Saviynt Forums

sudheera · ‎09/05/2024

Hi,

For Rest application which is accepting Xml , access mapping is not working.

getting below response from API for account recon.

<?xml version="1.0" encoding="UTF-8"?>
<provisionUser>
<FailureCode>0</FailureCode>
<FailureMessage>Success</FailureMessage>
<ResponseData>
<Appusers>
<user>1050</user>
<approles>
<role>StandardParts-Viewer</role>
<role>FR LR</role>
</approles>
</Appusers>

<Appusers>
<user>rpdmm</user>
<approles>
<role>Confidential - Generator</role>
<role>Confidential - Steam</role>
</approles>
</Appusers>
</ResponseData>
</provisionUser>

Using below accountentimportjson:

{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"accountsNotInImportAction": "Suspend",
"inactivateAccountsNotInFile": false
},
"includeExistingInActiveAccounts":"true",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://@host/resources/POWER/IdmConnector,
"httpParams": "<provisionUser><operationName>getActiveUserListWithRoles</operationName></provisionUser>",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/xml"
},
"httpContentType": "application/xml",
"Accept": "application/xml",
"httpMethod": "POST"

},
"listField": "provisionUser.ResponseData.Appusers",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "user~#~char",
"name": "user~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
},
"makeProcessingStatus": false
}
},
"acctEntMappings": {
"Access-Role": {
"listPath": "provisionUser.ResponseData.Appusers.approles",
"idPath": "role",
"keyField": "entitlement_value"
}
}
},
"entitlementParams": {}
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}

Dhruv_S · ‎09/10/2024

Hi @sudheera

Could you please provide more information about the target application, have you referred the REST connector documentation and created the JSONs as per the postman calls. What is the error you are getting in the logs?

Regards,

Dhruv Sharma

sudheera · ‎09/10/2024

Hi,

Yes, it is working in postman. In saviynt also it had imported accounts but when running access import it is not mapping the account entitlements.

The entitlements are showing in a list in result. How to map comma seperated entitlements to the account.

"2024-09-10T10:09:38.138+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-3-gx5p7","ERROR","Invalid record not processed for Access-Role: [approles:[role:[StandardParts-Viewer, Viewer, Shared-Viewer, New Nuclear Business-Viewer]], user:208012036]"

"2024-09-10T10:09:38.138+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-3-gx5p7","ERROR","Exception in persistObjects :"

NM · ‎09/10/2024

@sudheera 2 things

1) remove the slash from entitlement type name just keep Access role

2)I don't see entitlement been imported did you create it manually?

And share your customproperty 31 once.

sudheera · ‎09/10/2024

Yes, I have manual entitlement import.

In result it is showing in list as below.

"2024-09-10T10:09:38.138+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-3-gx5p7","ERROR","Invalid record not processed for Access-Role: [approles:[role:[StandardParts-Viewer, Viewer, Shared-Viewer, New Nuclear Business-Viewer]], user:208012036]"

"2024-09-10T10:09:38.138+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-3-gx5p7","ERROR","Exception in persistObjects :"

NM · ‎09/10/2024

@sudheera try this

{

"accountParams": {

"connection": "acctAuth",

"processingType": "SequentialAndIterative",

"statusAndThresholdConfig": {

"accountsNotInImportAction": "Suspend",

"inactivateAccountsNotInFile": false

},

"includeExistingInActiveAccounts":"true",

"call": {

"call1": {

"callOrder": 0,

"stageNumber": 0,

"http": {

"url": "https://@host/resources/POWER/IdmConnector,

"httpParams": "<provisionUser><operationName>getActiveUserListWithRoles</operationName></provisionUser>",

"httpHeaders": {

"Authorization": "${access_token}",

"Content-Type": "application/xml"

},

"httpContentType": "application/xml",

"Accept": "application/xml",

"httpMethod": "POST"

},

"listField": "provisionUser.ResponseData.Appusers",

"keyField": "accountID",

"colsToPropsMap": {

"accountID": "user~#~char",

"name": "user~#~char",

"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"

},

"makeProcessingStatus": false

}

},

"acctEntMappings": {

"Access-Role": {

"listPath": "approles",

"idPath": "role",

"keyField": "entitlement_value"

}

},

"entitlementParams": {}

"acctEntParams": {

"processingType": "acctToEntMapping"

}

sudheera · ‎09/10/2024

it is showing same error as above.

How to map the comma separated entitlement list from result, for account.

