and more in a single search tool across platforms. Read the announcement here. |
03/29/2023 07:18 AM
Hello,
I have no done a account to entitlement mapping before so having issues with this. The application does not have a API endpoint to get all roles and does not have an endpoint to view all users with their roles. The only way to get their roles is by viewing each user separately.
Here is a sample response. The role is under profiles.roles.
{
"principal": "psc:user:xxx:xxx",
"expires": null,
"revoked": false,
"roles": null,
"version": 1,
"profiles": [
{
"profile_uuid": "UUID",
"orgs": {
"allow": [
"psc:org:xxx"
]
},
"roles": [
"psc:role:xxx:BUILD_TEAM_-_OPERATIONS"
],
"conditions": null,
"can_manage": false
}
],
"org_ref": "psc:org:xxx",
"principal_name": "email+build@email.com",
"create_time": "2022-03-24T17:24:56.698Z",
"update_time": "2022-03-24T17:24:56.698Z",
"can_manage": false
}
Here is my ImportAccountEntJSON:
{
"accountParams": {
"connection": "acctAuth",
"createUsers": false,
"adminName": "admin",
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200
]
},
"doNotChangeIfFailed": true,
"statusAndThresholdConfig": {
"accountsNotInImportAction": "Suspend",
"accountThresholdValue": 1000
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://HOSTNAME/appservices/v6/orgs/xxx/users/",
"httpContentType": "application/json",
"httpMethod": "GET",
"httpHeaders": {
"X-Auth-Token": "xxx/xxx"
}
},
"listField": "users",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "login_id~#~char",
"name": "email~#~char",
"displayname": "login_name~#~char",
"customproperty4": "login_name~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
}
},
"acctEntParams": {
"connection": "acctAuth",
"processingType": "httpAcctToEnt",
"successResponses": {
"statusCode": [
200
]
},
"doNotChangeIfFailed": true,
"entTypes": {
"Roles": {
"entTypeOrder": 0,
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://HOSTNAME/access/v2/orgs/xxx/grants/psc:user:xxx:${id}",
"httpContentType": "application/json",
"httpMethod": "GET",
"httpHeaders": {
"X-Auth-Token": "xxx/xxx"
}
},
"listField": "profiles",
"keyField": "entitlementID",
"colsToPropsMap": {
"entIdPath": "roles",
"entKeyField": "entitlementID",
"acctKeyField": "accountID"
},
"disableDeletedEntitlements": true
}
}
}
}
}
}
The error message that I see in the logs:
2023-03-29 13:56:31,885 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService - pullObjectsByRest - objectList.size : 1
2023-03-29 13:56:31,886 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService - Inside importAccessFull:persistEntObjects, pptTypeSep : ~#~
2023-03-29 13:56:31,887 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService - Exception in persistObjects :
java.lang.NullPointerException
at com.saviynt.provisoning.rest.RestProvisioningService.persistEntObjects(RestProvisioningService.groovy:4929)
at com.saviynt.provisoning.rest.RestProvisioningService.processEntitlementByPagination(RestProvisioningService.groovy:942)
at com.saviynt.provisoning.rest.RestProvisioningService.processEntitlementByEntFilterAndNoFilter(RestProvisioningService.groovy:820)
at com.saviynt.provisoning.rest.RestProvisioningService$_processEntitlementsFinal_closure6_closure77.doCall(RestProvisioningService.groovy:676)
at com.saviynt.provisoning.rest.RestProvisioningService$_processEntitlementsFinal_closure6.doCall(RestProvisioningService.groovy:672)
