Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Error with httpAccToEnt for access import

ZA
New Contributor III
New Contributor III

‎03/29/2023 07:18 AM

Hello,

I have no done a account to entitlement mapping before so having issues with this. The application does not have a API endpoint to get all roles and does not have an endpoint to view all users with their roles. The only way to get their roles is by viewing each user separately.

Here is a sample response. The role is under profiles.roles.

{
	"principal": "psc:user:xxx:xxx",
	"expires": null,
	"revoked": false,
	"roles": null,
	"version": 1,
	"profiles": [
		{
			"profile_uuid": "UUID",
			"orgs": {
				"allow": [
					"psc:org:xxx"
				]
			},
			"roles": [
				"psc:role:xxx:BUILD_TEAM_-_OPERATIONS"
			],
			"conditions": null,
			"can_manage": false
		}
	],
	"org_ref": "psc:org:xxx",
	"principal_name": "email+build@email.com",
	"create_time": "2022-03-24T17:24:56.698Z",
	"update_time": "2022-03-24T17:24:56.698Z",
	"can_manage": false
}

 

Here is my ImportAccountEntJSON:

{
  "accountParams": {
    "connection": "acctAuth",
    "createUsers": false,
    "adminName": "admin",
    "processingType": "SequentialAndIterative",
    "successResponses": {
      "statusCode": [
        200
      ]
    },
    "doNotChangeIfFailed": true,
    "statusAndThresholdConfig": {
      "accountsNotInImportAction": "Suspend",
      "accountThresholdValue": 1000
    },
    "call": {
      "call1": {
        "callOrder": 0,
        "stageNumber": 0,
        "http": {
          "url": "https://HOSTNAME/appservices/v6/orgs/xxx/users/",
          "httpContentType": "application/json",
          "httpMethod": "GET",
          "httpHeaders": {
            "X-Auth-Token": "xxx/xxx"
          }
        },
        "listField": "users",
        "keyField": "accountID",
        "colsToPropsMap": {
          "accountID": "login_id~#~char",
          "name": "email~#~char",
          "displayname": "login_name~#~char",
          "customproperty4": "login_name~#~char",
          "customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
        }
      }
    }
  },
  "acctEntParams": {
    "connection": "acctAuth",
    "processingType": "httpAcctToEnt",
    "successResponses": {
      "statusCode": [
        200
      ]
    },
    "doNotChangeIfFailed": true,
    "entTypes": {
      "Roles": {
        "entTypeOrder": 0,
        "call": {
          "call1": {
            "connection": "acctAuth",
            "callOrder": 0,
            "stageNumber": 0,
            "http": {
              "url": "https://HOSTNAME/access/v2/orgs/xxx/grants/psc:user:xxx:${id}",
              "httpContentType": "application/json",
              "httpMethod": "GET",
              "httpHeaders": {
                "X-Auth-Token": "xxx/xxx"
              }
            },
            "listField": "profiles",
            "keyField": "entitlementID",
            "colsToPropsMap": {
              "entIdPath": "roles",
              "entKeyField": "entitlementID",
              "acctKeyField": "accountID"
            },
            "disableDeletedEntitlements": true
          }
        }
      }
    }
  }
}

 

The error message that I see in the logs:

2023-03-29 13:56:31,885 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService  - pullObjectsByRest - objectList.size : 1
2023-03-29 13:56:31,886 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService  - Inside importAccessFull:persistEntObjects, pptTypeSep : ~#~
2023-03-29 13:56:31,887 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService  - Exception in persistObjects :
java.lang.NullPointerException
	at com.saviynt.provisoning.rest.RestProvisioningService.persistEntObjects(RestProvisioningService.groovy:4929)
	at com.saviynt.provisoning.rest.RestProvisioningService.processEntitlementByPagination(RestProvisioningService.groovy:942)
	at com.saviynt.provisoning.rest.RestProvisioningService.processEntitlementByEntFilterAndNoFilter(RestProvisioningService.groovy:820)
	at com.saviynt.provisoning.rest.RestProvisioningService$_processEntitlementsFinal_closure6_closure77.doCall(RestProvisioningService.groovy:676)
	at com.saviynt.provisoning.rest.RestProvisioningService$_processEntitlementsFinal_closure6.doCall(RestProvisioningService.groovy:672)
	at com.saviynt.provisoning.rest.RestProvisioningService.processEntitlementsFinal(RestProvisioningService.groovy:671)
	at com.saviynt.provisoning.rest.RestProvisioningService.processAccessFullBySequentialAndIterative(RestProvisioningService.groovy:629)
	at com.saviynt.provisoning.rest.RestProvisioningService.importAccessFullBySequentialAndIterativeWithoutEntFilter(RestProvisioningService.groovy:506)
	at com.saviynt.provisoning.rest.RestProvisioningService.importAccessFullBySequentialAndIterative(RestProvisioningService.groovy:281)
	at com.saviynt.provisoning.rest.RestProvisioningService.importAccessFull(RestProvisioningService.groovy:167)
	at com.saviynt.provisoning.rest.RestProvisioningService.doImport(RestProvisioningService.groovy:141)
	at com.saviynt.ecm.integration.ExternalConnectionCallService.invokeExternalMethod(ExternalConnectionCallService.groovy:187)
	at ApplicationDataImportJob.execute(ApplicationDataImportJob.groovy:206)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:199)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)
2023-03-29 13:56:31,887 [quartzScheduler_Worker-24] ERROR rest.RestProvisioningService  - Exception in persistObjects :
java.lang.NullPointerException
	at com.saviynt.provisoning.rest.RestProvisioningService.persistEntObjects(RestProvisioningService.groovy:4929)
	at com.saviynt.provisoning.rest.RestProvisioningService.processEntitlementByPagination(RestProvisioningService.groovy:942)
	at com.saviynt.provisoning.rest.RestProvisioningService.processEntitlementByEntFilterAndNoFilter(RestProvisioningService.groovy:820)
	at com.saviynt.provisoning.rest.RestProvisioningService$_processEntitlementsFinal_closure6_closure77.doCall(RestProvisioningService.groovy:676)
	at com.saviynt.provisoning.rest.RestProvisioningService$_processEntitlementsFinal_closure6.doCall(RestProvisioningService.groovy:672)
	at com.saviynt.provisoning.rest.RestProvisioningService.processEntitlementsFinal(RestProvisioningService.groovy:671)
	at com.saviynt.provisoning.rest.RestProvisioningService.processAccessFullBySequentialAndIterative(RestProvisioningService.groovy:629)
	at com.saviynt.provisoning.rest.RestProvisioningService.importAccessFullBySequentialAndIterativeWithoutEntFilter(RestProvisioningService.groovy:506)
	at com.saviynt.provisoning.rest.RestProvisioningService.importAccessFullBySequentialAndIterative(RestProvisioningService.groovy:281)
	at com.saviynt.provisoning.rest.RestProvisioningService.importAccessFull(RestProvisioningService.groovy:167)
	at com.saviynt.provisoning.rest.RestProvisioningService.doImport(RestProvisioningService.groovy:141)
	at com.saviynt.ecm.integration.ExternalConnectionCallService.invokeExternalMethod(ExternalConnectionCallService.groovy:187)
	at ApplicationDataImportJob.execute(ApplicationDataImportJob.groovy:206)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:199)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)
2023-03-29 13:56:31,890 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService  - secondaryEntTypeImportConfig: null
2023-03-29 13:56:31,890 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService  - Inside disableEntitlementValues - entTypes to be disabled : Roles
2023-03-29 13:56:31,892 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService  - calling buildEntitlementMappings..
2023-03-29 13:56:31,892 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService  - Inside RestProvisioiningService.buildEntitlementMappings
2023-03-29 13:56:31,912 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService  - called fetchEntitlementTypesFromEntMappingParams..entTypesMap = [Roles:2986]
2023-03-29 13:56:31,912 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService  - calling processAccountEntitlementParams - memento.entTypesSet : [2986]
2023-03-29 13:56:31,912 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService  - Inside processAccountEntitlementParams*****
2023-03-29 13:56:31,913 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService  - inside processAccountEntitlementsByHttpAcctToEnt
2023-03-29 13:56:31,953 [quartzScheduler_Worker-24] DEBUG rest.RestProvisioningService  - Exception in processAccountEntitlementsByHttpAcctToEnt: 
org.springframework.orm.hibernate3.HibernateQueryException: could not resolve property: null of: com.saviynt.ecm.identitywarehouse.domain.Entitlement_values [select new Map(ev.null as null,ev.id as id) from com.saviynt.ecm.identitywarehouse.domain.Entitlement_values ev where ev.entitlementtypekey.id=2986 and ev.status = 1]; nested exception is org.hibernate.QueryException: could not resolve property: null of: com.saviynt.ecm.identitywarehouse.domain.Entitlement_values [select new Map(ev.null as null,ev.id as id) from com.saviynt.ecm.identitywarehouse.domain.Entitlement_values ev where ev.entitlementtypekey.id=2986 and ev.status = 1]
	at com.saviynt.provisoning.rest.RestProvisioningService.populateEntitlementMapByConfig(RestProvisioningService.groovy:5929)
	at com.saviynt.provisoning.rest.RestProvisioningService.processAccountEntitlementsByHttpAcctToEnt(RestProvisioningService.groovy:7054)
	at com.saviynt.provisoning.rest.RestProvisioningService$_processAccountEntitlementParams_closure37_closure96.doCall(RestProvisioningService.groovy:6184)
	at com.saviynt.provisoning.rest.RestProvisioningService$_processAccountEntitlementParams_closure37.doCall(RestProvisioningService.groovy:6170)
	at com.saviynt.provisoning.rest.RestProvisioningService.processAccountEntitlementParams(RestProvisioningService.groovy:6169)
	at com.saviynt.provisoning.rest.RestProvisioningService.importAccessFullBySequentialAndIterative(RestProvisioningService.groovy:299)
	at com.saviynt.provisoning.rest.RestProvisioningService.importAccessFull(RestProvisioningService.groovy:167)
	at com.saviynt.provisoning.rest.RestProvisioningService.doImport(RestProvisioningService.groovy:141)
	at com.saviynt.ecm.integration.ExternalConnectionCallService.invokeExternalMethod(ExternalConnectionCallService.groovy:187)
	at ApplicationDataImportJob.execute(ApplicationDataImportJob.groovy:206)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:199)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)
Caused by: org.hibernate.QueryException: could not resolve property: null of: com.saviynt.ecm.identitywarehouse.domain.Entitlement_values [select new Map(ev.null as null,ev.id as id) from com.saviynt.ecm.identitywarehouse.domain.Entitlement_values ev where ev.entitlementtypekey.id=2986 and ev.status = 1]
	... 12 more