NM · ‎09/10/2024

@sudheera Share cp31 and also share entitlement name

sudheera · ‎09/10/2024

cp31 is showing like below

and entitlements are as below:

NM · ‎09/10/2024

Hi @sudheera does the person have account on target end?

Check if cp31 is empty for all the accounts

sudheera · ‎09/10/2024

does the person have account on target end? --Yes

Check if cp31 is empty for all the accounts __yes , it is same for all accounts

rushikeshvartak · ‎09/10/2024

Please share postman screenshot and curl command [Refer https://codingnconcepts.com/postman/how-to-generate-curl-command-from-postman/ ]

⚠️‼️‼️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.‼️‼️⚠️

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

sudheera · ‎09/10/2024

curl --location 'https://removed.net/steamplminternal/resources/POWERPLMService/IdmConnectorService' \

--header 'Content-Type: application/xml' \

--header 'Authorization: ••••••' \

--header 'Cookie: JSESSIONID=7046******************11E7492; SERVERID=NONCAS.NONCAS2jvm; AWSALB=0y+********************DNfy2Bs5d/dFd; sma5Time=1725962844241' \

--data '<provisionUser>

<operationName>getActiveUserListWithRoles</operationName>

</provisionUser>'

Postman screenshot with result:

[This message has been edited by moderator to mask sensitive information]

rushikeshvartak · ‎09/10/2024

Use below Sample

"customproperty31": "#CONST#${String output1=response.userlist.groups.replaceAll('[\\[\\]]', '').replaceAll(', ', '\",\"'); beg= '{\"Group\":{\"entIds\":[\"'; end= '\"],\"keyField\":\"entitlementID\"}}'; output2= beg.concat(output1); finoutput= output2.concat(end); return finoutput}~#~char"

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

sudheera · ‎09/10/2024

I have updated as per the xml result:

"CUSTOMPROPERTY31": "#CONST#${String output1=provisionUser.ResponseData.Appusers.approles.role.replaceAll('[\\[\\]]', '').replaceAll(', ', '\",\"'); beg= '{\"Group\":{\"entIds\":[\"'; end= '\"],\"keyField\":\"entitlement_value\"}}'; output2= beg.concat(output1); finoutput= output2.concat(end); return finoutput}~#~char"

could you please check cp31 is in format? (shared postman result)

but got below error:

"ERROR","Invalid record not processed for Access-Role: [approles:[role:[SE LR, Confidential - Gas, Confidential - Steam, Change Coordinator, Confidential - Generator, GEMFAExcludeUser]], user:plmstq]"

"ERROR","Exception in persistObjects :"
"2024-09-10T14:27:10.506+00:00","ecm-worker","","null-2tjzr","","java.lang.NullPointerException: Cannot invoke method getAt() on null object

rushikeshvartak · ‎09/10/2024

#CONST#${String output1=provisionUser.ResponseData.Appusers.collect { it.approles.role }.flatten().collect { it.replaceAll('"', '\\"') }.join('","'); '{"Group":{"entIds":["'.concat(output1).concat('"],"keyField":"entitlement_value"}}')}

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

sudheera · ‎09/10/2024

Hi ,

Showing below error:

tried the given one and below also:

"#CONST#${String output1=provisionUser.ResponseData.Appusers.collect { it.approles.role }.flatten().collect { it.replaceAll('"', '\\"') }.join('","'); beg= '{"Group":{"entIds":["'.concat(output1).concat('"],"keyField":"entitlement_value"}}'); return beg}~#~char"

rushikeshvartak · ‎09/10/2024

Share full json

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

sudheera · ‎09/11/2024

Please find below:

{

"accountParams": {

"connection": "acctAuth",

"processingType": "SequentialAndIterative",

"statusAndThresholdConfig": {

"accountsNotInImportAction": "Suspend",

"inactivateAccountsNotInFile": false,

"accountThresholdValue": 1000

},

"includeExistingInActiveAccounts":"true",

"call": {

"call1": {

"callOrder": 0,

"stageNumber": 0,

"http": {

"url": "https://qa-hostresources/POWERPLmConnectorService",

"httpParams": "<provisionUser><operationName>getActiveUserListWithRoles</operationName></provisionUser>",

"httpHeaders": {

"Authorization": "${access_token}",

"Accept": "application/xml"

},

"httpContentType": "application/xml",

"httpMethod": "POST"

