WebService Connector Issue

I am facing issue with calling plan attributes.
$plan.nativeIdentity$ works fine.
But lets say I have to do PUT call on remove entitlement and I have to update some attribute which are there in account shema but it is not getting called and will get 400 bad request. If I hard code the values then it works fine. I believe plan is not able to fetch those attributes, verified from logs as well.

I am passing this kind of body in http operation.

{
  "loginName" : "$plan.loginName$",
  "userName": "$plan.userName$",
  "email": "$plan.email$",
  "role": {
       "id": 1234,
        "name": "Test"
     }
}

URL : baseUrl\contextUrl\$plan.nativeIdentity$

Can anyone please suggest, what I am missing?

Hi Amrit,

Which operation in the WebService connector are you using to do this call?
By default the provisioning plan only includes the attributes that need an update/change. So if you do an entitlement remove operation email, userName, etc will not be included in the plan.

@Amrit1897 Validate your schema attributes are correct.

Like if you are using $plan.loginName$ make sure your account schema have the same name “loginName”.

Also you are missing a comma , in id

Try below

{
    "loginName": "$plan.loginName$",
    "userName": "$plan.userName$",
    "email": "$plan.email$",
    "role": {
        "id": 1234,
        "name": "Test"
    }
}

But I need those for remove entitlement.
Is there any other way possible?

Yes, schema name is same
Comma missing in id is missed while writing this post, which I have edited now.

@Amrit1897 Ok my bad, you can only get the requested attribute from the plan.

For e.g. in this case you are trying to remove the entitlement, so you will only get which role is getting removed and the nativeIdentity in the plan not others.

For Create Operation you are getting all the required values from Create Profile and they are there in the provisioning plan.

Since you are not passing all the value it is giving you the 400 bad request.

You can use a beforeOperation rule to set your request body with required attributes.

Please check below documentation examples are given:
Web Services Before Operation Rule (sailpoint.com)

IdentityNow Rule Guide - Web Services Before Operation Rule - Compass (sailpoint.com)

Web Services Before Operation Rule | SailPoint Developer Community

Hope this will help!

There is another way to do this that I outlined here that would not require a rule: Add/Remove Entitlement operation $plan placeholder issues - #2 by patrickboston

3 Likes

@patrickboston Liked the way you suggested.

Parent endPoint - First get the account details and map those in response mapping
Child endPoint - Get the values from Parent response and pass it to body.

@Amrit1897 This is up to you whichever way suitable your requirement.

maybe, in a web services before operation rule, you could grab the required attribute value(s) and insert them into the plan to make them available with $plan. notation.

@patrickboston, Thanks for the suggestion. It works…

@patrickboston or anyone, I have this requirement for other use case, where I have two disable operation first operation fetches id from a endpoint, fetched id is used in 2nd disable operation which calls different endpoint.

Basically, my ask is can we call the 2nd disable operation only if ID is found from first operation? Is it possible without before operation rule?
Currently if id is not found from first operation then it gives Disable Account Failure which I don’t want.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.