 

The account import is working fine but having issues with the access import. Any help would be appreciated.

0 Kudos
24 REPLIES 24

SB
Saviynt Employee
Saviynt Employee

‎03/29/2023 09:08 AM

Can you confirm if you were able to successfully import Accounts and entitlements and if its an issue only with the mapping.


Regards,
Sahil
0 Kudos

ZA
New Contributor III
New Contributor III
In response to SB

‎03/29/2023 09:12 AM

Hi Sahil,

I'm able to import accounts but not entitlements.

Question, do I need the entitlementParams attribute? This application doesn't have an API endpoint to list all roles. So what I was thinking is keeping that part out and using httpAccToEnt in the acctEntParams to list the roles while it iterates through all the users. I think that is my issue.

0 Kudos

SB
Saviynt Employee
Saviynt Employee
In response to ZA

‎03/29/2023 09:39 AM

Can you try with the below JSON once and confirm. We have added "importAsEntitlement": true under acctEntMappings. As you run the Account import job, the entitlements assigned to the users should also be imported.

 

{
"accountParams": {
"connection": "acctAuth",
"createUsers": false,
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://HOSTNAME/appservices/v6/orgs/xxx/users/",
"httpContentType": "application/json",
"httpMethod": "GET",
"httpHeaders": {
"X-Auth-Token": "xxx/xxx"
}
},
"listField": "",
"keyField": "",
"colsToPropsMap": {}
}
},
"acctEntMappings": {
"Roles": {
"listPath": "",
"idPath": "",
"keyField": "",
"importAsEntitlement": true
}
}
},
"entitlementParams": {
},
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}


Regards,
Sahil
0 Kudos

ZA
New Contributor III
New Contributor III
In response to SB

‎03/29/2023 10:13 AM

This will not work because that API call will not get roles assigned to the user. That API call will only get account information.

I was able to finally get an API endpoint to get all roles. That is now working. Now the issue is that I'm getting the ACCKEY but not the ENTVALKEY, it is coming as null.

