Web Services - Update account issue

Please be sure you’ve read the docs and API specs before asking for help. Also, please be sure you’ve searched the forum for your answer before you create a new topic.

Please consider addressing the following when creating your topic:

• What have you tried?

Hi everyone, I’m using a web services connector on Identity Now. I’m trying to update an account by assigning a role with an entitlement from the request center.

• What errors did you face (share screenshots)?

The request failed with warning “ Contact Helpdesk” , but I get the following error:Error: Incomplete items. Please contact your administrator.

Provisioning

Exception while updating account.Url: https://BASE_URL/User/SaveUser, Message: 400 : Bad Request : { “requestStatus”: “KO”, “error”: { “errorCode”: 400, “errorMessage”: “required_field\nrequired_field” } }, HTTP Error Code: 400

image2194×430 26.1 KB

• Share the details of your efforts (code / search query, workflow json etc.)?

We are using a “WebServiceBeforeOperationRule”:

In this rule, we’re only testing the assignment of a group entitlement, so we’re setting the roles entitlement field to an empty array. When we resolve this error, we’ll change the code to dynamically handle the two assignments.

image867×1193 275 KB

The HTTP operation are:

image630×913 27.3 KB

In particular, for the operations of create account, update account, add and remove entitlement using the same API which is configured as follows:

image1605×616 21.4 KB

and the body is:

{
“userId”: “$plan.nativeIdentity$”,
“firstName”: “$plan.firstName$”,
“lastName”: “$plan.lastName$”,
“email”: “$plan.email$”,
“groupId”: “$plan.groupId$”,
“login”: “$plan.login$”,
“central”: “$plan.central$”,
“roles”: “$plan.roles$”
}

• What is the result you are getting and what were you expecting?

I’d like to assign access to an existing account. Currently, I’m getting a “required_field” error because I believe the Save User API needs all the fields in the body to update the groupId field for the entitlement I’m assigning. How can I retrieve the information needed to run that API? The plan only provides the native identity and the name of the entitlement I want to assign.

Thanks in advance,

Noemi

You have a logging statement in your rule that writes the finalBody variable to the ccg log. Have you verified that output is why you’re expecting?

I just reread the question - it sounds like you need to send all the user information such as roles even if you’re trying to just change groups.

If that’s the case, use the nativeIdentity to perform a GET for that user directly from the API on your target application using the rest client class that’s available with the before operation rule.

Once you have that, you’ll have to combine the current attributes with the new attributes you want to send. That might require adding or removing depending on the provisioning plan.

Once you’ve finalized the body, then you can write it back to the requestEndpoint

We have resolved the required_field issue but we are trying to disable the account when the attributes roles is empty. Using the after operation rule of web services connector, how can we take the object processed in the before operation rule to check the attribute roles?
With the before operation rule we did all the activity successfully (create, add/remove entitlement) when we insert the after operation rule (see screenshot below) the request is completed, the roles attribute is empty (remove entitlement operation) but the account is not disabled. Seems that the issue is in the after operation rule.

image1284×871 38.9 KB

Hello,

Does anyone have any suggestions on what my colleague Federica reported?

Thanks in advance,

Noemi