Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

access mapping is not working when getting response in XML

sudheera
New Contributor
New Contributor

Hi, 

For Rest application which is accepting Xml , access mapping is not working.

getting below response from API for account recon.

<?xml version="1.0" encoding="UTF-8"?>
<provisionUser>
<FailureCode>0</FailureCode>
<FailureMessage>Success</FailureMessage>
<ResponseData>
<Appusers>
<user>1050</user>
<approles>
<role>StandardParts-Viewer</role>
<role>FR LR</role>
</approles>
</Appusers>

<Appusers>
<user>rpdmm</user>
<approles>
<role>Confidential - Generator</role>
<role>Confidential - Steam</role>
</approles>
</Appusers>
</ResponseData>
</provisionUser>

Using below accountentimportjson:

{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"accountsNotInImportAction": "Suspend",
"inactivateAccountsNotInFile": false
},
"includeExistingInActiveAccounts":"true",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://@host/resources/POWER/IdmConnector,
"httpParams": "<provisionUser><operationName>getActiveUserListWithRoles</operationName></provisionUser>",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/xml"
},
"httpContentType": "application/xml",
"Accept": "application/xml",
"httpMethod": "POST"

},
"listField": "provisionUser.ResponseData.Appusers",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "user~#~char",
"name": "user~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
},
"makeProcessingStatus": false
}
},
"acctEntMappings": {
"Access-Role": {
"listPath": "provisionUser.ResponseData.Appusers.approles",
"idPath": "role",
"keyField": "entitlement_value"
}
}
},
"entitlementParams": {}
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}

22 REPLIES 22

Dhruv_S
Saviynt Employee
Saviynt Employee

Hi @sudheera 

Could you please provide more information about the target application, have you referred the REST connector documentation and created the JSONs as per the postman calls. What is the error you are getting in the logs?

Regards,

Dhruv Sharma

Hi,

Yes, it is working in postman. In saviynt also it had imported accounts but when running access import it is not mapping the account entitlements.

The entitlements are showing in a list in result. How to map comma seperated entitlements to the account.

"2024-09-10T10:09:38.138+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-3-gx5p7","ERROR","Invalid record not processed for Access-Role: [approles:[role:[StandardParts-Viewer, Viewer, Shared-Viewer, New Nuclear Business-Viewer]], user:208012036]"

"2024-09-10T10:09:38.138+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-3-gx5p7","ERROR","Exception in persistObjects :"

NM
Esteemed Contributor
Esteemed Contributor

@sudheera 2 things 

1) remove the slash from entitlement type name just keep Access role

2)I don't see entitlement been imported did you create it manually?

And share your customproperty 31 once.


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

sudheera
New Contributor
New Contributor

Yes, I have manual entitlement import. 

In result it is showing in list as below.

"2024-09-10T10:09:38.138+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-3-gx5p7","ERROR","Invalid record not processed for Access-Role: [approles:[role:[StandardParts-Viewer, Viewer, Shared-Viewer, New Nuclear Business-Viewer]], user:208012036]"

"2024-09-10T10:09:38.138+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-3-gx5p7","ERROR","Exception in persistObjects :"

 

NM
Esteemed Contributor
Esteemed Contributor

@sudheera try this 

{

"accountParams": {

"connection": "acctAuth",

"processingType": "SequentialAndIterative",

"statusAndThresholdConfig": {

"accountsNotInImportAction": "Suspend",

"inactivateAccountsNotInFile": false

},

"includeExistingInActiveAccounts":"true",

"call": {

"call1": {

"callOrder": 0,

"stageNumber": 0,

"http": {

"url": "https://@host/resources/POWER/IdmConnector,

"httpParams": "<provisionUser><operationName>getActiveUserListWithRoles</operationName></provisionUser>",

"httpHeaders": {

"Authorization": "${access_token}",

"Content-Type": "application/xml"

},

"httpContentType": "application/xml",

"Accept": "application/xml",

"httpMethod": "POST"

 

},

"listField": "provisionUser.ResponseData.Appusers",

"keyField": "accountID",

"colsToPropsMap": {

"accountID": "user~#~char",

"name": "user~#~char",

"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"

},

"makeProcessingStatus": false

}

},

"acctEntMappings": {

"Access-Role": {

"listPath": "approles",

"idPath": "role",

"keyField": "entitlement_value"

}

}

},

"entitlementParams": {}

"acctEntParams": {

"processingType": "acctToEntMapping"

}

}


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

sudheera
New Contributor
New Contributor

it is showing same error as above.