2023-03-29 17:08:16,116 [quartzScheduler_Worker-30] DEBUG rest.RestProvisioningService  - pullObjectsByRest - responseStatusCode ::200
2023-03-29 17:08:16,117 [quartzScheduler_Worker-30] DEBUG rest.RestProvisioningService  - Entered getResponseHeaders method
2023-03-29 17:08:16,117 [quartzScheduler_Worker-30] DEBUG rest.RestProvisioningService  - responseError : null
2023-03-29 17:08:16,117 [quartzScheduler_Worker-30] DEBUG rest.RestProvisioningService  - isAuthError: false
2023-03-29 17:08:16,117 [quartzScheduler_Worker-30] DEBUG rest.RestProvisioningService  - pullObjectsByRest - responseMap.size : 13
2023-03-29 17:08:16,117 [quartzScheduler_Worker-30] DEBUG rest.RestProvisioningService  - pullObjectsByRest - objectList.size : 1
2023-03-29 17:08:16,118 [quartzScheduler_Worker-30] DEBUG rest.RestProvisioningService  - inside processAccountEntitlements
2023-03-29 17:08:16,118 [quartzScheduler_Worker-30] DEBUG rest.RestProvisioningService  - ACCKEY:3017729;ENTVALKEY:null
2023-03-29 17:08:16,216 [quartzScheduler_Worker-30] DEBUG rest.RestProvisioningService  - Inside pullObjectsByRest

 

New JSON:

{
  "accountParams": {
    "connection": "acctAuth",
    "createUsers": false,
    "adminName": "admin",
    "processingType": "SequentialAndIterative",
    "successResponses": {
      "statusCode": [
        200
      ]
    },
    "doNotChangeIfFailed": true,
    "statusAndThresholdConfig": {
      "accountsNotInImportAction": "Suspend",
      "accountThresholdValue": 1000
    },
    "call": {
      "call1": {
        "callOrder": 0,
        "stageNumber": 0,
        "http": {
          "url": "https://hostname/appservices/v6/orgs/7DMF65PR/users/",
          "httpContentType": "application/json",
          "httpMethod": "GET",
          "httpHeaders": {
            "X-Auth-Token": "xxx/xxx"
          }
        },
        "listField": "users",
        "keyField": "accountID",
        "colsToPropsMap": {
          "accountID": "login_id~#~char",
          "name": "email~#~char",
          "displayname": "login_name~#~char",
          "customproperty4": "login_name~#~char",
          "customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
        }
      }
    }
  },
  "entitlementParams": {
    "connection": "acctAuth",
    "processingType": "SequentialAndIterative",
    "entTypes": {
      "Roles": {
        "entTypeOrder": 0,
        "call": {
          "call1": {
            "callOrder": 0,
            "stageNumber": 0,
            "http": {
              "url": "https://hostname/access/v3/orgs/7DMF65PR/principals/xxx/roles/permitted?type=USER",
              "httpHeaders": {
                "X-Auth-Token": "xxx/xxx"
              },
              "httpContentType": "application/json",
              "httpMethod": "GET"
            },
            "listField": "results.7DMF65PR",
            "keyField": "entitlementID",
            "colsToPropsMap": {
              "entitlementID": "urn~#~char",
              "entitlement_value": "urn~#~char",
							"displayname": "name~#~char"
            },
            "disableDeletedEntitlements": true
          }
        }
      }
    }
  },
  "acctEntParams": {
    "connection": "acctAuth",
    "entTypes": {
      "Roles": {
        "call": {
          "call1": {
            "callOrder": 0,
            "stageNumber": 0,
            "processingType": "httpAcctToEnt",
            "http": {
              "url": "https://hostname/access/v2/orgs/7DMF65PR/grants/psc:user:7DMF65PR:${id}",
              "httpContentType": "application/json",
              "httpMethod": "GET",
              "httpHeaders": {
                "X-Auth-Token": "xxx/xxx"
              }
            },
            "listField": "profiles",
            "keyField": "entitlementID",
            "colsToPropsMap": {
              "entIdPath": "roles",
              "entKeyField": "entitlementID",
              "acctKeyField": "accountID"
            }
          }
        }
      }
    }
  }
}

 

I'm now able to import accounts, import entitlements, but it is not mapping the entitlements to the users.

0 Kudos

SB
Saviynt Employee
Saviynt Employee
In response to ZA

‎03/29/2023 10:22 AM

Can you share the sample response of the API call that displays the information of Users and entitlements. 


Regards,
Sahil
0 Kudos

ZA
New Contributor III
New Contributor III
In response to SB

‎03/29/2023 10:30 AM

Account import (lists all users, does not allow viewing roles):

{
	"message": "Success",
	"success": true,
	"users": [
		{
			"org_key": "7DMF65PR",
			"org_id": 35622,
			"login_id": 109805,
			"login_name": "jdoe+build@domain.com",
			"email": "jdoe+build@domain.com",
			"first_name": "John",
			"last_name": "Doe",
			"phone": "",
			"auth_method": "PASSWORD",
			"admin_login_version": 108,
			"org_admin_version": 0,
			"role": "DEPRECATED",
			"contact_id": 9963213,
			"contact_version": 0
		},
...