at com.saviynt.provisoning.rest.RestProvisioningService.processEntitlementsFinal(RestProvisioningService.groovy:671)
at com.saviynt.provisoning.rest.RestProvisioningService.processAccessFullBySequentialAndIterative(RestProvisioningService.groovy:629)
at com.saviynt.provisoning.rest.RestProvisioningService.importAccessFullBySequentialAndIterativeWithoutEntFilter(RestProvisioningService.groovy:506)
at com.saviynt.provisoning.rest.RestProvisioningService.importAccessFullBySequentialAndIterative(RestProvisioningService.groovy:281)
at com.saviynt.provisoning.rest.RestProvisioningService.importAccessFull(RestProvisioningService.groovy:167)
at com.saviynt.provisoning.rest.RestProvisioningService.doImport(RestProvisioningService.groovy:141)
at com.saviynt.ecm.integration.ExternalConnectionCallService.invokeExternalMethod(ExternalConnectionCallService.groovy:187)
at ApplicationDataImportJob.execute(ApplicationDataImportJob.groovy:206)
at org.quartz.core.JobRunShell.run(JobRunShell.java:199)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)
2023-03-29 13:56:31,887 [quartzScheduler_Worker-24] ERROR rest.RestProvisioningService - Exception in persistObjects :
java.lang.NullPointerException
at com.saviynt.provisoning.rest.RestProvisioningService.persistEntObjects(RestProvisioningService.groovy:4929)
at com.saviynt.provisoning.rest.RestProvisioningService.processEntitlementByPagination(RestProvisioningService.groovy:942)
at com.saviynt.provisoning.rest.RestProvisioningService.processEntitlementByEntFilterAndNoFilter(RestProvisioningService.groovy:820)
at com.saviynt.provisoning.rest.RestProvisioningService$_processEntitlementsFinal_closure6_closure77.doCall(RestProvisioningService.groovy:676)
at com.saviynt.provisoning.rest.RestProvisioningService$_processEntitlementsFinal_closure6.doCall(RestProvisioningService.groovy:672)
at com.saviynt.provisoning.rest.RestProvisioningService.processEntitlementsFinal(RestProvisioningService.groovy:671)
at com.saviynt.provisoning.rest.RestProvisioningService.processAccessFullBySequentialAndIterative(RestProvisioningService.groovy:629)
at com.saviynt.provisoning.rest.RestProvisioningService.importAccessFullBySequentialAndIterativeWithoutEntFilter(RestProvisioningService.groovy:506)
at com.saviynt.provisoning.rest.RestProvisioningService.importAccessFullBySequentialAndIterative(RestProvisioningService.groovy:281)
at com.saviynt.provisoning.rest.RestProvisioningService.importAccessFull(RestProvisioningService.groovy:167)
at com.saviynt.provisoning.rest.RestProvisioningService.doImport(RestProvisioningService.groovy:141)
at com.saviynt.ecm.integration.ExternalConnectionCallService.invokeExternalMethod(ExternalConnectionCallService.groovy:187)
at ApplicationDataImportJob.execute(ApplicationDataImportJob.groovy:206)
at org.quartz.core.JobRunShell.run(JobRunShell.java:199)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)
2023-03-29 13:56:31,890 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService - secondaryEntTypeImportConfig: null
2023-03-29 13:56:31,890 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService - Inside disableEntitlementValues - entTypes to be disabled : Roles
2023-03-29 13:56:31,892 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService - calling buildEntitlementMappings..
