Hi,
we have a workflow in place which randomly sends the value as {{$.hTTPRequest6.body.value[0].id}} instead of the actual value. It is happening on random basis.
Thanks,
Chandra Mohan S
It sends this string when no value is found for this placeholder. If there is such a possibility then you should catch it using “Verify Datatype” operator to check if value exists and make a decision
1 Like
Thanks @iamnithesh for your reply.
Actually this happening in a Loop where I’m trying to set owner for an SPN. We have hard coded application name and using HTTP call to get a SPN ID for that application. we are sending 2 owners, where as 1 owner is getting processed correctly and other getting failed with because of placeholder.
@chandramohan27 Can you share the workflow? Depending on how you are using the loop, that could be causing the issue. If you have steps after the loop aside from an End Step, they may not function as you intended.
@iamnithesh is correct with Verifying the data type is not blank first. I ran into this issue with a Define Variable as documented here: Workflow - Define Variable: Blank/missing value outputs the JSON variable path
The current workaround for that is to check if it is null, then handle that case separately.
@gmilunich Thanks for your reply.
I have attached the workflow loop action where we are facing problem in HTTP Request 4 URL : “url”: "https://graph.microsoft.us/v1.0/servicePrincipals/{{$.hTTPRequest6.body.value[0].id}}
Instead of actual value, It just uses the placeholder variable, hence ending in error. The placeholder value is SPN ID which is fetched from HTTP Request 6. I tried with different user and with same workflow with no changes it works fine and able to get the SPN ID.
Workflow LOOP Method:
"actionId": "sp:loop:iterator",
"attributes": {
"context.$": "$.defineVariable1.appObjectID_AppOwner",
"input.$": "$.trigger.spnOwners",
"start": "Define Variable 2",
"steps": {
"Compare Numbers 2": {
"choiceList": [
{
"comparator": "NumericEquals",
"nextStep": "End Step - Success",
"variableA.$": "$.hTTPRequest4.statusCode",
"variableB": 204
}
],
"defaultStep": "End Step - Failure 1",
"displayName": "Compare Numbers2: Validate owner set or not",
"type": "choice"
},
"Define Variable 2": {
"attributes": {
"id": "sp:define-variable",
"variables": [
{
"description": "Thomson Reuters Banner Image",
"name": "TRBanner",
"transforms": [],
"variableA": ""
},
{
"description": "get Index of delimited '/'",
"name": "getIndex",
"transforms": [
{
"id": "sp:transform:getIndex:int",
"input": {
"pattern": "/"
}
}
],
"variableA.$": "$.loop.context"
}
]
},
"displayName": "Define Variable2: Store TR Banner",
"nextStep": "Define Variable 3",
"type": "Mutation"
},
"Define Variable 3": {
"attributes": {
"id": "sp:define-variable",
"variables": [
{
"description": "get appOwner Email from the concat string",
"name": "appowneremail",
"transforms": [
{
"id": "sp:transform:substring:string",
"input": {
"length.$": "$.defineVariable2.getIndex",
"start": 0
}
}
],
"variableA.$": "$.loop.context"
}
]
},
"displayName": "Define Variable3: Store app owner email",
"nextStep": "Define Variable 4",
"type": "Mutation"
},
"Define Variable 4": {
"attributes": {
"id": "sp:define-variable",
"variables": [
{
"description": "get application object ID from concat string",
"name": "appobjectid",
"transforms": [
{
"id": "sp:transform:replace:string",
"input": {
"pattern.$": "$.defineVariable3.appowneremail",
"replacement": ""
}
},
{
"id": "sp:transform:replace:string",
"input": {
"pattern": "/",
"replacement": ""
}
},
{
"id": "sp:transform:replace:string",
"input": {
"pattern": ";",
"replacement": ""
}
},
{
"id": "sp:transform:trim:string",
"input": {
"postfix": true,
"prefix": true
}
}
],
"variableA.$": "$.loop.context"
}
]
},
"displayName": "Define Variable4 : store application object Id",
"nextStep": "HTTP Request 7",
"type": "Mutation"
},
"End Step - Failure 1": {
"displayName": "",
"failureName": "Failed",
"type": "failure"
},
"End Step - Success": {
"displayName": "",
"type": "success"
},
"End Step - Success 2": {
