Saviynt Forums

JPMac · ‎05/30/2024

We are trying to design a complex provisioning connection to Azure AD with the following conditions:

Call1: Use the GET method to retrieve users from a specific domain.
Call2: Execute only if no value is returned from Call1 message.
Call3: Execute regardless of the results of Call1 and Call2.

However, an error at the end of the script is preventing successful provisioning.

Is it even permissible to include a GET method in the CreateAccountJSON? Could someone provide advice on this?

Here is the JSON configuration:

======CreateAccountJSON======

{

"accountIdPath": "call2.message.invitedUser.id",

"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",

"responseColsToPropsMap": {

"displayName": "call2.message.invitedUserDisplayName~#~char",

"name": "call2.message.userPrincipalName~#~char"

},

"call": [

{

"name": "call1",

"connection": "userAuth",

"url": "https://graph.microsoft.com/v1.0/users?$filter=mail%20eq%20%27<domain>%27",

"httpMethod": "GET",

"httpParams": {},

"httpHeaders": {

"Authorization": "${access_token}",

"Content-Type": "application/json"

},

"httpContentType": "application/json",

"successResponses": {

"statusCode": [

200,

201,

204,

205

]

}

},

{

"name": "call2",

"connection": "userAuth",

"url": "https://graph.microsoft.com/v1.0/invitations",

"httpMethod": "POST",

"httpParams": "{\"invitedUserEmailAddress\":\"${user.email}\",\"invitedUserDisplayName\":\"${user.firstname}\", \"inviteRedirectUrl\":\"https://portal.azure.com\", \"invitedUserType\": \"Guest\", \"sendInvitationMessage\":\"true\"}",

"httpHeaders": {

"Authorization": "${access_token}",

"Content-Type": "application/json"

},

"httpContentType": "application/json",

"callCondition": "!${response.call1.message.value.id}",

"successResponses": {

"statusCode": [

200,

201,

204,

205

]

},

"unsuccessResponses": {

"error.code": [

"Request_BadRequest",

"Authentication_MissingOrMalformed",

"Request_ResourceNotFound",

"Authorization_RequestDenied",

"Authentication_Unauthorized",

"BadRequest"

]

}

},

{

"name": "call3",

"connection": "userAuth",

"url": "${(response.call2.invitedUser.id)? 'https://graph.microsoft.com/v1.0/users/${response.call2.message.invitedUser.id}':'https://graph.micr...}'}",

"httpMethod": "PATCH",

"httpParams": "{\"givenname\": \"${user.firstname}\",\"surname\":\"${user.lastname}\",\"displayName\":\"${user.lastname}, ${user.firstname}\",\"city\":\"${user.startdate}/${user.enddate}\",\"country\": \"SAVI\",\"postalcode\": \"${user.startdate.format('yyyy/MM/dd')}/${user.enddate.format('yyyy/MM/dd')}\"}",

"httpHeaders": {

"Authorization": "${access_token}"

},

"httpContentType": "application/json",

"successResponses": {

"statusCode": [

200,

201,

204,

205

]

}

]

}

===============================

Error Message

{"call1":{"message":"No signature of method: com.saviynt.provisoning.rest.RestUtilService.getDynamicBindString() is applicable for argument types: (java.util.LinkedHashMap, java.util.HashMap) values: [[:], [ServiceAccountOwnerMap:[:], endpointsObj:AzureAD_Couple1, ...]]\nPossible solutions: getDynamicBindString(java.lang.String, java.util.Map)","status":"Failed"}}

adriencosson · ‎05/30/2024

Hi @JPMac,

Seems that you cannot just do "callCondition": "!${response.call1.message.value.id}" as it must return a boolean to execute the call.

Hence you might use something like : "callCondition": "${null!=response.call1.message?.value?.id}"

Hope this helps.

Regards,
Adrien COSSON

rushikeshvartak · ‎05/30/2024

You can use callcondition or connection name logic

refer https://forums.saviynt.com/t5/identity-governance/make-second-call-depending-on-call1-response-messa...

https://forums.saviynt.com/t5/identity-governance/skip-the-service-now-ticket-creation-if-task-sourc...

