Hello
I am setting up a web service connector to an application. I am getting an error Exception occurred while performing ‘Create’ operation on identity ‘null’: {“message”:“Please provide a valid region Id”,“correlationId”:“”}. To my understanding the declared variable I am trying to pass for “region id” is not passing. My question is where does IdentityIQ read the variables? Is it of the provisioning plan, the schema or somewhere else.
Hello Charles,
This- ‘null’: {“message”:“Please provide a valid region Id”,“correlationId”:“”} seems to be an error which the API call is throwing. Can you make this call through postman and see what type of values the API is expecting. Once you have identified the type of values which the API would accept then in the “create” operation of IIQ put the body and map the value from the create provisioning policy or identity. Basically, you will have to put the values in the format, which you will send to the API body, to the create provisioning policy.
Thanks for the response I have a Create operation with the following values:
{
"isEnabled": true,
"username": "$plan.username$",
"firstName": "$plan.firstName$",
"lastName": "$plan.lastName$",
"securityProfile": "$plan.securityProfile_id$",
"officerCodes": "$plan.officerCodes$",
"sendWelcomeEmail": false,
"homeRegion": "$plan.homeRegion_id$",
"email": "$plan.email$"
}
Am I grabbing the $plan.homeRegion_id$ from what I call it in the provisioning plan or is this pulling from somewhere else. When I hard code the home region and security profile it provisions no problem.
Have you added securityProfile_id & homeRegion_id and other attributes in the create provisioning policy? It will only get added to the plan if you have defined and added the value to them in the provisioning policy. Once its in the plan then you can do the plan.“attributename” to get the value
1 Like
Yes the name is matching but I do not have anything set for the values. I have that set to none because those are the request able entitlements. I’m thinking that once an end user selects the entitlements SailPoint will pair it with that variable.
Hi @cdavis132 ,
Please check the following
-
The Create Provisioning Policy should be having all the attributes which are required in the provisioning plan except for entitlements.
-
Is securityProfile_id and homeRegion_id entitlements? Are they both required in the create request. If so you might have to adjust entitlements in such a way that both values are selected during the entitlement selection. For example : Entitlement Value = securityProfile_id-homeRegion_id . An entitlement which is a combination of secureProfile and home region.
-
If you want to send the entitlement information along with the create request set the createAccountWithEntReq value to true in the application xml via debug
<entry key="createAccountWithEntReq">
<value>
<Boolean>true</Boolean>
</value>
</entry>
Yes both values are required by chance do you know how to set up the entitlements to be selected or have some documentation I can reference.
Hi Charles,
I would suggest creating an entitlement , which is a combination of the attribute securityProfile_id-homeRegion_id.And you could use the BeforeRule to split and pass on the request body.
Hello Charles, which attributes have you set as the managed and entitlement attribute in the schema. If it is homeRegion_id then you can add an entitlement for test through the entitlement catalog. Once you have added the entitlement. You can make it requestable. For testing, you can select the entitlement in the manage user access page and test the whole thing.
Also, for entitlement attribute to be visible in the create operation set createAccountWithEntReq to true in the app xml.
I checked and tried both and it still not able to pass through the variable for region_id. Which is strange because I tried it again but hardcoded the attribute in the create body and it went through successfully. So my assumption is that SailPoint is not translating the variable properly.
Rather then writing a rule would a role work?
yes, that should work.
Hey Charles, were you able to solve the issue?
No I have not solved the issue. I made the suggested corrections but its not taking the variable from the provisioning plan. Is there a way I can call the direct entitlements instead of looking at the plan?
Hi @cdavis132
Can you share the application xml by masking the sensitive information. This will help to troubleshoot the issue.