"displayName": "",
"type": "success"
},
"HTTP Request 2": {
"actionId": "sp:http",
"attributes": {
"authenticationType": "OAuth",
"jsonRequestBody": null,
"method": "get",
"oAuthClientId": "[redacted]",
"oAuthClientSecret": "",
"oAuthCredentialLocation": "oAuthInBody",
"oAuthScope": "",
"oAuthTokenUrl": "https://tenant.api.saas.sailpointfedramp.com/oauth/token",
"requestContentType": "json",
"url": "https://tenant.api.saas.sailpointfedramp.com/beta/identities",
"urlParams": {
"filters": "email eq \"{{$.loop.loopInput.spnownerEmail}}\""
}
},
"description": "HTTP call to query sailpoint to find identity id of the spn owner.",
"displayName": "Step: API call to fetch owner in ISC",
"nextStep": "Verify Data Type",
"type": "action",
"versionNumber": 2
},
"HTTP Request 3": {
"actionId": "sp:http",
"attributes": {
"authenticationType": "OAuth",
"jsonRequestBody": null,
"method": "get",
"oAuthClientId": "[redacted]",
"oAuthClientSecret": "",
"oAuthCredentialLocation": "oAuthInBody",
"oAuthScope": "",
"oAuthTokenUrl": "https://tenant.api.saas.sailpointfedramp.com/oauth/token",
"requestContentType": "json",
"url": "https://tenant.api.saas.sailpointfedramp.com/beta/accounts",
"urlParams": {
"filters": "identityId eq \"{{$.hTTPRequest2.body[0].id}}\" and sourceId eq \"e9e3a53a99594580ac7b65527cb36b46\""
}
},
"description": "HTTP call to query sailpoint to find identity id of the spn owner.",
"displayName": "Step: Fetch owner F account id",
"nextStep": "Verify Data Type 1",
"type": "action",
"versionNumber": 2
},
"HTTP Request 4": {
"actionId": "sp:http",
"attributes": {
"authenticationType": "OAuth",
"jsonRequestBody": {
"@odata.id": "https://graph.microsoft.us/v1.0/directoryObjects/{{$.hTTPRequest3.body[0].attributes.objectId}}"
},
"method": "post",
"oAuthClientId": "[redacted]",
"oAuthClientSecret": "",
"oAuthCredentialLocation": "oAuthInBody",
"oAuthScope": "https://graph.microsoft.us/.default",
"oAuthTokenUrl": "https://login.microsoftonline.us/[redacted]/oauth2/v2.0/token",
"requestContentType": "json",
"url": "https://graph.microsoft.us/v1.0/servicePrincipals/{{$.hTTPRequest6.body.value[0].id}}/owners/$ref",
"urlParams": null
},
"description": "Step to call API to get SPN details",
"displayName": "HTTP Request4: Update SPN owner",
"nextStep": "Compare Numbers 2",
"type": "action",
"versionNumber": 2
},
"HTTP Request 6": {
"actionId": "sp:http",
"attributes": {
"authenticationType": "OAuth",
"jsonRequestBody": null,
"method": "get",
"oAuthClientId": "[redacted]",
"oAuthClientSecret": "",
"oAuthCredentialLocation": "oAuthInBody",
"oAuthScope": "https://graph.microsoft.us/.default",
"oAuthTokenUrl": "https://login.microsoftonline.us/[redacted]/oauth2/v2.0/token",
"requestContentType": "json",
"url": "https://graph.microsoft.us/v1.0/servicePrincipals/",
"urlParams": {
"$filter": "appId eq '{{$.hTTPRequest7.body.appId}}'"
}
},
"description": "Step to call API to get SPN details",
"displayName": "HTTP Request6: Get SPN details using appID",
"nextStep": "HTTP Request 2",
"type": "action",
"versionNumber": 2
},
"HTTP Request 7": {
"actionId": "sp:http",
"attributes": {
"authenticationType": "OAuth",
"jsonRequestBody.$": "",
"method": "get",
"oAuthClientId": "[redacted]",
"oAuthClientSecret": "",
"oAuthCredentialLocation": "oAuthInBody",
"oAuthScope": "https://graph.microsoft.us/.default",
"oAuthTokenUrl": "https://login.microsoftonline.us/[redacted]/oauth2/v2.0/token",
"requestContentType": "json",
"url": "https://graph.microsoft.us/v1.0/applications/{{$.defineVariable4.appobjectid}}",
"urlParams": null
},
"description": "Step to call API to get Application details",
"displayName": "HTTP Request7: Get Application details using object ID",
"nextStep": "HTTP Request 6",
"type": "action",
"versionNumber": 2
},
"Send Email 2": {
"actionId": "sp:send-email",
"attributes": {
