was able to get it to work while hardcoding it. It looks like I am now back to square one. Any help is appreciated. Thanks!

2

Here are the screen shots:

Json Path Validator on the data returned by API call showing the IDs in list format:

image
image1355×759 33 KB

Workflow implementation using this data. Emailing (instead of ID I used Name just for emailing purposes):
image

^email template in workflow

image
image384×405 15 KB

The loop input. The ID is hard coded for now, but I am trying to implement a way to use the trigger: {{$.trigger.identity.id}} in the json path like I did above for the email:

image
image1284×514 28.6 KB

^The context is set to a different action that grabs manager information for the json patch request. I’m pretty sure the context is unrelated to the loop input.

Here is a picture of the error when testing the workflow

image
image1830×804 48.4 KB

Finally here is a screenshot of me sending an email using the json path I would like to use in the loop input and it returns a list of the AP IDs

image
image1356×259 16.3 KB

image
image940×172 11.1 KB

3

Can you please share the input for the loop? Step input tab for loop from the workflow test results

4

Here is the loop input:

{
  "context": {
  **Sensitive data(employee info returned by Get Identity action)
  },
  "input": [
    "19082aa522514c1bb0f4eb632d4ebcce",
    "f5af684c758e479b859e4d183df7bae6"
  ],
  "start": "HTTP Request 2",
  "steps": {
    "End Step - Success": {
      "description": null,
      "displayName": "",
      "type": "success"
    },
    "HTTP Request 2": {
      "actionId": "sp:http",
      "attributes": {
        "authenticationType": "OAuth",
        "jsonPatchRequestBody": [
          {
            "op": "replace",
            "path": "/owner",
            "value": {
              "id": "{{$.loop.context.id}}",
              "name": "{{$.loop.context.name}}",
              "type": "IDENTITY"
            }
          }
        ],
        "method": "patch",
        "oAuthClientId": "*",
        "oAuthClientSecret": "*",
        "oAuthCredentialLocation": "oAuthInHeader",
        "oAuthTokenUrl": "https://<tenant>.api.identitynow.com/oauth/token",
        "requestContentType": "json-patch+json",
        "requestHeaders": null,
        "url": "https://<tenant>.api.identitynow.com/beta/access-profiles/{{$.loop.loopInput}}"
      },
      "displayName": "http req AP manager owner change",
      "nextStep": "End Step - Success",
      "type": "action",
      "versionNumber": 2
    }
  }
}

Erased the Oauth client ID & secret aswell
Thank you for you assistance
.

5

Hi @SteveCharles . Can you look for workflow output and check for error message there rather than loop output? Workflow output give clearer message.

Also, after loop input can you add send email operator and see you were able to get all the required info from loop input?

6

Hey Theja,
Sorry for the late response. I tried running my workflow again and now the API call I am using to replace the access profile owner is breaking: patch-access-profile | SailPoint Developer Community. It was working perfectly fine before in postman, but now it is breaking because of the error I have attached below. I am currently working on fixing this issue. I will update with the workflow output once I figure this out.

image
image911×516 23.2 KB