How to map the comma separated entitlement list from result, for account.

NM
Esteemed Contributor
Esteemed Contributor

@sudheera Share cp31 and also share entitlement name


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

sudheera
New Contributor
New Contributor

cp31 is showing like below

sudheera_0-1725972507370.png

and entitlements are as below:

sudheera_1-1725973118628.png

 

NM
Esteemed Contributor
Esteemed Contributor

Hi @sudheera does the person have account on target end?

Check if cp31 is empty for all the accounts 


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

sudheera
New Contributor
New Contributor

does the person have account on target end? --Yes

Check if cp31 is empty for all the accounts  __yes , it is same for all accounts

Please share postman screenshot and curl command [Refer https://codingnconcepts.com/postman/how-to-generate-curl-command-from-postman/ ]



⚠️‼️‼️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.‼️‼️⚠️


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

--header 'Content-Type: application/xml' \
--header 'Authorization: ••••••' \
--header 'Cookie: JSESSIONID=7046******************11E7492; SERVERID=NONCAS.NONCAS2jvm; AWSALB=0y+********************DNfy2Bs5d/dFd; sma5Time=1725962844241' \
--data '<provisionUser>
    <operationName>getActiveUserListWithRoles</operationName>
</provisionUser>'
 
Postman screenshot with result:
sudheera_0-1725974434197.png

[This message has been edited by moderator to mask sensitive information]

Use below Sample

"customproperty31": "#CONST#${String output1=response.userlist.groups.replaceAll('[\\[\\]]', '').replaceAll(', ', '\",\"'); beg= '{\"Group\":{\"entIds\":[\"'; end= '\"],\"keyField\":\"entitlementID\"}}'; output2= beg.concat(output1); finoutput= output2.concat(end); return finoutput}~#~char"


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

I have updated as per the xml result:

  "CUSTOMPROPERTY31": "#CONST#${String output1=provisionUser.ResponseData.Appusers.approles.role.replaceAll('[\\[\\]]', '').replaceAll(', ', '\",\"'); beg= '{\"Group\":{\"entIds\":[\"'; end= '\"],\"keyField\":\"entitlement_value\"}}'; output2= beg.concat(output1); finoutput= output2.concat(end); return finoutput}~#~char"

could you please check cp31 is in format? (shared postman result)

but got below error:

"ERROR","Invalid record not processed for Access-Role: [approles:[role:[SE LR, Confidential - Gas, Confidential - Steam, Change Coordinator, Confidential - Generator, GEMFAExcludeUser]], user:plmstq]"

"ERROR","Exception in persistObjects :"
"2024-09-10T14:27:10.506+00:00","ecm-worker","","null-2tjzr","","java.lang.NullPointerException: Cannot invoke method getAt() on null object

#CONST#${String output1=provisionUser.ResponseData.Appusers.collect { it.approles.role }.flatten().collect { it.replaceAll('"', '\\"') }.join('","'); '{"Group":{"entIds":["'.concat(output1).concat('"],"keyField":"entitlement_value"}}')}


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi ,

Showing below error:

sudheera_0-1725984387530.png

tried the given one and below also: 

"#CONST#${String output1=provisionUser.ResponseData.Appusers.collect { it.approles.role }.flatten().collect { it.replaceAll('"', '\\"') }.join('","'); beg= '{"Group":{"entIds":["'.concat(output1).concat('"],"keyField":"entitlement_value"}}'); return beg}~#~char"

Share full json


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Please find below:

{
  "accountParams": {
    "connection": "acctAuth",
    "processingType": "SequentialAndIterative",
"statusAndThresholdConfig": { 
"accountsNotInImportAction": "Suspend", 
"inactivateAccountsNotInFile": false, 
"accountThresholdValue": 1000 
},
    "includeExistingInActiveAccounts":"true",
    "call": {
      "call1": {
        "callOrder": 0,
        "stageNumber": 0,
        "http": {
  "httpParams": "<provisionUser><operationName>getActiveUserListWithRoles</operationName></provisionUser>",
 
          "httpHeaders": {
            "Authorization": "${access_token}",
            "Accept": "application/xml"
          },
          "httpContentType": "application/xml",
          
  
    "httpMethod": "POST"
 
        },
        "listField": "provisionUser.ResponseData.Appusers",
        "keyField": "accountID",
        
