WebService connector rule add error

Hi, I am configuring one WebService connector first time in Sandbox environment. I am able to fetch accounts from target source using webservice connector in Sailpoint, but I am not able to create account. Could you please suggest if I am missing any steps.

Here are the steps I have completed:

  1. Sailpoint Webservice application configuration, test connection fine,

  2. Configure http operations - Test connection, Account Aggregation, Create Account

  3. Created two rules -
    “description”: “IDN_BeforeOperation_App_Rule_Add_and_Remove_Entitlement”,
    “type”: “WebServiceBeforeOperationRule”,

“description”: “IDN_AfterOperation_App_Rule_Add_and_Remove_Entitlement”,
“type”: “WebServiceAfterOperationRule”,

  1. I am trying to add rule as beforeProvisioningRule but I am getting below error.

This WebService Connector just require FirstName, LastName, Email and EmployeeId to create an account on target system.

Hi Himanshu,

It looks like you are trying to use an After Operation rule but your Postman body is trying to update the beforeProvisioningRule field. Assuming you are trying to use the After Operation rule on a Web Services connector, you will want to use this body where X is the sequenceNumberForEndpoint value for the operation you are trying to apply this rule to.

You can get this value by calling a GET on your source, look under /connectorAttributes/connectionParameters, find the operation you are trying to add this rule to, and copying the “sequenceNumberForEndpoint” value to replace X in the ‘path’ field of the below body.

[
  {
    "op" : "add",
    "path" : "/connectorAttributes/connectionParameters/X/afterRule",
    "value" : "Your After Operation Rule Name"
  }
]

Additionally, that error message seems to actually be caused by Content-Type in the header of your request not being correct. Ensure that the Content-Type value in your header is set to “application/json-patch+json”.

Please let me know if this helps fix your issue!

  • Zach
2 Likes

@zachm117 - hope you are doing good! I am still struggling to get my web service application working. I have attached exported version of my test webservice from test env. Could you please have a look on it and suggest me which info is missing.

I tried to attach rule but I don’t see beforeRule and afterRule in my exported service json file.

Actually as per my use case I just need to call one API URL - https://appconnect.com/external/api/rest/v2/users
method - post
body -

{
  "lastName": "get it from Sailpoint user profile",
  "firstName": "get it from Sailpoint user profile",
   "employeeId":"get it from Sailpoint user profile",
   "email": "get id from Sailpoint user profile",
   "role":"CUSTOMER"      
}

I am able to connect to application using webservice connect api and able to aggregation accounts. But not able to create account.

Others are welcome to provide their input here.
mytestWebService.json (36.4 KB)

@iamnithesh - Hi Nithesh, could you also please review my issue and suggest fix.

@hranjan3
Please share the “Create Account” configuration under “Accounts” tab as well as how are you populating the request body for the Create account API call

Hi

Have you already created the Provisioning Policy for Create operation?

POST /beta/sources/<source id>/provisioning-policies

    {
        "name": "MY_CREATE_PP",
        "description": null,
        "usageType": "CREATE",
        "fields": [
            {
                "name": "UserID",
                ...

Hi Nitesh,
Thanks for your response. Here is the screenshot from Create Account tab

please let me know if you need any further info.

@jrossicare Thanks for your response.

Here is the provisioning policy I have applied for my test webservice

{
    "name": "Account",
    "description": null,
    "usageType": "CREATE",
    "fields": [
        {
            "name": "MAIL",
            "transform": {
                "type": "identityAttribute",
                "attributes": {
                    "name": "email"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
		{
            "name": "MAIL",
            "transform": {
                "type": "identityAttribute",
                "attributes": {
                    "name": "userName"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "WORKFORCEID",
            "transform": {
                "type": "identityAttribute",
                "attributes": {
                    "name": "workforceId"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
		{
                "name": "employeeID",
                "transform": {
                    "type": "identityAttribute",
                    "attributes": {
                        "name": "workforceId"
                    }
                },
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
			{
                "name": "employeeNumber",
                "transform": {
                    "type": "identityAttribute",
                    "attributes": {
                        "name": "workforceId"
                    }
                },
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
			{
                "name": "givenName",
                "transform": {
                    "type": "identityAttribute",
                    "attributes": {
                        "name": "firstname"
                    }
                },
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
			{
                "name": "sn",
                "transform": {
                    "type": "identityAttribute",
                    "attributes": {
                        "name": "lastname"
                    }
                },
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
    ]
}

Could you please review it and let me know if anything need to change/add

looks OK.