Entitlement Import (one user at a time):

{
	"principal": "psc:user:7DMF65PR:109929",
	"expires": null,
	"revoked": false,
	"roles": null,
	"version": 1,
	"profiles": [
		{
			"profile_uuid": "e8bd7eb3-c640-4c46-9171-5fe6afbaf90d",
			"orgs": {
				"allow": [
					"psc:org:7DMF65PR"
				]
			},
			"roles": [
				"psc:role:7DMF65PR:BUILD_TEAM_-_OPERATIONS"
			],
			"conditions": null,
			"can_manage": false
		}
	],
	"org_ref": "psc:org:7DMF65PR",
	"principal_name": "jdoe+build@domain.com",
	"created_by": "psc:cnn:RN4LFYNE:CKPTFDU94V",
	"updated_by": "psc:cnn:RN4LFYNE:CKPTFDU94V",
	"create_time": "2022-03-24T17:24:56.698Z",
	"update_time": "2022-03-24T17:24:56.698Z",
	"can_manage": false
}

 

0 Kudos

SB
Saviynt Employee
Saviynt Employee
In response to ZA

‎03/29/2023 10:41 AM

The acctEntParams will depend on how the target application provides a response for the mapping. 

Below is a link to REST connector guide. You can search for Processing Types section in order to identify the json format to be used in your case.

https://docs.saviyntcloud.com/bundle/REST-v23x/page/Content/Developers-Handbook.htm

 


Regards,
Sahil
0 Kudos

ZA
New Contributor III
New Contributor III
In response to SB

‎03/29/2023 10:53 AM

Sahil,

That is what I did and found that I need to use httpAcctToEnt. My issue now is that while it's iterating through all the user's the logs show the below:

DEBUG rest.RestProvisioningService  - ACCKEY:3017729;ENTVALKEY:null

It's successfully making a call for each account but why is ENTVALKEY null?

0 Kudos

SB
Saviynt Employee
Saviynt Employee
In response to ZA

‎03/29/2023 11:13 AM

in the log file can you search for Got Webservice API Response and share the thread following it until the ENTVALKEY:null message.


Regards,
Sahil
0 Kudos

ZA
New Contributor III
New Contributor III
In response to SB

‎03/29/2023 11:22 AM

I don't see that. Is this what you're asking for?