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

JPMac · ‎05/30/2024

@rushikeshvartak , @adriencosson

Thanks for your response.

I edited the JSON as follows:

call1: Create an invited user
call2: If the error message "Non-external user already exists with the given mail address and can't be invited." is outputted in call1, use the URL for regular updates. If call1 successfully creates an account, use the response ID from call1.

CreateAccountJson

{

"accountIdPath": "accountName",

"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",

"responseColsToPropsMap": {},

"call": [

{

"name": "call1",

"connection": "userAuth",

"url": "https://graph.microsoft.com/v1.0/invitations",

"httpMethod": "POST",

"httpParams": "{\"invitedUserEmailAddress\":\"${user.email}\",\"invitedUserDisplayName\":\"${user.firstname}\", \"inviteRedirectUrl\":\"https://portal.azure.com\", \"invitedUserType\": \"Guest\", \"sendInvitationMessage\":\"true\"}",

"httpHeaders": {

"Authorization": "${access_token}",

"Content-Type": "application/json"

},

"httpContentType": "application/json",

"successResponses": {

"statusCode": [

200,

201,

204,

205

]

},

"unsuccessResponses": {

"error.code": [

"Request_BadRequest",

"Authentication_MissingOrMalformed",

"Request_ResourceNotFound",

"Authorization_RequestDenied",

"Authentication_Unauthorized",

"BadRequest"

]

}

},

{

"name": "call2",

"connection": "userAuth",

"url": "${response.call1.message.error.message == 'Non-external user already exists with the given mail address and can't be invited.'?'https://graph.microsoft.com/v1.0/users/${account.accountID}':'https://graph.microsoft.com/v1.0/users...}'}",

"httpMethod": "PATCH",

"httpParams": "{\"givenname\": \"${user.firstname}\",\"surname\":\"${user.lastname}\",\"displayName\":\"${user.lastname}, ${user.firstname}\",\"city\":\"${user.startdate}/${user.enddate}\",\"country\": \"SAVI\",\"postalcode\": \"${user.startdate.format('yyyy/MM/dd')}/${user.enddate.format('yyyy/MM/dd')}\"}",

"httpHeaders": {

"Authorization": "${access_token}"

},

"httpContentType": "application/json",

"successResponses": {

"statusCode": [

200,

201,

204,

205

]

}

]

}

When creating a new account, I am still getting the following error.

error

{"call1":{"headers":"gHbT2dtDnQxurBrcCkvNqqP0cq4FT6ZSWvASI1nGTwRDSsanUBJ0fyKwBTkZ/4AloBp8ib5gdCvDcUPnk3aTo/jgygu1wLzBIt+6wX7XZyKSQGSSlh0LPPOGBEps0U1A/v9NXHHzwL/QNNTM2/t1z4qqK/Lwg2lZ8DQFZ+QqVARFan6MWdUwsFwyN5uiYze3t0oCcHODQCSfgQhSuh94nQusNkHoYEdYY53GxzzU+gwfna59GGBOAPNwwNAOfkia5UAJf/iruumQ/Y3ooAcg7GBw+RVkeDVf9rLIr5HHpjVsw1h92Mj5d+C7jI+uQBRsNfGtGurJBN+7QcyH08WeQ50EmAh133H55kjJHAzaWtLmtqb3IMrRslwhpD2p/4XZ39PoZC7Qh4qSsoAsQ7Ptry/ODeFWQ8/OGQiUDc19hLyxVBd1OfzQYiiOrPTdV1YaMYlxie/Tx/JOU+94bd5jiIjaoUyD39nSDu6Olmp0J69Q+ZrYmZtBXYQx/f6GFHFCcySKL+XWyUJ+MkxgNAZp/rl0Lil8ZgX1xMxL0DXnvgrr9AD3L/rIt2HES7BqWtYffqvch1/M/0wAIV/6Ky3sV2WsDOVb8/5ZMWeuB66JMDXAmzSnc1Kmt0wbfQ7y4jRW2a/HGpSLJ/cbd8yaRKxUNDZ/3vzhCIa+VMb/3VBiaLrn7gUz0X6d+KWkpKTZY5oVu/El4yQzuLwINy4o8ru2xvVNmSc50FfI1yiGANDMcaWCqCzepjPFIK4IJzrlLruyxOSNk8VfTk+Rb0jWzpWzo/YKPNKVCqZmngZ55txYiRxWnbNOc7xXcOSp4PbIPmuQL0WCNJ8aRomi5u8ZooV/YQRZdzfjWCnAonxwVLS6GB0=","message":{"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#invitations/$entity","id":"48af30c0-68b8-4f58-b7ef-7aad835ede11","inviteRedeemUrl":"https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3fte...","invitedUserDisplayName":"John","invitedUserType":"Guest","invitedUserEmailAddress":"m12827132@macsaviynt.local","sendInvitationMessage":true,"resetRedemption":false,"inviteRedirectUrl":"https://portal.azure.com/","status":"PendingAcceptance","invitedUserMessageInfo":{"messageLanguage":null,"customizedMessageBody":null,"ccRecipients":[{"emailAddress":{"name":null,"address":null}}]},"invitedUser":{"id":"3e2337f1-b219-41a3-b7fa-9de232d46438"}},"statusCode":201,"description":null,"status":"Success"},"call2":{"headers":null,"message":"","statusCode":null,"description":null,"status":"Failed"}}

