Hi All
I was trying to create Jira ticket through HTTP Post using workflow.
Surprisingly, it is not creating an issue if the body has some reserved characters like “CN=John\, Doe”
However, “Send Email” action is able to fetch all the details without any issue.
TIA,
Antony
you shouldn’t need to escape commas in a request body. Can you please provide more details? What does your HTTP action configuration look like. What is the error message you are receiving?
Thanks for responding, @colin_mckibben.
I am monitoring provisioning failures using workflows which includes creating an email alert and Jira ticket creation.
Issue is that Jira ticket is not being created when any {{attribute}} inside the request body gets value with characters like ''. So, if I try to get account name which contains '\" http request for Jira fails but send email.
Currently, I am creating Jira tickets with tracking number which can be leveraged by operations team to troubleshoot the provisioning failures but I am looking forward to include error details and account name in the Jira ticket.
Can you please provide the exact steps to reproduce this issue, along with the exact errors you are seeing?
For example, if my http post attribute {{$.loop.loopInput.accountId}} gets a value like CN=petson\, Antony,OU=Users,DC=corp,DC=com then there will be no Jira ticket created.
- There is no error being thrown, just that Jira ticket will not be created.
To reproduce this issue, please try adding a provisioning failures workflow and include http post to create with accountId in its description.
Thanks.
I’m not sure why your account has the backslash before the comma. That seems like bad input data that you might want to fix upstream in the AD source. Interestingly, trying to use the value you provided in a test payload caused some validation issues:
It is not identity name but accountId. Can you try updating accountId instead of that?
I just checked the account schema and found that dN is mapped as account ID and accountName is samaccountname.
Is there any best practice to choose accountId?
But surprisingly, send email is picking the id and sending email with complete details.
I suspect that IDN doesn’t have an issue with the dN being the account ID. However, the escaped comma (\,) in the example you provided is likely causing the issue in your HTTP request to Jira. Send email won’t have any problems since it interprets the accountId as text and can therefore ignore any character escaping, but the escaped comma is not valid json and is likely causing issues with your HTTP request to Jira. In fact, trying to validate a simple payload with an escaped comma results in this validation error:
{
"accountId": "CN=petson\, Antony,OU=Users,DC=corp,DC=com"
}
Error: Parse error on line 2: { "accountId": "CN=petson\, Antony, ----------------^ Expecting 'STRING', 'NUMBER', 'NULL', 'TRUE', 'FALSE', '{', '[', got 'undefined'
My recommendation is to track down any accountId that has an escaped comma and fix those accounts in the source.
1 Like
@colin_mckibben
After your response, I exhumed in the executions of the workflow I setup to create Jira Ticket.
I found that it has two backslashes not one \\.The one I shared earlier was copied from email alert.
Please use the below response to test.
"accountRequests":[{"accountId":"CN=Petson\\, Antony,OU=Users,DC=Corp,DC=com","accountOperation":"Delete","attributeRequests":[],"provisioningResult":"failed","provisioningTarget":"Active Directory","source":{"id":"12121212removed112112121","name":"Active Directory","type":"SOURCE"},"ticketId":null}],"action":"Cloud Automated Delete","errors":["Exception occurred while executing the RPCRequest: Errors returned from IQService. \"Error occurred while deleting the account DC=comThe directory service can perform the requested operation only on a leaf object. 00002015: UpdErr: DSID-031A123C, problem 6003 (CANT_ON_NON_LEAF), data 0 . HRESULT:[0x80072015]\""]
Thanks,
Antony.
Interesting. It’s like there is a double escape happing here. Active directory has a \, to escape the comma in the accountId, and then another backslash is being introduced to escape the first backslash. This is probably being introduced by IDN since the JSON spec requires backslashes to be escaped. The error message seems to indicate something else is going on.
Error occurred while deleting the account DC=comThe directory service can perform the requested operation only on a leaf object.
I’d look into that error more closely.
Hi Colin
Error is related to AD object with certain properties set on source.
I am just wondering if you have found something to grab the account id details to update on Jira through rest API.
Thanks.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.