2023-03-29 18:16:32,466 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - pullObjectsByRest - responseStatusCode ::200
2023-03-29 18:16:32,467 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - Entered getResponseHeaders method
2023-03-29 18:16:32,467 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - responseError : null
2023-03-29 18:16:32,467 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - isAuthError: false
2023-03-29 18:16:32,467 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - pullObjectsByRest - responseMap.size : 1
2023-03-29 18:16:32,467 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - pullObjectsByRest - objectList.size : 33
2023-03-29 18:16:32,467 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - Inside importAccessFull:persistEntObjects, pptTypeSep : ~#~
2023-03-29 18:16:32,506 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - secondaryEntTypeImportConfig: null
2023-03-29 18:16:32,508 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - Inside disableEntitlementValues - entTypes to be disabled : Roles
2023-03-29 18:16:32,510 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - calling buildEntitlementMappings..
2023-03-29 18:16:32,510 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - Inside RestProvisioiningService.buildEntitlementMappings
2023-03-29 18:16:32,513 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - called fetchEntitlementTypesFromEntMappingParams..entTypesMap = [Roles:2986]
2023-03-29 18:16:32,514 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - calling processAccountEntitlementParams - memento.entTypesSet : [2986]
2023-03-29 18:16:32,514 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - Inside processAccountEntitlementParams*****
2023-03-29 18:16:32,514 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - Inside processAccountEntitlementParamsByCallTypes..
2023-03-29 18:16:32,514 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - Currently Processing account entitlements for entitlement type: Roles
2023-03-29 18:16:32,516 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - processingType: httpAcctToEnt
2023-03-29 18:16:32,516 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - inside processAccountEntitlementsCallByHttpAcctToEnt
2023-03-29 18:16:32,613 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - Inside pullObjectsByRest
2023-03-29 18:16:32,613 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - 
2023-03-29 18:16:32,613 [quartzScheduler_Worker-2] DEBUG services.HttpClientUtilityService  - isFipsEnabled = false
2023-03-29 18:16:32,613 [quartzScheduler_Worker-2] DEBUG services.HttpClientUtilityService  - getHttpClient - sslParams : null
2023-03-29 18:16:32,613 [quartzScheduler_Worker-2] DEBUG services.HttpClientUtilityService  - getHttpClient - proxyParams : null
2023-03-29 18:16:32,613 [quartzScheduler_Worker-2] DEBUG services.HttpClientUtilityService  - getHttpClient - sslSocketFactory : null
2023-03-29 18:16:32,617 [quartzScheduler_Worker-2] DEBUG services.HttpClientUtilityService  - getHttpClient - HttpClientBuilder.create().build() called.
2023-03-29 18:16:32,971 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - 
2023-03-29 18:16:32,971 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - pullObjectsByRest - responseStatusCode ::200
2023-03-29 18:16:32,972 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - Entered getResponseHeaders method
2023-03-29 18:16:32,972 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - responseError : null
2023-03-29 18:16:32,972 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - isAuthError: false
2023-03-29 18:16:32,972 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - pullObjectsByRest - responseMap.size : 13
2023-03-29 18:16:32,972 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - pullObjectsByRest - objectList.size : 1
2023-03-29 18:16:32,972 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - inside processAccountEntitlements
2023-03-29 18:16:32,972 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - ACCKEY:3017703;ENTVALKEY:null
2023-03-29 18:16:33,066 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - Inside pullObjectsByRest
2023-03-29 18:16:33,066 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - 
2023-03-29 18:16:33,066 [quartzScheduler_Worker-2] DEBUG services.HttpClientUtilityService  - isFipsEnabled = false
2023-03-29 18:16:33,066 [quartzScheduler_Worker-2] DEBUG services.HttpClientUtilityService  - getHttpClient - sslParams : null
2023-03-29 18:16:33,066 [quartzScheduler_Worker-2] DEBUG services.HttpClientUtilityService  - getHttpClient - proxyParams : null
2023-03-29 18:16:33,066 [quartzScheduler_Worker-2] DEBUG services.HttpClientUtilityService  - getHttpClient - sslSocketFactory : null
2023-03-29 18:16:33,070 [quartzScheduler_Worker-2] DEBUG services.HttpClientUtilityService  - getHttpClient - HttpClientBuilder.create().build() called.
2023-03-29 18:16:33,486 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - 
2023-03-29 18:16:33,486 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - pullObjectsByRest - responseStatusCode ::200
2023-03-29 18:16:33,487 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - Entered getResponseHeaders method
2023-03-29 18:16:33,487 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - responseError : null
2023-03-29 18:16:33,487 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - isAuthError: false
2023-03-29 18:16:33,487 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - pullObjectsByRest - responseMap.size : 13
2023-03-29 18:16:33,487 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - pullObjectsByRest - objectList.size : 1
2023-03-29 18:16:33,487 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - inside processAccountEntitlements
2023-03-29 18:16:33,487 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - ACCKEY:3017732;ENTVALKEY:null
2023-03-29 18:16:33,586 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  - Inside pullObjectsByRest
2023-03-29 18:16:33,586 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService  -

 

0 Kudos

SB
Saviynt Employee
Saviynt Employee
In response to ZA

‎03/29/2023 11:34 AM

It  appears the additional logging config is not added in the Connection. Can you update ConfigJSON param in the REST connection with value {"showLogs":true}


Regards,
Sahil
0 Kudos

ZA
New Contributor III
New Contributor III
In response to SB

‎03/29/2023 03:06 PM

Ah nice much better logging thank you.