},

"listField": "provisionUser.ResponseData.Appusers",

"keyField": "accountID",

"colsToPropsMap": {

"accountID": "user~#~char",

"name": "user~#~char",

"CUSTOMPROPERTY31": "#CONST#${String output1=provisionUser.ResponseData.Appusers.collect { it.approles.role }.flatten().collect { it.replaceAll('"', '\\"') }.join('","'); beg= '{"Group":{"entIds":["'.concat(output1).concat('"],"keyField":"entitlement_value"}}'); return beg}~#~char"

}

},

"acctEntMappings": {

"Access-Role": {

"listPath": "approles",

"idPath": "role",

"keyField": "entitlement_value"

}

},

"entitlementParams": {

"processingType": "SequentialAndIterative",

"entTypes": {

"Access-Role": {

"entTypeOrder": 1,

"entTypeLabels": {},

"call": {

"call1": {

"connection": "acctAuth",

"callOrder": 0,

"stageNumber": 0,

"http": {

"httpHeaders": {

"Authorization": "${access_token}"

},

"url": "https://qa-host/resources/POWEe/IdmConnectorService",

"httpParams": "<provisionUser><operationName>getActiveUserListWithRoles</operationName></provisionUser>",

"httpContentType": "application/xml",

"httpMethod": "POST"

},

"listField": "provisionUser.ResponseData.Appusers",

"keyField": "entitlement_value",

"colsToPropsMap": {

"entitlement_Value": "role~#~char"

}

},

"acctEntParams": {

"processingType": "acctToEntMapping"

}

rushikeshvartak · ‎09/11/2024

{
  "accountParams": {
    "connection": "acctAuth",
    "processingType": "SequentialAndIterative",
    "statusAndThresholdConfig": {
      "accountsNotInImportAction": "Suspend",
      "inactivateAccountsNotInFile": false,
      "accountThresholdValue": 1000
    },
    "includeExistingInActiveAccounts": "true",
    "call": {
      "call1": {
        "callOrder": 0,
        "stageNumber": 0,
        "http": {
          "url": "https://qa-hostresources/POWERPLmConnectorService",
          "httpParams": "<provisionUser><operationName>getActiveUserListWithRoles</operationName></provisionUser>",
          "httpHeaders": {
            "Authorization": "${access_token}",
            "Accept": "application/xml"
          },
          "httpContentType": "application/xml",
          "httpMethod": "POST"
        },
        "listField": "provisionUser.ResponseData.Appusers",
        "keyField": "accountID",
        "colsToPropsMap": {
          "accountID": "user~#~char",
          "name": "user~#~char",
          "CUSTOMPROPERTY31": "#CONST#${String output1 = provisionUser.ResponseData.Appusers.collect { it.approles.role }.flatten().collect { it.replaceAll('\"', '\\\"') }.join('\",\"'); beg = '{\"Group\":{\"entIds\":[\"'.concat(output1).concat('\"]],\"keyField\":\"entitlement_value\"}}'); return beg;}~#~char"
        }
      }
    },
    "acctEntMappings": {
      "Access-Role": {
        "listPath": "approles",
        "idPath": "role",
        "keyField": "entitlement_value"
      }
    }
  },
  "entitlementParams": {
    "processingType": "SequentialAndIterative",
    "entTypes": {
      "Access-Role": {
        "entTypeOrder": 1,
        "entTypeLabels": {},
        "call": {
          "call1": {
            "connection": "acctAuth",
            "callOrder": 0,
            "stageNumber": 0,
            "http": {
              "httpHeaders": {
                "Authorization": "${access_token}"
              },
              "url": "https://qa-host/resources/POWEe/IdmConnectorService",
              "httpParams": "<provisionUser><operationName>getActiveUserListWithRoles</operationName></provisionUser>",
              "httpContentType": "application/xml",
              "httpMethod": "POST"
            },
            "listField": "provisionUser.ResponseData.Appusers",
            "keyField": "entitlement_value",
            "colsToPropsMap": {
              "entitlement_Value": "role~#~char"
            }
          }
        }
      }
    }
  },
  "acctEntParams": {
    "processingType": "acctToEntMapping"
  }
}

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

sudheera · ‎09/11/2024

it is showing same error, not mapping ent.

showing the below error for each user.

ERROR-Invalid record not processed for Access-Role: [approles:[role:[Confidential - Generator, Design Engineer, Special Attention Required, Change Coordinator, NX Designer, AutoCAD Designer, StandardParts-Viewer, Confidential - Steam, US LR]], user:pltta]

ERROR-Exception in persistObjects :

Saviynt Forums

access mapping is not working when getting response in XML