        "colsToPropsMap": {
          "accountID": "user~#~char",
          "name": "user~#~char",
  "CUSTOMPROPERTY31": "#CONST#${String output1=provisionUser.ResponseData.Appusers.collect { it.approles.role }.flatten().collect { it.replaceAll('"', '\\"') }.join('","'); beg= '{"Group":{"entIds":["'.concat(output1).concat('"],"keyField":"entitlement_value"}}'); return beg}~#~char"
          
        }
        
      }
    },
"acctEntMappings": {
"Access-Role": {
"listPath": "approles",
"idPath": "role",
"keyField": "entitlement_value"
}
}
  },
  "entitlementParams": {
  "processingType": "SequentialAndIterative",
"entTypes": {
"Access-Role": {
"entTypeOrder": 1,
"entTypeLabels": {},
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpParams": "<provisionUser><operationName>getActiveUserListWithRoles</operationName></provisionUser>",
"httpContentType": "application/xml",
"httpMethod": "POST"
},
"listField": "provisionUser.ResponseData.Appusers",
"keyField": "entitlement_value",
"colsToPropsMap": {
 
"entitlement_Value": "role~#~char"
 
 
}
}
}
}
}
  },
  "acctEntParams": {
"processingType": "acctToEntMapping"
}
}

{
  "accountParams": {
    "connection": "acctAuth",
    "processingType": "SequentialAndIterative",
    "statusAndThresholdConfig": {
      "accountsNotInImportAction": "Suspend",
      "inactivateAccountsNotInFile": false,
      "accountThresholdValue": 1000
    },
    "includeExistingInActiveAccounts": "true",
    "call": {
      "call1": {
        "callOrder": 0,
        "stageNumber": 0,
        "http": {
          "url": "https://qa-hostresources/POWERPLmConnectorService",
          "httpParams": "<provisionUser><operationName>getActiveUserListWithRoles</operationName></provisionUser>",
          "httpHeaders": {
            "Authorization": "${access_token}",
            "Accept": "application/xml"
          },
          "httpContentType": "application/xml",
          "httpMethod": "POST"
        },
        "listField": "provisionUser.ResponseData.Appusers",
        "keyField": "accountID",
        "colsToPropsMap": {
          "accountID": "user~#~char",
          "name": "user~#~char",
          "CUSTOMPROPERTY31": "#CONST#${String output1 = provisionUser.ResponseData.Appusers.collect { it.approles.role }.flatten().collect { it.replaceAll('\"', '\\\"') }.join('\",\"'); beg = '{\"Group\":{\"entIds\":[\"'.concat(output1).concat('\"]],\"keyField\":\"entitlement_value\"}}'); return beg;}~#~char"
        }
      }
    },
    "acctEntMappings": {
      "Access-Role": {
        "listPath": "approles",
        "idPath": "role",
        "keyField": "entitlement_value"
      }
    }
  },
  "entitlementParams": {
    "processingType": "SequentialAndIterative",
    "entTypes": {
      "Access-Role": {
        "entTypeOrder": 1,
        "entTypeLabels": {},
        "call": {
          "call1": {
            "connection": "acctAuth",
            "callOrder": 0,
            "stageNumber": 0,
            "http": {
              "httpHeaders": {
                "Authorization": "${access_token}"
              },
              "url": "https://qa-host/resources/POWEe/IdmConnectorService",
              "httpParams": "<provisionUser><operationName>getActiveUserListWithRoles</operationName></provisionUser>",
              "httpContentType": "application/xml",
              "httpMethod": "POST"
            },
            "listField": "provisionUser.ResponseData.Appusers",
            "keyField": "entitlement_value",
            "colsToPropsMap": {
              "entitlement_Value": "role~#~char"
            }
          }
        }
      }
    }
  },
  "acctEntParams": {
    "processingType": "acctToEntMapping"
  }
}

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

it is showing same error, not mapping ent.

showing the below error for each user.

ERROR-Invalid record not processed for Access-Role: [approles:[role:[Confidential - Generator, Design Engineer, Special Attention Required, Change Coordinator, NX Designer, AutoCAD Designer, StandardParts-Viewer, Confidential - Steam, US LR]], user:pltta]

ERROR-Exception in persistObjects :

 

sudheera
New Contributor
New Contributor

please let me know if anyone has any solution for this.

Please raise support ticket with saviynt ops


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.