2023-03-29 22:01:35,508 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - Got Webservice API Response: [headers:[Date: Wed, 29 Mar 2023 22:01:35 GMT, Content-Type: application/json, Content-Length: 540, Connection: keep-alive, Cache-Control: no-cache, no-store, max-age=0, must-revalidate, Expires: 0, Pragma: no-cache, X-Content-Type-Options: nosniff, X-Frame-Options: DENY, X-Xss-Protection: 1; mode=block], responseText:{"principal":"psc:user:7DMF65PR:109952","expires":null,"revoked":false,"roles":null,"version":1,"profiles":[{"profile_uuid":"539c2a31-b772-44f3-9675-33e23bb8c120","orgs":{"allow":["psc:org:7DMF65PR"]},"roles":["psc:role:7DMF65PR:REDTEAM"],"conditions":null,"can_manage":false}],"org_ref":"psc:org:7DMF65PR","principal_name":"jdoe+build@domain.com","created_by":"psc:cnn:RN4LFYNE:CKPTFDU94V","updated_by":"psc:cnn:RN4LFYNE:CKPTFDU94V","create_time":"2022-03-24T18:40:40.813Z","update_time":"2022-03-24T18:40:40.813Z","can_manage":false}, cookies:[], statusCode:200]
2023-03-29 22:01:35,508 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - pullObjectsByRest - responseStatusCode ::200
2023-03-29 22:01:35,509 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - Entered getResponseHeaders method
2023-03-29 22:01:35,509 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - responseError : null
2023-03-29 22:01:35,510 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - isAuthError: false
2023-03-29 22:01:35,510 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - pullObjectsByRest - responseMap.size : 13
2023-03-29 22:01:35,510 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - pullObjectsByRest - objectList.size : 1
2023-03-29 22:01:35,510 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - inside processAccountEntitlements
2023-03-29 22:01:35,510 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - ACCKEY:3017703;ENTVALKEY:null
2023-03-29 22:01:35,641 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - Inside pullObjectsByRest
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG rest.RestUtilService  - Got showLogs = true
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - Calling Webservice Url - https://hostname/access/v2/orgs/7DMF65PR/grants/psc:user:7DMF65PR:135128 with httpParams - null
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG services.HttpClientUtilityService  - isFipsEnabled = false
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG services.HttpClientUtilityService  - getHttpClient - sslParams : null
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG services.HttpClientUtilityService  - getHttpClient - proxyParams : null
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG services.HttpClientUtilityService  - getHttpClient - sslSocketFactory : null
2023-03-29 22:01:35,646 [quartzScheduler_Worker-14] DEBUG services.HttpClientUtilityService  - getHttpClient - HttpClientBuilder.create().build() called.
0 Kudos

ZA
New Contributor III
New Contributor III
In response to SB

‎03/30/2023 11:14 AM

Hi Sahil,

Any update on this?

0 Kudos

SB
Saviynt Employee
Saviynt Employee
In response to ZA

‎03/30/2023 12:23 PM

In the response you shared, can you confirm which field holds the value for Entitlement and AccountId

{
	"principal": "psc:user:7DMF65PR:109929",
	"expires": null,
	"revoked": false,
	"roles": null,
	"version": 1,
	"profiles": [
		{
			"profile_uuid": "e8bd7eb3-c640-4c46-9171-5fe6afbaf90d",
			"orgs": {
				"allow": [
					"psc:org:7DMF65PR"
				]
			},
			"roles": [
				"psc:role:7DMF65PR:BUILD_TEAM_-_OPERATIONS"
			],
			"conditions": null,
			"can_manage": false
		}
	],
	"org_ref": "psc:org:7DMF65PR",
	"principal_name": "jdoe+build@domain.com",
	"created_by": "psc:cnn:RN4LFYNE:CKPTFDU94V",
	"updated_by": "psc:cnn:RN4LFYNE:CKPTFDU94V",
	"create_time": "2022-03-24T17:24:56.698Z",
	"update_time": "2022-03-24T17:24:56.698Z",
	"can_manage": false
}

Regards,
Sahil
0 Kudos

ZA
New Contributor III
New Contributor III
In response to SB

‎03/30/2023 01:55 PM

 

The accountID is principal_name

The entitlement_value is profiles.roles

0 Kudos

SB
Saviynt Employee
Saviynt Employee
In response to ZA

‎04/04/2023 08:56 AM

Can you try with the below in 

"listField": "",
"entIdPath": "profiles",
"entKeyField": "entitlementID",
"acctIdPath": "principal_name",
"acctKeyField": "accountID"


Regards,
Sahil
0 Kudos

ZA
New Contributor III
New Contributor III
In response to SB

‎04/05/2023 09:46 AM - edited ‎04/05/2023 10:09 AM

Still experiencing the same issue. I see in the logs, the response body shows that role is under profiles.roles, but the ENTVALKEY is still null

0 Kudos

SB
Saviynt Employee
Saviynt Employee
In response to ZA

‎04/05/2023 10:56 AM

In that scenario can you try with entIdPath as profiles.roles

"entIdPath": "profiles.roles",


Regards,
Sahil
0 Kudos

ZA
New Contributor III
New Contributor III
In response to SB

‎04/05/2023 11:06 AM

Yes sorry I tried that as well. It is getting the account key so it's seeing the acctIdPath, but for the role, ENTVALKEY is null.