2023-03-29 13:56:31,892 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService - Inside RestProvisioiningService.buildEntitlementMappings
2023-03-29 13:56:31,912 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService - called fetchEntitlementTypesFromEntMappingParams..entTypesMap = [Roles:2986]
2023-03-29 13:56:31,912 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService - calling processAccountEntitlementParams - memento.entTypesSet : [2986]
2023-03-29 13:56:31,912 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService - Inside processAccountEntitlementParams*****
2023-03-29 13:56:31,913 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService - inside processAccountEntitlementsByHttpAcctToEnt
2023-03-29 13:56:31,953 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService - Exception in processAccountEntitlementsByHttpAcctToEnt:
org.springframework.orm.hibernate3.HibernateQueryException: could not resolve property: null of: com.saviynt.ecm.identitywarehouse.domain.Entitlement_values [select new Map(ev.null as null,ev.id as id) from com.saviynt.ecm.identitywarehouse.domain.Entitlement_values ev where ev.entitlementtypekey.id=2986 and ev.status = 1]; nested exception is org.hibernate.QueryException: could not resolve property: null of: com.saviynt.ecm.identitywarehouse.domain.Entitlement_values [select new Map(ev.null as null,ev.id as id) from com.saviynt.ecm.identitywarehouse.domain.Entitlement_values ev where ev.entitlementtypekey.id=2986 and ev.status = 1]
at com.saviynt.provisoning.rest.RestProvisioningService.populateEntitlementMapByConfig(RestProvisioningService.groovy:5929)
at com.saviynt.provisoning.rest.RestProvisioningService.processAccountEntitlementsByHttpAcctToEnt(RestProvisioningService.groovy:7054)
at com.saviynt.provisoning.rest.RestProvisioningService$_processAccountEntitlementParams_closure37_closure96.doCall(RestProvisioningService.groovy:6184)
at com.saviynt.provisoning.rest.RestProvisioningService$_processAccountEntitlementParams_closure37.doCall(RestProvisioningService.groovy:6170)
at com.saviynt.provisoning.rest.RestProvisioningService.processAccountEntitlementParams(RestProvisioningService.groovy:6169)
at com.saviynt.provisoning.rest.RestProvisioningService.importAccessFullBySequentialAndIterative(RestProvisioningService.groovy:299)
at com.saviynt.provisoning.rest.RestProvisioningService.importAccessFull(RestProvisioningService.groovy:167)
at com.saviynt.provisoning.rest.RestProvisioningService.doImport(RestProvisioningService.groovy:141)
at com.saviynt.ecm.integration.ExternalConnectionCallService.invokeExternalMethod(ExternalConnectionCallService.groovy:187)
at ApplicationDataImportJob.execute(ApplicationDataImportJob.groovy:206)
at org.quartz.core.JobRunShell.run(JobRunShell.java:199)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)
Caused by: org.hibernate.QueryException: could not resolve property: null of: com.saviynt.ecm.identitywarehouse.domain.Entitlement_values [select new Map(ev.null as null,ev.id as id) from com.saviynt.ecm.identitywarehouse.domain.Entitlement_values ev where ev.entitlementtypekey.id=2986 and ev.status = 1]
... 12 more
The account import is working fine but having issues with the access import. Any help would be appreciated.
03/29/2023 09:08 AM
Can you confirm if you were able to successfully import Accounts and entitlements and if its an issue only with the mapping.
03/29/2023 09:12 AM
Hi Sahil,
I'm able to import accounts but not entitlements.
Question, do I need the entitlementParams attribute? This application doesn't have an API endpoint to list all roles. So what I was thinking is keeping that part out and using httpAccToEnt in the acctEntParams to list the roles while it iterates through all the users. I think that is my issue.
03/29/2023 09:39 AM
Can you try with the below JSON once and confirm. We have added "importAsEntitlement": true under acctEntMappings. As you run the Account import job, the entitlements assigned to the users should also be imported.
{
"accountParams": {
"connection": "acctAuth",
"createUsers": false,
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://HOSTNAME/appservices/v6/orgs/xxx/users/",
"httpContentType": "application/json",
"httpMethod": "GET",
"httpHeaders": {
"X-Auth-Token": "xxx/xxx"
}
},
"listField": "",
"keyField": "",
"colsToPropsMap": {}
}
},
"acctEntMappings": {
"Roles": {
"listPath": "",
"idPath": "",
"keyField": "",
"importAsEntitlement": true
}
}
},
"entitlementParams": {
},
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}
03/29/2023 10:13 AM
This will not work because that API call will not get roles assigned to the user. That API call will only get account information.