<?xml version='1.0' encoding='UTF-8'?>
1696597047993
1696596983349
</Map>
</value>
</entry>
<entry key="httpMethodType" value="GET"/>
<entry key="operationType" value="Test Connection"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj"/>
<entry key="rootPath"/>
<entry key="sequenceNumberForEndpoint" value="1"/>
<entry key="uniqueNameForEndPoint" value="Test"/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/v2/users"/>
<entry key="customAuthUrl"/>
<entry key="header">
<value>
<Map>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="GET"/>
<entry key="operationType" value="Account Aggregation"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj">
<value>
<Map>
<entry key="Email" value="email"/>
<entry key="EmployeeID" value="username"/>
<entry key="firstName" value="firstName"/>
<entry key="homeRegion_id" value="homeRegion"/>
<entry key="id" value="id"/>
<entry key="isEnabled" value="isEnabled"/>
<entry key="isLockedOut" value="isLockedOut"/>
<entry key="lastName" value="lastName"/>
<entry key="officerCodes" value="officerCodes"/>
<entry key="securityProfile_id" value="securityProfile"/>
</Map>
</value>
</entry>
<entry key="responseCode">
<value>
<List>
<String>200</String>
</List>
</value>
</entry>
<entry key="rootPath"/>
<entry key="sequenceNumberForEndpoint" value="2"/>
<entry key="uniqueNameForEndPoint" value="users"/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/v2/regions"/>
<entry key="customAuthUrl"/>
<entry key="header">
<value>
<Map>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="GET"/>
<entry key="operationType" value="Group Aggregation"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj">
<value>
<Map>
<entry key="group_name" value="name"/>
<entry key="region_id" value="id"/>
</Map>
</value>
</entry>
<entry key="responseCode">
<value>
<List>
<String>200</String>
</List>
</value>
</entry>
<entry key="rootPath" value="$.[*].childRegions[*]"/>
<entry key="sequenceNumberForEndpoint" value="3"/>
<entry key="uniqueNameForEndPoint" value="subregions"/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/v2/securityprofiles"/>
<entry key="customAuthUrl"/>
<entry key="header">
<value>
<Map>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="GET"/>
<entry key="operationType" value="Group Aggregation-Profile"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj">
<value>
<Map>
<entry key="analyticsRights" value="analyticsRights"/>
<entry key="dataFeedRights" value="dataFeedRights"/>
<entry key="integrationRights" value="integrationRights"/>
<entry key="opportunityRights" value="opportunityRights"/>
<entry key="profile_id" value="id"/>
<entry key="profile_name" value="name"/>
<entry key="rateSheetRights" value="rateSheetRights"/>
<entry key="regionalAdminRights" value="regionalAdminRights"/>
<entry key="relationshipRights" value="relationshipRights"/>
<entry key="reportingRights" value="reportingRights"/>
<entry key="systemAdminRights" value="systemAdminRights"/>
</Map>
</value>
</entry>
<entry key="responseCode">
<value>
<List>
<String>200</String>
</List>
</value>
</entry>
<entry key="rootPath"/>
<entry key="sequenceNumberForEndpoint" value="4"/>
<entry key="uniqueNameForEndPoint" value="securityprofiles"/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody" value="{
 "isEnabled": true,
 "username": "$plan.username$",
 "firstName": "$plan.firstName$",
 "lastName": "$plan.lastName$",
 "securityProfile": "$plan.securityProfile_id$",
 "officerCodes": "$plan.officerCodes$",
 "sendWelcomeEmail": false,
 "homeRegion": "$plan.homeRegion_id$",
 "email": "$plan.email$"
}"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/v2/users"/>
<entry key="customAuthUrl"/>
<entry key="header">
<value>
<Map>
<entry key="Content-Type" value="application/json"/>
<entry key="clientId" value="951ddcc6-dc43-408e-a4f4-bf0a67015ccc"/>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="POST"/>
<entry key="operationType" value="Create Account"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj">
<value>
<Map>
<entry key="homeRegion_id" value="homeRegion_id"/>
<entry key="id" value="id"/>
<entry key="securityProfile_id" value="securityProfile_id"/>
</Map>
</value>
</entry>
<entry key="responseCode">
<value>
<List>
<String>201</String>
</List>
</value>
</entry>
<entry key="rootPath"/>
<entry key="sequenceNumberForEndpoint" value="5"/>
<entry key="uniqueNameForEndPoint" value="create"/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody" value="{
 "isEnabled": "true",
 "username": "$plan.username$",
 "firstName": "$plan.firstname$",
 "lastName": "$plan.lastName$",
 "securityProfile": "$plan.profile_id$",
 "officerCodes": "",
 "sendWelcomeEmail": "false",
 "homeRegion": "$plan.region_id$",
 "email": "$plan.email$"
}"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/v2/users/$plan.nativeIdentity$"/>
<entry key="customAuthUrl"/>
<entry key="header">
<value>
<Map>
<entry key="Content-Type" value="application/json"/>
<entry key="clientId" value="951ddcc6-dc43-408e-a4f4-bf0a67015ccc"/>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="PUT"/>
<entry key="operationType" value="Update Account"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj"/>
<entry key="rootPath"/>
<entry key="sequenceNumberForEndpoint" value="6"/>
<entry key="uniqueNameForEndPoint" value="update"/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody" value="{
 "isEnabled": true,
 "username": "$plan.username$",
 "firstName": "$plan.firstName$",
 "lastName": "$plan.lastName$",
 "securityProfile": "$plan.securityProfile$",
 "officerCodes": "",
 "sendWelcomeEmail": false,
