Saviynt Forums

Adithya · ‎11/06/2023

Hi Saviynt Team,

REST Connector: we are using two calls in add access JSON to add access to user.

Ca11 1 : We get existing group members data.

Call 2: We get existing group members data from call1 and add new user to existing list in call2.

Issue:

1. If there are no users part of the group, then API is not giving empty members array in the response. Please see below screenshot.

2. If there are some users part of the group, then below is the API response.

Note: I'm attaching add access JSON which we are using currently for your reference. (i). It will add access to the user if at least one user is present in the group. (ii). It will throw error as below if there is no existing user part of the group. I guess it is because of there is no members array in call1 response as there are no existing users present.

Below is the config which I'm using in second call.

\"members\":${List responseList=response.Group1.message.members;Map test = new HashMap();test.put(\"value\",account.accountID);responseList.add(test);return new com.fasterxml.jackson.databind.ObjectMapper().writeValueAsString(responseList)}

Kindly let us know how to fix this issue. Thanks.

Appreciate your response at the earliest as we are in tight timelines. Thanks.

SB · ‎11/08/2023

This might not work as you are using the response of call1 in call2 but in some scenarios where call1 response does not contain the data, the call2 will fail. 1 way you can try is to construct an If else clause or the other I can think of is, you can create 3 calls in your Add access JSON.

- The first call will remain as is.

- For the 2nd call, you can add a condition in Connection value. And in case Members field returns any data, it will process the JSON of that call else it will continue to the next call.

- Similarly for the 3rd call, you can check for the condition in Connection value and if no Members field is returned, then this JSON will be processed.

Refer LINK for If else clause condition

Or for the condition check in Connection, you can use format similar to below

"connection": "${response.call1.message.data.errors[0].errorMessage == 'The user already exists.'?'acctAuth':''}",

Forum Link for above

Regards,
Sahil

Adithya · ‎11/06/2023

Hi Saviynt Team,

We are using mutiple calls in add access JSON to provision the group access. Attaching the add access JSON for your analysis.
In call 1 - we perform get operation to fetch group details like name, members, id etc.
In call 2 - we use call 1 response to get members data and store the existing members data in list and we add new user to existing users data in call 2.

Issue: If the group doesn't have atleast one member, we are unable to provision the group access from Saviynt.

Work around: We see that if there are no users in the group, we don't see members [] array in the call 1 response. I guess that is why we are getting below error in provisiong comments.

Update Group API response if there are no members in the group:

Update Group API response if there are members in the group:

Below is the config I'm using in call 2 to get existing memebers and add new member to the group.

\"members\":${List responseList=response.Group1.message.members;Map test = new HashMap();test.put(\"value\",account.accountID);responseList.add(test);return new com.fasterxml.jackson.databind.ObjectMapper().writeValueAsString(responseList)}

Kinldy let us know how to fix this. Appreciate your response at the earliest as we are in tight timelines. Thanks.

[This message has been edited by moderator to mask sensitive information]

NM · ‎11/18/2023

Hi @Adithya

We are having the same use case, How did you resolve it?

Regards,

NM

rajesh-ram · ‎11/19/2023

@Adithya Please try the following JSON:

{
"call": [
{
"name": "Group",
"connection": "userAuth",
"showResponse": true,
"url": "https://sandbox.xyz.cloud/user-provisioning/scim/v2/Groups/${entitlementValue.entitlementID}",
"httpMethod": "GET",
"httpParams": "",
"httpHeaders": {
"Authorization": "${connection.myappkey}",
"Content-Type": "application/json"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200
]
},
"unsuccessResponses": {
"statusCode": [
400,
401,
403,
404,
415,
429,
500,
503
]
}
},
{
"name": "Group",
"connection": "userAuth",
"showResponse": true,
"url": "https://sandbox.xyz.cloud/user-provisioning/scim/v2/Groups/${entitlementValue.entitlementID}",
"httpMethod": "PUT",
"httpParams": "{\"displayName\":\"${response.Group1.message.displayName}\",\"members\":${Map tempMap = new HashMap(); ArrayList responseList=response.Group1.message.members; if(responseList != null){tempMap.put(\"value\",account.accountID); responseList.add(tempMap); return new com.fasterxml.jackson.databind.ObjectMapper().writeValueAsString(responseList);} else {responseList = new ArrayList();tempMap.put(\"value\",account.accountID); responseList.add(tempMap); return new com.fasterxml.jackson.databind.ObjectMapper().writeValueAsString(responseList);}}}",
"httpHeaders": {
"Authorization": "${connection.myappkey}",
"Content-Type": "application/json"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200
]
},
"unsuccessResponses": {
"statusCode": [
400,
401,
403,
404,
415,
429,
500,
503
]
}
}
]
}

Thanks
Rajesh Ramalingam
Saviynt India

Saviynt Forums

Issue with multiple calls for add access in REST connector

"connection": "${response.call1.message.data.errors[0].errorMessage == 'The user already exists.'?'acctAuth':''}",