I was able to finally get an API endpoint to get all roles. That is now working. Now the issue is that I'm getting the ACCKEY but not the ENTVALKEY, it is coming as null.
2023-03-29 17:08:16,116 [quartzScheduler_Worker-30] DEBUG rest.RestProvisioningService - pullObjectsByRest - responseStatusCode ::200
2023-03-29 17:08:16,117 [quartzScheduler_Worker-30] DEBUG rest.RestProvisioningService - Entered getResponseHeaders method
2023-03-29 17:08:16,117 [quartzScheduler_Worker-30] DEBUG rest.RestProvisioningService - responseError : null
2023-03-29 17:08:16,117 [quartzScheduler_Worker-30] DEBUG rest.RestProvisioningService - isAuthError: false
2023-03-29 17:08:16,117 [quartzScheduler_Worker-30] DEBUG rest.RestProvisioningService - pullObjectsByRest - responseMap.size : 13
2023-03-29 17:08:16,117 [quartzScheduler_Worker-30] DEBUG rest.RestProvisioningService - pullObjectsByRest - objectList.size : 1
2023-03-29 17:08:16,118 [quartzScheduler_Worker-30] DEBUG rest.RestProvisioningService - inside processAccountEntitlements
2023-03-29 17:08:16,118 [quartzScheduler_Worker-30] DEBUG rest.RestProvisioningService - ACCKEY:3017729;ENTVALKEY:null
2023-03-29 17:08:16,216 [quartzScheduler_Worker-30] DEBUG rest.RestProvisioningService - Inside pullObjectsByRest
New JSON:
{
"accountParams": {
"connection": "acctAuth",
"createUsers": false,
"adminName": "admin",
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200
]
},
"doNotChangeIfFailed": true,
"statusAndThresholdConfig": {
"accountsNotInImportAction": "Suspend",
"accountThresholdValue": 1000
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://hostname/appservices/v6/orgs/7DMF65PR/users/",
"httpContentType": "application/json",
"httpMethod": "GET",
"httpHeaders": {
"X-Auth-Token": "xxx/xxx"
}
},
"listField": "users",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "login_id~#~char",
"name": "email~#~char",
"displayname": "login_name~#~char",
"customproperty4": "login_name~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
}
},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"Roles": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://hostname/access/v3/orgs/7DMF65PR/principals/xxx/roles/permitted?type=USER",
"httpHeaders": {
"X-Auth-Token": "xxx/xxx"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "results.7DMF65PR",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "urn~#~char",
"entitlement_value": "urn~#~char",
"displayname": "name~#~char"
},
"disableDeletedEntitlements": true
}
}
}
}
},
"acctEntParams": {
"connection": "acctAuth",
"entTypes": {
"Roles": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"processingType": "httpAcctToEnt",
"http": {
"url": "https://hostname/access/v2/orgs/7DMF65PR/grants/psc:user:7DMF65PR:${id}",
"httpContentType": "application/json",
"httpMethod": "GET",
"httpHeaders": {
"X-Auth-Token": "xxx/xxx"
}
},
"listField": "profiles",
"keyField": "entitlementID",
"colsToPropsMap": {
"entIdPath": "roles",
"entKeyField": "entitlementID",
"acctKeyField": "accountID"
}
}
}
}
}
}
}
I'm now able to import accounts, import entitlements, but it is not mapping the entitlements to the users.
03/29/2023 10:22 AM
Can you share the sample response of the API call that displays the information of Users and entitlements.
03/29/2023 10:30 AM
Account import (lists all users, does not allow viewing roles):
{
"message": "Success",
"success": true,
"users": [
{
"org_key": "7DMF65PR",
"org_id": 35622,
"login_id": 109805,
"login_name": "jdoe+build@domain.com",
"email": "jdoe+build@domain.com",
"first_name": "John",
"last_name": "Doe",
"phone": "",
"auth_method": "PASSWORD",
"admin_login_version": 108,
"org_admin_version": 0,
"role": "DEPRECATED",
"contact_id": 9963213,
"contact_version": 0
},
...