in your Before Operation rule, you should be able to write out all your variables etc, so you can see in the CCG log what information you are passing (This isnt the full script, just a section. I have left out the imports and also setting logPrefix, which I just set to ‘source_name WSBO’ so I can find it easier when grepping the logs)

            if (provisioningPlan != null) {
                //This part is just info dump:
                for (int i = 0 ; i < this.variables.length ; i++) {
                   String varName = this.variables[i];
                   Object varValue = null;
                   try {
                      if ("transient".equals(varName))
                         varValue = "[reserved word]";
                      else
                         varValue = eval(varName);
                   } catch (Exception ex) {
                      varValue = "[eval exception]";
                   }
                   String varClass = "void";
                   
                   if ((void != varValue) && (null != varValue))
                      varClass = varValue.getClass().getSimpleName();

                   if (void == varValue)
                       log.error(logPrefix + "x " + varName + " = void");
                   else if (null == varValue)
                       log.error(logPrefix + "x " + varName + " = null");
                   else
                       log.error(logPrefix + "x " + varName + " (" + varClass + ") = " + varValue);
                }
...
                for (AccountRequest accReq : Util.iterate(provisioningPlan.getAccountRequests())) {
                    log.error(logPrefix + "AccountRequest Operation: " + accReq.getOperation().toString() );
                    for (ProvisioningPlan.AttributeRequest attReq : Util.iterate(accReq.getAttributeRequests())) {
                        log.error(logPrefix + "attReq: " + attReq.getName() + " => " + attReq.getValue() + " (" + attReq.getValue().getClass() + ")");

@jrossicare Thanks for your response. To attach before provisioning rule I am not able to see attribute beforeRule in my webservice. I have attached the exported version of my webservice in above communication. Could you please suggest on this.

Hi

  1. Upload your connector rule create-connector-rule | SailPoint Developer Community

  2. GET /v3/sources/<source ID> and look at connectorAttributes/connectionParameters part

  3. Attach your rule to the HTTP Operation that needs to use it. The number ‘xxx’ should be the connectionParameters array position number (as it is array, starting at zero). you could just get the sequenceNumberForEndpoint then subtract 1

PATCH /beta/sources/<sourceid>

[
    {
        "op": "add",
        "path": "/connectorAttributes/connectionParameters/xxx/beforeRule",
        "value": "My Source WSBO"
    }
]
1 Like

@jrossicare thanks for your response. I am successfully able to attached beforeRule to my webservice. I think now I am on last step i.e. to test create account but I found one issue. In my test webservice there is no entitlement and somewhere I read that there should be some entitlement to test webservice, so I added one more http operation for entitlement aggregation. When I did entitlement aggregation, in ccg log I saw one error:

"message":"No paging steps defined for endpoint ''Entitlement Aggregation'', terminating paging...",

I did some documentation read and found that I need to mention something in paging section, so I tried with this:

TERMINATE_IF $responseHeaders.link.next$ == NULL

$endpoint.fullUrl$ = $responseHeaders.link.next$

Now the error message is :

"message":"PAGING: Termination triggered! Unable to evaluate paging step: $endpoint.fullUrl$ = $responseHeaders.link.next$",

but still its not fixed.

Could you please suggest on this.

I tried one more option to add value in paging box:

$limit$ = 50
TERMINATE_IF $RECORDS_COUNT$ < $limit$
$offset$ = $offset$  + 1
$endpoint.fullUrl$ = $application.baseUrl$ + "/centers"
$request.PageIndex$ = $offset$

but its giving me below error:

"message":"PAGING: Termination triggered! Unable to evaluate paging step: $offset$ = $offset$  + 1",

"message":"==> Paging logic processing ended for endpoint ''Entitlement Aggregation''. Paging terminated: true",

here are few more update I have.

in ccg I see this message:

"message":"processEndpoint: Parsed 43 resource objects from response of endpoint: Entitlement Aggregation",

"message":"procesEndpoint: Attempting to process paging logic for endpoint: Entitlement Aggregation"

"message":"No paging steps defined for endpoint ''Entitlement Aggregation'', terminating paging..."

"message":"processEndpoint: Paging logic for endpoint 'Entitlement Aggregation' will terminate?: true"

{"exception":{"stacktrace":"java.lang.RuntimeException: Identity attribute [role] was not found.\n\tat

"message":"Error while RO transformation - Identity attribute [role] was not found.: {EntName=[]}"

Hi All, I am now able to do entitlement aggregation.

now I need to check Create Account test. I will update you if I find new issue.

Issue is fixed now. Thanks all for your help!

Hi @hranjan3 do you want to post the details of the actual solution, to help others with the same problem?

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.