Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Calling a custom JAR from REST Connector

nikhil
New Contributor III
New Contributor III

‎09/28/2023 08:59 AM - edited ‎09/28/2023 09:04 AM

Hi,

We're working on integrating a REST based application which has SCIM APIs and we've been able to successfully establish a connection and complete the following use cases:

Create Account, Revoke Account

Partially working fine - Add access (Grant Access) and Remove access (Revoke Access)

However, application APIs are built in such a way that they expect the entire payload (including all entitlements the user already has + what is being granted [for GRANT access] / all the entitlements user already has - what is being removed [for REVOKE access]). 

For this we have created a custom JAR and are able to perform the required operations as a standalone app. The JAR is also imported in Saviynt. 

We need to understand how to invoke the custom JAR using the REST connector, i.e. the syntax that Saviynt would expect in JSON which can trigger the JAR and get the response back from the JAR to complete the operation.

We tried using the below JSON similar to what is provided in the AS400 documentation, however, it does not work.

{
"fullyQualifiedClassName": "com.abc.abcCRUDOperations",
"methodName": "revokeEntitlements",
"arguments": {
"key1": "${entitlementValue.customproperty5}",
"key2": "${entitlementValue.customproperty6}",
"key3": "${entitlementValue.customproperty7}",
"key4": "${entitlementValue.customproperty8}",
"key5": "${entitlementValue.customproperty2}",
"key6": "${entitlementValue.customproperty3}",
"key7": "${entitlementValue.customproperty4}",
"key8": "${response.call1.message.records}" , <This would come from the call1 response message>
}
}

Labels:
0 Kudos
3 REPLIES 3

nimitdave
Saviynt Employee
Saviynt Employee

‎09/28/2023 10:51 PM

@nikhil , EIC does not support invocation of custom jar from any ootb connector. 

However for your use case , if you have an API that will give existing entitlement for an account then you can use below to send the entitlements with add access one added:

${if(response.'Group1'.message.entitlements?.size()>0){ArrayList finalArr = new ArrayList(); ArrayList arr = response.'Group1'.message.entitlements; arr.eachWithIndex{ val, idx -> Map tempMap = new HashMap(); tempMap.put('value', val.value); tempBuilder = new groovy.json.JsonBuilder(tempMap); finalArr.add(tempBuilder.toString()); }; Map map = new HashMap(); map.put('value',entitlementValue.entitlementID); builder = new groovy.json.JsonBuilder(map); finalArr.add(builder.toString()); return finalArr;}else{ArrayList finalArr = new ArrayList(); Map map = new HashMap(); map.put('value',entitlementValue.entitlementID); builder = new groovy.json.JsonBuilder(map); finalArr.add(builder.toString()); return finalArr;}}

Below is a sample:

{
"call": [
{
"name": "Group",
"connection": "acctAuth",
"url": "https://abc.com/scim/v2/Users/${account.accountID}",
"httpMethod": "GET",
"httpContentType": "application/json",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
}
},
{
"name": "Group",
"connection": "acctAuth",
"url": "https://abc.com/scim/v2/Users/${account.accountID}",
"httpMethod": "PUT",
"httpContentType": "application/json",
"httpParams": "{ \"schemas\":[ \"urn:ietf:params:scim:schemas:core:2.0:User\",\"urn:ietf:params:scim:schemas:extension:cogniloreuser:2.0:User\" ], \"Active\":\"true\", \"userName\":\"${user.customproperty31}\",\"id\":\"${account.accountID}\",\"DisplayName\":\"${user.username}\",\"externalId\": \"${user.username}\",\"name\": { \"formatted\": \"${user.displayname}\",\"familyName\": \"${user.lastname}\",\"givenName\": \"${user.firstname}\"},\"emails\": [{\"Primary\": true,\"type\": \"work\",\"value\": \"${user.email}\"},{\"Primary\": false,\"type\": \"home\",\"value\": \"test@xyz.com\"}],\"phoneNumbers\": [{\"Primary\": true,\"type\": \"work\",\"value\": \"999-999-6666\"},{\"Primary\": false,\"type\": \"home\",\"value\": \"999-999-2222\"}], \"addresses\": [{\"Primary\": true,\"type\": \"work\",\"streetAddress\": \"Street Name \"}],\"entitlements\" : ${if(response.'Group1'.message.entitlements?.size()>0){ArrayList finalArr = new ArrayList(); ArrayList arr = response.'Group1'.message.entitlements; arr.eachWithIndex{ val, idx -> Map tempMap = new HashMap(); tempMap.put('value', val.value); tempBuilder = new groovy.json.JsonBuilder(tempMap); finalArr.add(tempBuilder.toString()); }; Map map = new HashMap(); map.put('value',entitlementValue.entitlementID); builder = new groovy.json.JsonBuilder(map); finalArr.add(builder.toString()); return finalArr;}else{ArrayList finalArr = new ArrayList(); Map map = new HashMap(); map.put('value',entitlementValue.entitlementID); builder = new groovy.json.JsonBuilder(map); finalArr.add(builder.toString()); return finalArr;}},\"urn:ietf:params:scim:schemas:extension:cogniloreuser:2.0:User\": {\"userEmail\": \"${user.email}\", \"userID\": \"${user.username}\",\"userFullName\": \"${user.displayname}\",\"employeeType\": \"${requestAccessAttributes.get('Usertype')}\", \"userLocation\": \"${requestAccessAttributes.get('Location')}\",\"userManager\": \"${user.customproperty16}\"}}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"successResponses": {
"statusCode": [
200,
201,
204
],
"status": "Success"
},
"unsuccessResponses": {
"statusCode": [
302,
400,
403,
401,
404,
409,
500,
501
]
}
}
]

0 Kudos

nikhil
New Contributor III
New Contributor III
In response to nimitdave

‎09/28/2023 11:25 PM

@nimitdave Thanks for your quick response. Appreciate it!

However, the application doesn't have any entitlement specific APIs. They have certain User Profile Attributes which we are bringing within Saviynt as entitlement.  

If we cannot invoke a custom JAR from OOTB connector, then can you please let us know what object within Saviynt can we use for a user's account that would give us all entitlements the account is tagged within Saviynt. We can then add/remove the required entitlement based on the request from that object and finally pass the entire payload to the application APIs. 

Following this approach, we wouldn't require to build a custom JAR. We will also not require to go to the application to get the entire payload. It'll enable us to do whatever needs done within Saviynt itself using that object before finally passing it as an input for the REST call.

Any documentation, Javadoc you can point me towards would be greatly appreciated!

0 Kudos

nimitdave
Saviynt Employee
Saviynt Employee

‎10/03/2023 10:39 AM

@nikhil Pls try this :

${com.saviynt.ecm.identitywarehouse.domain.Account_entitlements1.findAllByAccountkey(account).collect{it.entitlement_valuekey}}

0 Kudos
Copyright © 2024 Khoros, LLC