Entitlement Import (one user at a time):
{
"principal": "psc:user:7DMF65PR:109929",
"expires": null,
"revoked": false,
"roles": null,
"version": 1,
"profiles": [
{
"profile_uuid": "e8bd7eb3-c640-4c46-9171-5fe6afbaf90d",
"orgs": {
"allow": [
"psc:org:7DMF65PR"
]
},
"roles": [
"psc:role:7DMF65PR:BUILD_TEAM_-_OPERATIONS"
],
"conditions": null,
"can_manage": false
}
],
"org_ref": "psc:org:7DMF65PR",
"principal_name": "jdoe+build@domain.com",
"created_by": "psc:cnn:RN4LFYNE:CKPTFDU94V",
"updated_by": "psc:cnn:RN4LFYNE:CKPTFDU94V",
"create_time": "2022-03-24T17:24:56.698Z",
"update_time": "2022-03-24T17:24:56.698Z",
"can_manage": false
}
03/29/2023 10:41 AM
The acctEntParams will depend on how the target application provides a response for the mapping.
Below is a link to REST connector guide. You can search for Processing Types section in order to identify the json format to be used in your case.
https://docs.saviyntcloud.com/bundle/REST-v23x/page/Content/Developers-Handbook.htm
03/29/2023 10:53 AM
Sahil,
That is what I did and found that I need to use httpAcctToEnt. My issue now is that while it's iterating through all the user's the logs show the below:
DEBUG rest.RestProvisioningService - ACCKEY:3017729;ENTVALKEY:null
It's successfully making a call for each account but why is ENTVALKEY null?
03/29/2023 11:13 AM
in the log file can you search for Got Webservice API Response and share the thread following it until the ENTVALKEY:null message.
03/29/2023 11:22 AM
I don't see that. Is this what you're asking for?
2023-03-29 18:16:32,466 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - pullObjectsByRest - responseStatusCode ::200
2023-03-29 18:16:32,467 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - Entered getResponseHeaders method
2023-03-29 18:16:32,467 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - responseError : null
2023-03-29 18:16:32,467 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - isAuthError: false
2023-03-29 18:16:32,467 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - pullObjectsByRest - responseMap.size : 1
2023-03-29 18:16:32,467 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - pullObjectsByRest - objectList.size : 33
2023-03-29 18:16:32,467 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - Inside importAccessFull:persistEntObjects, pptTypeSep : ~#~
2023-03-29 18:16:32,506 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - secondaryEntTypeImportConfig: null
2023-03-29 18:16:32,508 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - Inside disableEntitlementValues - entTypes to be disabled : Roles
2023-03-29 18:16:32,510 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - calling buildEntitlementMappings..
2023-03-29 18:16:32,510 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - Inside RestProvisioiningService.buildEntitlementMappings
2023-03-29 18:16:32,513 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - called fetchEntitlementTypesFromEntMappingParams..entTypesMap = [Roles:2986]
2023-03-29 18:16:32,514 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - calling processAccountEntitlementParams - memento.entTypesSet : [2986]
2023-03-29 18:16:32,514 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - Inside processAccountEntitlementParams*****
2023-03-29 18:16:32,514 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - Inside processAccountEntitlementParamsByCallTypes..