"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"listField": "",
"entIdPath": "profiles.roles",
"entKeyField": "entitlementID",
"acctIdPath": "principal_name",
"acctKeyField": "displayname"
}

 

You can see in the response here it's under profiles.role "psc:role:7DMF65PR:REDTEAM", but "ACCKEY:3017703;ENTVALKEY:null"

2023-03-29 22:01:35,508 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - Got Webservice API Response: [headers:[Date: Wed, 29 Mar 2023 22:01:35 GMT, Content-Type: application/json, Content-Length: 540, Connection: keep-alive, Cache-Control: no-cache, no-store, max-age=0, must-revalidate, Expires: 0, Pragma: no-cache, X-Content-Type-Options: nosniff, X-Frame-Options: DENY, X-Xss-Protection: 1; mode=block], responseText:{"principal":"psc:user:7DMF65PR:109952","expires":null,"revoked":false,"roles":null,"version":1,"profiles":[{"profile_uuid":"539c2a31-b772-44f3-9675-33e23bb8c120","orgs":{"allow":["psc:org:7DMF65PR"]},"roles":["psc:role:7DMF65PR:REDTEAM"],"conditions":null,"can_manage":false}],"org_ref":"psc:org:7DMF65PR","principal_name":"jdoe+build@domain.com","created_by":"psc:cnn:RN4LFYNE:CKPTFDU94V","updated_by":"psc:cnn:RN4LFYNE:CKPTFDU94V","create_time":"2022-03-24T18:40:40.813Z","update_time":"2022-03-24T18:40:40.813Z","can_manage":false}, cookies:[], statusCode:200]
2023-03-29 22:01:35,508 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - pullObjectsByRest - responseStatusCode ::200
2023-03-29 22:01:35,509 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - Entered getResponseHeaders method
2023-03-29 22:01:35,509 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - responseError : null
2023-03-29 22:01:35,510 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - isAuthError: false
2023-03-29 22:01:35,510 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - pullObjectsByRest - responseMap.size : 13
2023-03-29 22:01:35,510 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - pullObjectsByRest - objectList.size : 1
2023-03-29 22:01:35,510 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - inside processAccountEntitlements
2023-03-29 22:01:35,510 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - ACCKEY:3017703;ENTVALKEY:null
2023-03-29 22:01:35,641 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - Inside pullObjectsByRest
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG rest.RestUtilService  - Got showLogs = true
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService  - Calling Webservice Url - https://hostname/access/v2/orgs/7DMF65PR/grants/psc:user:7DMF65PR:135128 with httpParams - null
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG services.HttpClientUtilityService  - isFipsEnabled = false
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG services.HttpClientUtilityService  - getHttpClient - sslParams : null
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG services.HttpClientUtilityService  - getHttpClient - proxyParams : null
2023-03-29 22:01:35,642 [quartzScheduler_Worker-14] DEBUG services.HttpClientUtilityService  - getHttpClient - sslSocketFactory : null
2023-03-29 22:01:35,646 [quartzScheduler_Worker-14] DEBUG services.HttpClientUtilityService  - getHttpClient - HttpClientBuilder.create().build() called.

 

 

0 Kudos

SB
Saviynt Employee
Saviynt Employee
In response to ZA

‎04/06/2023 08:38 AM

I just checked this and it looks like "entIdPath": "profiles[0].roles", should be able to resolve the issue.


Regards,
Sahil
0 Kudos

ZA
New Contributor III
New Contributor III
In response to SB

‎04/06/2023 09:53 AM

Hi Sahil,

I have tried profiles[0].roles, profiles[0].roles[0], and profiles.roles[0], none of these seem to work. Any other ideas?

0 Kudos

SB
Saviynt Employee
Saviynt Employee

‎04/12/2023 01:48 PM

I would recommend creating a ticket with support team to check this further.


Regards,
Sahil
0 Kudos

JoshuaLawrence
New Contributor III
New Contributor III

‎06/01/2023 10:50 AM

Hi guys,

Did you guys ever resolve this issue? I seem to be having the same problem

thanks

0 Kudos

ZA
New Contributor III
New Contributor III
In response to JoshuaLawrence

‎06/01/2023 11:36 AM

Hi @JoshuaLawrence ,

 

I believe for my case the issue for this is that it's not a key value pair. So the only way I am able to get around this is by using a middleware application that I will call that will give me a key value pair; not a value within an array.

Copyright © 2024 Khoros, LLC