Webservice Application

kiran_sai · September 11, 2021, 3:11pm

Hi Sailors,

I have created a webservice Application. we are facing few issues as detailed below:
ISSUE 1 : When a user raise the request for multiple entitlements, (for Example - creating the account and updating the same) then those two requests are hitting the connector as individual tasks at the same time and both are having the operation Type as Create (Instead of one as Create and other as Modify).
We need your siggestion to handle the requests one after the other(second request as modify)

ISSUE 2 : When a user with Entitlements A, B, C is raising request for multiple entitlements such X & Y, then two requests (X,Y) are hitting the connector as individual tasks at the same time and both are having the operation type as Modify… Then the user should get the Profile updated as A, B, C, X,Y.
But, for some requests we are facing the overlap/Wipe-off issue.

Reason: The two requests (X,Y) are hitting the connector as individual two tasks at the same time, this is leading to create two JSON’s A,B,C,X for request 1 and A,B,C,Y as request 2.

API behaviour is if you want to do any modify operation you need to collect the existing profiles/Entitlements of the user and send in modify JSON if we miss any profile then that access will be wiped off from the target system.

Example:
If User have entitlement A, B, C
then we raise request for X & Y
if B hits the connector 1st then MODIFY request JSON should be like below
{ ProfileName : [A,B,C,X] }
if c hits the connector next then MODIFY request JSON should be like below
{ ProfileName : [A,B,C,X,Y] }

Can you please help us to sort this issue.

Thanks,
Saikiran D

adam_creaney · September 13, 2021, 4:13pm

Hi Saikiran! Welcome to the forums.

The web services connector is pretty flexible, so we should be able to work this out. First - what version of IdentityIQ are you using?

Next, for your ‘Add Entitlement’ operation, are you using a PUT or a PATCH operation?

For ISSUE 1 - to bucket the create request and the add entitlements into a single operation (if your endpoint supports this) - there is a createAccountWithEntReq flag that you can set in the application xml.

ISSUE 2 - this sounds like your operation is a PUT operation and causing the override behavior. Does your endpoint have a PATCH equivalent? If not - you can also create a WebServicesBeforeOperationRule on your ‘Add Entitlement’ endpoint. Here you could get the body directly from the ‘requestEndPoint’ input variable, and directly modify the JSON body to include the users existing entitlements so they are not removed when you add new ones.

Topic		Replies	Views
Web Services SaaS Connector ISC Discussion and Questions webservice-connector , identity-security-cloud , provisioning , access-requests	9	691	November 28, 2023
Webservice Connector Entitlement provision issue IIQ Discussion and Questions	2	1379	July 19, 2023
What operation to use in webservice for adding of role IIQ Discussion and Questions webservice-connector , rules , identityiq	4	246	February 18, 2024
Webservices connector, this entitlement does not exist IIQ Discussion and Questions webservice-connector , provisioning , entitlements	5	390	June 29, 2023
Web service connector Add Entitelement operation ISC Discussion and Questions	4	1757	July 19, 2023

Webservice Application

Related Topics