2023-03-29 18:16:32,514 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - Currently Processing account entitlements for entitlement type: Roles
2023-03-29 18:16:32,516 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - processingType: httpAcctToEnt
2023-03-29 18:16:32,516 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - inside processAccountEntitlementsCallByHttpAcctToEnt
2023-03-29 18:16:32,613 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - Inside pullObjectsByRest
2023-03-29 18:16:32,613 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService -
2023-03-29 18:16:32,613 [quartzScheduler_Worker-2] DEBUG services.HttpClientUtilityService - isFipsEnabled = false
2023-03-29 18:16:32,613 [quartzScheduler_Worker-2] DEBUG services.HttpClientUtilityService - getHttpClient - sslParams : null
2023-03-29 18:16:32,613 [quartzScheduler_Worker-2] DEBUG services.HttpClientUtilityService - getHttpClient - proxyParams : null
2023-03-29 18:16:32,613 [quartzScheduler_Worker-2] DEBUG services.HttpClientUtilityService - getHttpClient - sslSocketFactory : null
2023-03-29 18:16:32,617 [quartzScheduler_Worker-2] DEBUG services.HttpClientUtilityService - getHttpClient - HttpClientBuilder.create().build() called.
2023-03-29 18:16:32,971 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService -
2023-03-29 18:16:32,971 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - pullObjectsByRest - responseStatusCode ::200
2023-03-29 18:16:32,972 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - Entered getResponseHeaders method
2023-03-29 18:16:32,972 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - responseError : null
2023-03-29 18:16:32,972 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - isAuthError: false
2023-03-29 18:16:32,972 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - pullObjectsByRest - responseMap.size : 13
2023-03-29 18:16:32,972 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - pullObjectsByRest - objectList.size : 1
2023-03-29 18:16:32,972 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - inside processAccountEntitlements
2023-03-29 18:16:32,972 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - ACCKEY:3017703;ENTVALKEY:null
2023-03-29 18:16:33,066 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - Inside pullObjectsByRest
2023-03-29 18:16:33,066 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService -
2023-03-29 18:16:33,066 [quartzScheduler_Worker-2] DEBUG services.HttpClientUtilityService - isFipsEnabled = false
2023-03-29 18:16:33,066 [quartzScheduler_Worker-2] DEBUG services.HttpClientUtilityService - getHttpClient - sslParams : null
2023-03-29 18:16:33,066 [quartzScheduler_Worker-2] DEBUG services.HttpClientUtilityService - getHttpClient - proxyParams : null
2023-03-29 18:16:33,066 [quartzScheduler_Worker-2] DEBUG services.HttpClientUtilityService - getHttpClient - sslSocketFactory : null
2023-03-29 18:16:33,070 [quartzScheduler_Worker-2] DEBUG services.HttpClientUtilityService - getHttpClient - HttpClientBuilder.create().build() called.
2023-03-29 18:16:33,486 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService -
2023-03-29 18:16:33,486 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - pullObjectsByRest - responseStatusCode ::200
2023-03-29 18:16:33,487 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - Entered getResponseHeaders method
2023-03-29 18:16:33,487 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - responseError : null
2023-03-29 18:16:33,487 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - isAuthError: false
2023-03-29 18:16:33,487 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - pullObjectsByRest - responseMap.size : 13
2023-03-29 18:16:33,487 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - pullObjectsByRest - objectList.size : 1
2023-03-29 18:16:33,487 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - inside processAccountEntitlements
2023-03-29 18:16:33,487 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - ACCKEY:3017732;ENTVALKEY:null
2023-03-29 18:16:33,586 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - Inside pullObjectsByRest
2023-03-29 18:16:33,586 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService -
03/29/2023 11:34 AM
It appears the additional logging config is not added in the Connection. Can you update ConfigJSON param in the REST connection with value {"showLogs":true}
03/29/2023 03:06 PM
Ah nice much better logging thank you.
