WebService Before Operation Rule, IdentityService

IdentityIQ (IIQ) IIQ Discussion and Questions
, ,
1

Hello

I am trying to update accounts using the WS Connector. My end point requires me to send in an account identifier in the request url. I am thinking I need to look up the link in iiq and get the identifier. I am stuck getting the identity to do the look up. What is a way to get the identity in the webService connector before operation rule?

2

Is this the attribute that is marked as “Identity Attribute” in Account Schema? In such case, you can use accountRequest.getNativeIdentity()

3

Hi Nitesh

The attribute is on the account schema, it is labeled as id. I tried it and it wasn’t able to find accountRequest

Attempt to resolve method: getNativeIdentity() on undefined variable or class name: accountRequest

4

Can you please share the Java code?
You might not have the same name “accountRequest”

5

Sure

Here is the full rule with various attempts in it.

import connector.common.JsonUtil;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import sailpoint.object.Identity;
import sailpoint.object.Link;
import sailpoint.object.Application;
import java.util.Iterator;
import sailpoint.object.QueryOptions;
import sailpoint.api.IdentityService;




log.error("xxx Starting before operation rule");

IdentityService ids = new IdentityService(context);
log.error("xxx here is the ids " + ids);

log.error("xxx " + accountRequest.getNativeIdentity());
  

  
//#####
        for (int i = 0 ; i < this.variables.length ; i++) {
        String varName = this.variables[i];

        Object varValue = null;
        try {
        if ("transient".equals(varName)) {
        varValue = "[reserved word]";
        } else {
        varValue = eval(varName);
        }
        } catch (Exception ex) {
        varValue = "[eval exception]";
        }

        String varClass = "void";
        if ((void != varValue) && (null != varValue)) {
        varClass = varValue.getClass().getSimpleName();
        }

        if (void == varValue) {
        log.error("XXX: " + varName + " = void");
        } else if (null == varValue) {
        log.error("XXX: " + varName + " = null");
        } else {
        log.error("xxx: " + varName + ": " + varClass + " = " + varValue);
        }
        }
//#####

//while (it.hasNext()) {
//this prints out every identity we have, not good
// Identity id = (Identity) it.next();:0
//log.error("xxx here is identity " + id);     
//}



  
    //app = context.getObjectByName(Application.class, "Cority");
    //List links = ids.getLinks(identity,app);
  
  //for (String item : links) {
  //log.error("xxx item " + item);
  
//  }
    
  
  

    






//List linkList = identityService.getLinks(identity); 
//Application EIDS_NG = context.getObjectByName(Application.class, "EIDS_NG");


//Link myLink=identity.getLink(EIDS_NG);
//if(myLink!=null) {
//log.error("xxx here is my link " + myLink);
//} else {
//log.error("xxx i did not get a link");
//}


        Map body = requestEndPoint.getBody();
        log.error("xxx map body value is : "+body);

        String jsonBody = (String) body.get("jsonBody");
        log.error("xxx jsonBody value is : "+jsonBody);

        Map jsonMap = JsonUtil.toMap(jsonBody);
        log.error("xxx jsonMap value is:"+jsonMap);

//possible npe here
      //Application Cority = context.getObjectByName(Application.class, "Cority");
      
//Identity identity;
//      log.error("xxx identity name value is:" + identity.getName());

//      Link myLink=identity.getLink(Cority);

  //    corityId=myLink.getAttribute("id");
    //  log.error("xxx corityId value is: " + corityId);
        
        
// get the base url and build the token URL
        String fullUrl = requestEndPoint.getFullUrl();
//requestEndPoint.setFullUrl(fullUrl);

        log.error("xxx fullUrl value is:" + fullUrl);
//            String tokenPath = "/Passwordvault/Api/Auth/CyberArk/Logon";
//            String tokenUrl = contextUrl + tokenPath;


        log.error("Ending before operation rule");
6

It is possible to search for the Account Link and get the ‘id’ attribute.

For instance put the following in your Before Operation Rule:

String id = "";
Link l = (Link) context.getUniqueObject(Link.class, Filter.and(Filter.eq("application.name", "ApplicationName"),Filter.eq("identity", accountRequest.getNativeIdentity())));

if (l != null) {
  id = (String) l.getAttribute("id");
}

Here you need to change ApplicationName to the name of your application.

The variable id contains the id off the account.

– Remold

7

Sorry but I am not able to understand what are you trying to do in this rule. I was expecting reference to a ProvisioningPlan and associated AccountRequest

8

Hi Remold

I am getting a similar error

Attempt to resolve method: getNativeIdentity() on undefined variable or class name: accountRequest

String id = "";
Link l = (Link) context.getUniqueObject(Link.class, Filter.and(Filter.eq("application.name", "Cority"),Filter.eq("identity", accountRequest.getNativeIdentity())));

if (l != null) {
  id = (String) l.getAttribute("id");
log.error("xxx got the id " + id); 
}
9

The user already has an account and this is an update. For example this application is set as a target when the lastName attribute is updated.

In the rule I’m hoping I can grab some data from the existing link and add it to the url so that the change to the lastName can be sent.

10

I suppose this will be the “Before Rule” for an “Update Account” Connector operation in your WSC type Application configuration. In that case provisioningPlan object is injected into your rule by IIQ, and you can get the accountRequest using this
List accountRequests = provisioningPlan.getAccountRequests();

  • Iterate through accountRequests to get the accountRequest object
  • Most likely there will be only one object in accountRequests and you should be able to break from the loop right after first run.
11

Thank you! I can get the native identity doing it this way.

I am adding this here just in case it helps anyone else.

 List accountRequestsList = provisioningPlan.getAccountRequests();

  
 if (accountRequestsList != null @and !accountRequestsList.isEmpty()) {
   
   
   for (item : accountRequestsList) {
     
    log.error("xxx item : " + item); 
    log.error("xxx item operation: " + item.getOperation().toString()); 
    log.error("xxx item native: " + item.getNativeIdentity()); 
     
    List attrReqList = item.getAttributeRequests(); 
     
        if (attrReqList != null @and !attrReqList.isEmpty()) {
                //iterate through attribute request list
                
              for (AttributeRequest attr : attrReqList) {
                  
                  log.error("xxx attr.getValue() class: " + attr.getValue().getClass().getSimpleName());
                
                 if (attr.getValue().getClass().getSimpleName().contains("String")) {
                    
                    log.error("xxx value " + attr.getValue());
                  }

                  
              }

         }  
   }

   
}else {
        log.error("xxx empty request");
}
1 Like
12

@ralfonse A simple check to see if you have a String or a List attribute (from the AttributeRequest) you can use something like:

Object value = attr.getValue();
if (value instanceof String)) {
  log.error("xxx value " + value);
}
if (value instanceof List)) {
  log.error("xxx value " + value.get(0));
}

No need to check if the List isEmpty, as value is NULL, String or List (size = 0,1, n).

– Remold

PS happy to see your issue has been solved :slight_smile:

13

Great, Thanks for the tip!

14

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.