 "homeRegion": "$plan.region$",
 "email": "$plan.email$"
}"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/v2/users/$getobject.nativeIdentity$"/>
<entry key="customAuthUrl"/>
<entry key="header">
<value>
<Map>
<entry key="Content-Type" value="application/json"/>
<entry key="clientId" value="951ddcc6-dc43-408e-a4f4-bf0a67015ccc"/>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="PATCH"/>
<entry key="operationType" value="Add Entitlement"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj"/>
<entry key="responseCode">
<value>
<List>
<String>204</String>
</List>
</value>
</entry>
<entry key="rootPath"/>
<entry key="sequenceNumberForEndpoint" value="7"/>
<entry key="uniqueNameForEndPoint" value="update entitlement "/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody" value="{
 "isEnabled": true,
 "username": "$plan.username$",
 "firstName": "$plan.firstName$",
 "lastName": "$plan.lastName$",
 "securityProfile": "$plan.securityProfile$",
 "officerCodes": "",
 "sendWelcomeEmail": false,
 "homeRegion": "$plan.region$",
 "email": "$plan.email$"
}"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/v2/users/$getobject.nativeIdentity$"/>
<entry key="customAuthUrl"/>
<entry key="header">
<value>
<Map>
<entry key="Content-Type" value="application/json"/>
<entry key="clientid" value="951ddcc6-dc43-408e-a4f4-bf0a67015ccc"/>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="PATCH"/>
<entry key="operationType" value="Add Entitlement-Profile"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj">
<value>
<Map>
<entry key="id" value="id"/>
</Map>
</value>
</entry>
<entry key="responseCode">
<value>
<List>
<String>204</String>
</List>
</value>
</entry>
<entry key="rootPath"/>
<entry key="sequenceNumberForEndpoint" value="8"/>
<entry key="uniqueNameForEndPoint" value="update securityprofile"/>
<entry key="xpathNamespaces"/>
</Map>
</List>
</value>
</entry>
<entry key="createAccountWithEntReq">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="enableHasMore" value="true"/>
<entry key="enableStatus" value="isEnabled=true"/>
<entry key="encrypted" value="accesstoken,refresh_token,oauth_token_info,client_secret,private_key,private_key_password,clientCertificate,clientKeySpec,resourceOwnerPassword"/>
<entry key="genericWebServiceBaseUrl" value="https://api.precisionlender.com"/>
<entry key="highRisk">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="httpCookieSpecsStandard" value="true"/>
<entry key="isGetObjectRequiredForPTA">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="lastAggregationDate_account" value="2023-02-28T13:51:36Z"/>
<entry key="nativeChangeDetectionAttributeScope" value="entitlements"/>
<entry key="nativeChangeDetectionAttributes"/>
<entry key="nativeChangeDetectionEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="nativeChangeDetectionOperations"/>
<entry key="oAuthJwtHeader">
<value>
<Map>
<entry key="alg" value="RS256"/>
</Map>
</value>
</entry>
<entry key="oAuthJwtPayload">
<value>
<Map>
<entry key="aud"/>
<entry key="exp" value="15f"/>
<entry key="iss"/>
<entry key="sub"/>
</Map>
</value>
</entry>
<entry key="private_key_to_update"/>
<entry key="saml_assertion_url"/>
<entry key="saml_request_body"/>
<entry key="sysDescriptions">
<value>
<Map>
<entry key="en_US"/>
</Map>
</value>
</entry>
<entry key="tags"/>
<entry key="templateApplication" value="Web Services"/>
<entry key="throwProvAfterRuleException">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="throwProvBeforeRuleException">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="timeoutInSeconds" value="60"/>
<entry key="username" value="testAPI"/>
</Map>
Hi @cdavis132
The xml information shared is not having full value, especially the important part like schema and provisioning policy. I would suggest you add the application xml as attachment to the post by keeping sensitive information like in username, password, url etc blank in the attributes.
Hi @cdavis132
- I would remove Region and Security Profile from Provisioning Policy as they are not providing any value. Both of them are entitlements and should be coming based on the entitlement request from the user. Remove the below entries (Line 546 and 547)
<Field displayName="Region" name="homeRegion" type="string"/>
<Field displayName="Security Profile" name="securityProfile" type="string"/>
- Update createAccountWithEntReq attribute to true. Update line 438 with true. This will ensure that entitlements are send along with the Create Request
<entry key="createAccountWithEntReq">
<value>
<Boolean>true</Boolean>
</value>
</entry>
- Add the attribute addRemoveEntInSingleReq to true. Add the following at line 19. This will make sure that multiple entitlements are send in single request.
<entry key="addRemoveEntInSingleReq">
<value>
<Boolean>true</Boolean>
</value>
</entry>
- Update the Create and Add Entitlement Body to remove double quotes as mentioned in Webservice documentation.
{
"isEnabled": true,
"username": "$plan.username$",
"firstName": "$plan.firstName$",
"lastName": "$plan.lastName$",
"securityProfile": $plan.securityProfile_id$,
"officerCodes": "$plan.officerCodes$",
"sendWelcomeEmail": false,
"homeRegion": $plan.homeRegion_id$,
"email": "$plan.email$"
}
- Since both homeRegion_id and securityProfile_id is required in the Create request , create Role which is combination of homeRegion_id entitlement and securityProfile_id entitlement.
Thank you for the help I implemented the changes and now am getting the following error
Exception occurred while performing ‘Create’ operation on identity ‘null’: {“message”:“\r\n”,“correlationId”:“”}