2023-03-29 22:01:35,508 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - Got Webservice API Response: [headers:[Date: Wed, 29 Mar 2023 22:01:35 GMT, Content-Type: application/json, Content-Length: 540, Connection: keep-alive, Cache-Control: no-cache, no-store, max-age=0, must-revalidate, Expires: 0, Pragma: no-cache, X-Content-Type-Options: nosniff, X-Frame-Options: DENY, X-Xss-Protection: 1; mode=block], responseText:{"principal":"psc:user:7DMF65PR:109952","expires":null,"revoked":false,"roles":null,"version":1,"profiles":[{"profile_uuid":"539c2a31-b772-44f3-9675-33e23bb8c120","orgs":{"allow":["psc:org:7DMF65PR"]},"roles":["psc:role:7DMF65PR:REDTEAM"],"conditions":null,"can_manage":false}],"org_ref":"psc:org:7DMF65PR","principal_name":"jdoe+build@domain.com","created_by":"psc:cnn:RN4LFYNE:CKPTFDU94V","updated_by":"psc:cnn:RN4LFYNE:CKPTFDU94V","create_time":"2022-03-24T18:40:40.813Z","update_time":"2022-03-24T18:40:40.813Z","can_manage":false}, cookies:[], statusCode:200]
2023-03-29 22:01:35,508 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - pullObjectsByRest - responseStatusCode ::200
2023-03-29 22:01:35,509 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - Entered getResponseHeaders method
2023-03-29 22:01:35,509 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - responseError : null
2023-03-29 22:01:35,510 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - isAuthError: false
2023-03-29 22:01:35,510 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - pullObjectsByRest - responseMap.size : 13
2023-03-29 22:01:35,510 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - pullObjectsByRest - objectList.size : 1
2023-03-29 22:01:35,510 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - inside processAccountEntitlements
2023-03-29 22:01:35,510 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - ACCKEY:3017703;ENTVALKEY:null
2023-03-29 22:01:35,641 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - Inside pullObjectsByRest
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG rest.RestUtilService - Got showLogs = true
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - Calling Webservice Url - https://hostname/access/v2/orgs/7DMF65PR/grants/psc:user:7DMF65PR:135128 with httpParams - null
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG services.HttpClientUtilityService - isFipsEnabled = false
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG services.HttpClientUtilityService - getHttpClient - sslParams : null
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG services.HttpClientUtilityService - getHttpClient - proxyParams : null
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG services.HttpClientUtilityService - getHttpClient - sslSocketFactory : null
2023-03-29 22:01:35,646 [quartzScheduler_Worker-14] DEBUG services.HttpClientUtilityService - getHttpClient - HttpClientBuilder.create().build() called.
03/30/2023 11:14 AM
Hi Sahil,
Any update on this?
03/30/2023 12:23 PM
In the response you shared, can you confirm which field holds the value for Entitlement and AccountId
{ "principal": "psc:user:7DMF65PR:109929", "expires": null, "revoked": false, "roles": null, "version": 1, "profiles": [ { "profile_uuid": "e8bd7eb3-c640-4c46-9171-5fe6afbaf90d", "orgs": { "allow": [ "psc:org:7DMF65PR" ] }, "roles": [ "psc:role:7DMF65PR:BUILD_TEAM_-_OPERATIONS" ], "conditions": null, "can_manage": false } ], "org_ref": "psc:org:7DMF65PR", "principal_name": "jdoe+build@domain.com", "created_by": "psc:cnn:RN4LFYNE:CKPTFDU94V", "updated_by": "psc:cnn:RN4LFYNE:CKPTFDU94V", "create_time": "2022-03-24T17:24:56.698Z", "update_time": "2022-03-24T17:24:56.698Z", "can_manage": false }
03/30/2023 01:55 PM
The accountID is principal_name
The entitlement_value is profiles.roles
04/04/2023 08:56 AM
Can you try with the below in
"listField": "",
"entIdPath": "profiles",
"entKeyField": "entitlementID",
"acctIdPath": "principal_name",
"acctKeyField": "accountID"
04/05/2023 09:46 AM - edited 04/05/2023 10:09 AM
Still experiencing the same issue. I see in the logs, the response body shows that role is under profiles.roles, but the ENTVALKEY is still null
04/05/2023 10:56 AM
In that scenario can you try with entIdPath as profiles.roles
"entIdPath": "profiles.roles",
04/05/2023 11:06 AM
Yes sorry I tried that as well. It is getting the account key so it's seeing the acctIdPath, but for the role, ENTVALKEY is null.