"body": "{{$.defineVariable2.tRBanner}}<p style=\"font-size: 10pt; font-family: 'clario';\">Hi Team,<br><br>This is to inform you that the owner <b>{{$.loop.loopInput.spnownerEmail}}</b> could not be set for the ServicePrincipal created for application: <b>{{$.hTTPRequest7.body.displayName}}</b> due to any of the following reasons:<br> \n<ul style=\"font-size: 10pt; font-family: 'clario';\">\n<li>The SPN owner identity does not exist in SailPoint ISC.</li>\n<li>The SPN owner's FedRAMP Entra account does not exist in SailPoint ISC.</li>\n</ul</p>\n<p style=\"font-size: 10pt; font-family: 'clario';\">Below are the details:\n<ul style=\"font-size: 10pt; font-family: 'clario';\">\n<li>Service Principal ID: {{$.hTTPRequest6.body.value[0].id}}</li>\n<li>Application ID: {{$.hTTPRequest7.body.appId}}</li>\n<li>Application Object ID: {{$.loop.context}}</li></ul></p>\n<p style=\"font-size: 10pt; font-family: 'clario';\">Please reach out to TR FedRAMP Access Manager team for further action.</p>\n<p style=\"font-size: 10pt; font-family: 'clario';\">Thank you,<br>The TR FedRAMP Access Manager Team</p>",
"context": {},
"recipientEmailList": [
"[redacted]",
"[redacted]"
],
"replyTo": null,
"subject": "TR FedRAMP ServicePrincipal Owner Update Failed: {{$.hTTPRequest1.body.id}}"
},
"description": "Email to notify application owner identity does not exist or azure fedramp entra id account does not exist in SailPoint ISC.",
"displayName": "Step: Send CC Email for owner/F account not found",
"nextStep": "End Step - Success 2",
"type": "action",
"versionNumber": 2
},
"Send Email 7": {
"actionId": "sp:send-email",
"attributes": {
"body": "{{$.defineVariable2.tRBanner}}<p style=\"font-size: 10pt; font-family: 'clario';\">Dear Application Owner,<br><br>This is to inform you that the owner <b>{{$.loop.loopInput.spnownerEmail}}</b> could not be set for the ServicePrincipal created for application: <b>{{$.hTTPRequest7.body.displayName}}</b> due to any of the following reasons:<br> \n<ul style=\"font-size: 10pt; font-family: 'clario';\">\n<li>The SPN owner identity does not exist in SailPoint ISC.</li>\n<li>The SPN owner's FedRAMP Entra account does not exist in SailPoint ISC.</li>\n</ul</p>\n<p style=\"font-size: 10pt; font-family: 'clario';\">Below are the details:\n<ul style=\"font-size: 10pt; font-family: 'clario';\">\n<li>Service Principal ID: {{$.hTTPRequest6.body.value[0].id}}</li>\n<li>Application ID: {{$.hTTPRequest7.body.appId}}</li>\n<li>Application Object ID: {{$.loop.context}}</li></ul></p>\n<p style=\"font-size: 10pt; font-family: 'clario';\">Please reach out to TR FedRAMP Access Manager team for further action.</p>\n<p style=\"font-size: 10pt; font-family: 'clario';\">Thank you,<br>The TR FedRAMP Access Manager Team</p>",
"context": {},
"recipientEmailList.$": "$.defineVariable3.appowneremail",
"subject": "TR FedRAMP ServicePrincipal Owner Update Failed: {{$.hTTPRequest1.body.id}}"
},
"description": "Email to notify application owner identity does not exist or azure fedramp entra id account does not exist in SailPoint ISC.",
"displayName": "Step: Send Email for owner/F account not found",
"nextStep": "Send Email 2",
"type": "action",
"versionNumber": 2
},
"Verify Data Type": {
"choiceList": [
{
"comparator": "IsPresent",
"nextStep": "HTTP Request 3",
"variableA.$": "$.hTTPRequest2.body[0].id"
}
],
"defaultStep": "Send Email 7",
"description": "Step to validate if the identity id is found in SailPoint ISC or not.",
"displayName": "Step: Owner found in ISC or not",
"type": "choice"
},
"Verify Data Type 1": {
"choiceList": [
{
"comparator": "IsPresent",
"nextStep": "HTTP Request 4",
"variableA.$": "$.hTTPRequest3.body[0].attributes.objectId"
}
],
"defaultStep": "Send Email 7",
"description": "Step to validate if the identity has FedRAMP Azure account present in SailPoint ISC or not.",
"displayName": "Step: Validate F account id found or not",
"type": "choice"
}
}
},
"displayName": "",
"nextStep": "End Step - Success 1",
"type": "action",
"versionNumber": 1
}```You can verify if that JSONpath would actually resolve to a value by checking the workflow json output of that execution. If HTTP Request 6 doesn’t contain a value that would resolve with that JSONpath, then you hav e your answer.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.