WebService Connector Not creating a cube

I have run into an issue where the webservices connector is no longer creating new cubes. When I look into the CCG.log and the Aggregation logs everything appears normal. The logs state that the cube was created but when looking at the accounts tab on the source no new accounts have been add and when searching cubes not cube exist in IdN. I been working with the support team and have not really gotten anywhere in figuring out why this is happening.

I am looking for other ways I could look into troubleshooting this issue and get it resolved. Any ideas on where to start looking?

Hi @mpotti , can you please share what you meant by “cube” like are you referring “identity cube” or it is something else?
Also, did you see accounts aggregating from your webservice source into IDN?

Yes the identity cube. Yes when I look in the CCG logs I am able to find the users in question. But when I look in the ui not account or cube was created. No error messages.

Here is some more information I got from support:

• SecZettaCorrelation threw with message The application script threw an exception: java.lang.IllegalStateException: ‘ssn’, cannot be used for searching because its not searchable. BSF info: SecZettaCorrelation at line: 0 column: columnNo\

Rule below

import sailpoint.rule.Identity;
Map returnMap = new HashMap();

String email = (account.getStringAttribute("professional_email") != null) ? account.getStringAttribute("professional_email") : "email missing";
String ssn = account.getStringAttribute("last_4_ssn_ne_attribute");
String firstName = account.getStringAttribute("personal_first_name");
String lastName = account.getStringAttribute("personal_last_name");

List identities = idn.findIdentitiesBySearchableIdentityAttribute("email","Equals",email,"email");

if (identities != null && identities.size() == 1) {
  returnMap.put( "identityAttributeName", "email");
  returnMap.put( "identityAttributeValue", email );
} else {
  List identities = idn.findIdentitiesBySearchableIdentityAttribute("ssn","Equals",ssn,"ssn");
  if (identities != null && identities.size() > 0) {
    for (Identity identity : identities) {
      if (identity.getFirstName().equals(firstName) && identity.getLastName().equals(lastName))
        returnMap.put("identityAttributeName","identificationNumber");
        returnMap.put("identityAttributeValue",identity.getEmployeeNumber());
    }
  }
}
return returnMap;

Here is another common thing they found:

all threw an exception: com.sailpoint.seaspray.template.TemplateException: Error rendering template: $mail
    at com.sailpoint.seaspray.template.velocity.VelocityTemplateEngine.evaluate(VelocityTemplateEngine.java:69)
    at com.sailpoint.seaspray.transform.StaticTransform.apply(StaticTransform.java:53)
    at com.sailpoint.mantis.core.service.TransformService.transform(TransformService.java:127)
    at com.sailpoint.mantis.core.service.TransformService.transform(TransformService.java:107)
    at com.sailpoint.mantis.platform.service.FieldTransformResolverService.evaluateFieldTransform(FieldTransformResolverService.java:42)
    at sailpoint.provisioning.TemplateLibrary.cloudFieldTransform(TemplateLibrary.java:43)

Not sure what this one means.

This might seem like a silly question, but have you checked the identity profile to make sure that there are no exceptions listed there? This might give you some insight into why the account is being aggregated, but not generating the identity cube.

I did look into that and non of the users in question are in the report.

Thanks @mpotti for sharing more details.

The error message “java.lang.IllegalStateException: ‘ssn’, cannot be used for searching because its not searchable” tells your identity attribute “ssn” is not defined as searchable.
Also, the IDN Rule Utility documentation also points out the same - Using IDNRuleUtil as a Wrapper for Common Rule Operations | SailPoint Developer Community,

image933×294 9.13 KB

Now, to verify that your identity attribute “ssn” is searchable or not, you can hit the following cc api -

Endpoint: https://{{tenant}}.api.identitynow.com/cc/api/identityAttribute/list
Method: GET
Headers: Bearer Token

and in the api response, search for your identity attribute “ssn” and verify if “searchable” key is set to true/false.

If it is set to false, then you can use the following cc api to update it to make it searchable -

Endpoint: https://{{tenant}}.api.identitynow.com/cc/api/identityAttribute/update?name=ssn
Method: POST
Headers: Bearer Token
Body: <copy the json from previous GET api for your identity attribute "ssn", paste it here and set searchable key to 'true'>

Also, as @WyssAJ01 mentioned, it’s worth checking the Identity Profile for errors/exceptions, as it gives more insight to the issue.

Please let us know if this helps you get one step further.

Thank you everyone for helping point me into the right direction. The issue was because an old rule was being applied on the source attribute “accountCorrelationRule” I updated it to match Prod. We are again creating accounts for this source.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.