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"listField": "",
"entIdPath": "profiles.roles",
"entKeyField": "entitlementID",
"acctIdPath": "principal_name",
"acctKeyField": "displayname"
}
You can see in the response here it's under profiles.role "psc:role:7DMF65PR:REDTEAM", but "ACCKEY:3017703;ENTVALKEY:null"
2023-03-29 22:01:35,508 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - Got Webservice API Response: [headers:[Date: Wed, 29 Mar 2023 22:01:35 GMT, Content-Type: application/json, Content-Length: 540, Connection: keep-alive, Cache-Control: no-cache, no-store, max-age=0, must-revalidate, Expires: 0, Pragma: no-cache, X-Content-Type-Options: nosniff, X-Frame-Options: DENY, X-Xss-Protection: 1; mode=block], responseText:{"principal":"psc:user:7DMF65PR:109952","expires":null,"revoked":false,"roles":null,"version":1,"profiles":[{"profile_uuid":"539c2a31-b772-44f3-9675-33e23bb8c120","orgs":{"allow":["psc:org:7DMF65PR"]},"roles":["psc:role:7DMF65PR:REDTEAM"],"conditions":null,"can_manage":false}],"org_ref":"psc:org:7DMF65PR","principal_name":"jdoe+build@domain.com","created_by":"psc:cnn:RN4LFYNE:CKPTFDU94V","updated_by":"psc:cnn:RN4LFYNE:CKPTFDU94V","create_time":"2022-03-24T18:40:40.813Z","update_time":"2022-03-24T18:40:40.813Z","can_manage":false}, cookies:[], statusCode:200]
2023-03-29 22:01:35,508 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - pullObjectsByRest - responseStatusCode ::200
2023-03-29 22:01:35,509 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - Entered getResponseHeaders method
2023-03-29 22:01:35,509 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - responseError : null
2023-03-29 22:01:35,510 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - isAuthError: false
2023-03-29 22:01:35,510 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - pullObjectsByRest - responseMap.size : 13
2023-03-29 22:01:35,510 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - pullObjectsByRest - objectList.size : 1
2023-03-29 22:01:35,510 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - inside processAccountEntitlements
2023-03-29 22:01:35,510 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - ACCKEY:3017703;ENTVALKEY:null
2023-03-29 22:01:35,641 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - Inside pullObjectsByRest
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG rest.RestUtilService - Got showLogs = true
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - Calling Webservice Url - https://hostname/access/v2/orgs/7DMF65PR/grants/psc:user:7DMF65PR:135128 with httpParams - null
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG services.HttpClientUtilityService - isFipsEnabled = false
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG services.HttpClientUtilityService - getHttpClient - sslParams : null
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG services.HttpClientUtilityService - getHttpClient - proxyParams : null
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG services.HttpClientUtilityService - getHttpClient - sslSocketFactory : null
2023-03-29 22:01:35,646 [quartzScheduler_Worker-14] DEBUG services.HttpClientUtilityService - getHttpClient - HttpClientBuilder.create().build() called.
04/06/2023 08:38 AM
I just checked this and it looks like "entIdPath": "profiles[0].roles", should be able to resolve the issue.
04/06/2023 09:53 AM
Hi Sahil,
I have tried profiles[0].roles, profiles[0].roles[0], and profiles.roles[0], none of these seem to work. Any other ideas?
04/12/2023 01:48 PM
I would recommend creating a ticket with support team to check this further.
06/01/2023 10:50 AM
Hi guys,
Did you guys ever resolve this issue? I seem to be having the same problem
thanks
06/01/2023 11:36 AM
Hi @JoshuaLawrence ,
I believe for my case the issue for this is that it's not a key value pair. So the only way I am able to get around this is by using a middleware application that I will call that will give me a key value pair; not a value within an array.