WebService Connector IIQ: Invoke/call a defined operation programmatically

Sailpoint IIQ 8.4

Hi!

Regarding the WebService Connector.

I understand that the GetObject operation is invoked (if defined and implemented) after a successful account create.

My question is, is it possible to invoke GetObject in a before or after rule programmatically when doing the Add Entitlement operation? How would I do it?

The response received after a successful Add Entitlement operation does not suffice for my use case. So currently I just perform another call to the target system to get the information I need within a rule using the available java methods and objects. However I have a defined GetObject operation that already does what I want, it would be nice if I could invoke it programmatically in my rule (or any other way).

Best regards

Nino

I believe you can use “after operation rule” to achieve this.

if you want to invoke getobject in your before or after rule. This will work if you have getobject operation configured for your webservice. Use below code to achieve it.

        String appName = accReq.getApplicationName();
Application app = context.getObjectByName(Application.class, appName);
     String nativeIdentity = accReq.getNativeIdentity();

            Connector connector = ConnectorFactory.getConnector(app, null);
            ResourceObject active = connector.getObject("account", nativeIdentity, null);
          

            if (active != null) {
                //You can put the logic if account is found using get object call
              }

@ninosp Yes. You can do a single account aggregation/getObject using connector APIs in your before and after rule. Also, if you want to avoid additional rule, you can try to create chained endpoints as well.. where you can clone the getObject endpoint to AddEntitlement-GetObject → then IIQ will call AddEntitlement followed by AddEntitlement-GetObject endpoint.

I believe you want to aggregate all the attributes from get object which is not coming from add entitlement. You should be able to achieve this with chained endpoints as well.

Note: Found a fix?Help the community by marking the comment as solution. Feel free to react(,, etc.)with an emoji to show your appreciation or message me directly if your problem requires a deeper dive.

Thanks for the answer.

If I run this will it also do response mapping that is defined in my GetObject operation or do I need to do it myself?

yes, can you please try it and let me know, if it worked.

I tried adding it in an after operation rule, so after add entitlement it will call the code you gave me but it only responds with this.

Connector does not support getObject() - can possibly be enabled by removing the NO_RANDOM_ACCESS feature from the application.

can you give me the your after operation rule please, if it is okay I want to see , what you are doing?? i can fix it then easily.

I removed featureString from the application object “NO_RANDOM_ACCESS” and now it works. However, I can’t quite find what this flag does and what removing it does?

featuresString=“NO_RANDOM_ACCESS, PROVISIONING, SYNC_PROVISIONING, SEARCH”

This is the code that works in after rule and it executes the getObject successfully, however I need to map the toXml() provided so it updates the Link with new values.

<Source><![CDATA[
	

		
		
		import java.util.ArrayList;
		import java.util.HashMap;
		import java.util.LinkedHashMap;
		import java.util.List;
		import java.util.Map;
		
		import javax.xml.xpath.XPath;
		import javax.xml.xpath.XPathConstants;
		import javax.xml.xpath.XPathExpression;
		import javax.xml.xpath.XPathFactory;

		import sailpoint.object.Application;
		import sailpoint.object.ResourceObject;
		import sailpoint.connector.Connector;
		import sailpoint.connector.ConnectorFactory;

		import org.w3c.dom.Document;
		import org.w3c.dom.Node;
		import org.w3c.dom.NodeList;
		
		import sailpoint.tools.JsonHelper;


		import org.apache.logging.log4j.Logger;
		import org.apache.logging.log4j.LogManager;
		Logger clog = LogManager.getLogger("pm.rule.application.appname.AfterAddRemoveEntitlement");
		

		

		Application app = context.getObjectByName(Application.class, "appname");

        Connector connector = ConnectorFactory.getConnector(app, null);
        ResourceObject active = connector.getObject("account", "nativeId", null);
		clog.info("123AddRemove: " + active.toXml());
	
		
	]]></Source>

The NO_RANDOM_ACCESS feature flag tells SailPoint that the connector/application does not support direct/random lookup of individual objects by their native identity.

// When NO_RANDOM_ACCESS is set, SailPoint assumes you cannot do:
connector.getObject(“account”, nativeIdentity, null);

If the code works, that’s great, you can now update updates the Link with new values. Do mark the post as solution, as it helps other member in the community.

Thank you!

Where can I read more about featureFlags and NO_RANDOM_ACCESS specifically?

go through these links

“SCIM skip GetObject after disable”

“create-source-schema | SailPoint Developer Community”

Thanks @naveenkumar3!

I implemented the GetObject but I realized this is not the same as Single Account Aggregation. So navigating to Manage Access > Manage Accounts > Account > Refresh Account will trigger GetObject but not update the account. Apparently I need to instantiate some aggregator class and use it.

So two questions:

1. I wonder if you have some template code for this?
2. Can I place this aggregation logic inside GetObject or will it cause issues as GetObject is used by IIQ on account create.

Thanks

Hi Nino,

What are you trying to do?? if you want to call getobject and then update account endpoint?? or something else. If you can tell me the requirement clearly, I can assist better.