Could you provide advice on how to write the URL for call2?

rushikeshvartak · ‎05/30/2024

{
    "accountIdPath": "accountName",
    "dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
    "responseColsToPropsMap": {},
    "call": [
        {
            "name": "call1",
            "connection": "userAuth",
            "url": "https://graph.microsoft.com/v1.0/invitations",
            "httpMethod": "POST",
            "httpParams": "{\"invitedUserEmailAddress\":\"${user.email}\",\"invitedUserDisplayName\":\"${user.firstname}\", \"inviteRedirectUrl\":\"https://portal.azure.com\", \"invitedUserType\": \"Guest\", \"sendInvitationMessage\":\"true\"}",
            "httpHeaders": {
                "Authorization": "${access_token}",
                "Content-Type": "application/json"
            },
            "httpContentType": "application/json",
            "successResponses": {
                "statusCode": [
                    200,
                    201,
                    204,
                    205
                ]
            },
            "unsuccessResponses": {
                "error.code": [
                    "Request_BadRequest",
                    "Authentication_MissingOrMalformed",
                    "Request_ResourceNotFound",
                    "Authorization_RequestDenied",
                    "Authentication_Unauthorized",
                    "BadRequest"
                ]
            }
        },
        {
            "name": "call2",
            "connection": "userAuth",
            "url": "${response.call1.statusCode == 201 ? 'https://graph.microsoft.com/v1.0/users/' + response.call1.message.invitedUser.id : 'https://graph.microsoft.com/v1.0/users/' + account.accountID}",
            "httpMethod": "PATCH",
            "httpParams": "{\"givenname\": \"${user.firstname}\",\"surname\":\"${user.lastname}\",\"displayName\":\"${user.lastname}, ${user.firstname}\",\"city\":\"${user.startdate}/${user.enddate}\",\"country\": \"SAVI\",\"postalcode\": \"${user.startdate.format('yyyy/MM/dd')}/${user.enddate.format('yyyy/MM/dd')}\"}",
            "httpHeaders": {
                "Authorization": "${access_token}"
            },
            "httpContentType": "application/json",
            "successResponses": {
                "statusCode": [
                    200,
                    201,
                    204,
                    205
                ]
            }
        }
    ]
}

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

NM · ‎05/30/2024

Hi @JPMac , Remove single quotes from ? and : and then give it a shot.

JPMac · ‎05/30/2024

@rushikeshvartak

Thanks for your response.

Lastly, let me confirm one thing.
Is the execution of the GET method supported within the Create Account JSON of the REST Connector?

rushikeshvartak · ‎05/30/2024

HttpMethod does not matter

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

JPMac · ‎05/31/2024

@rushikeshvartak

Could you please check the following forum?

https://forums.saviynt.com/t5/identity-governance/updateaccountjson-call-delete-method-for-rest-api/...

He initially mentioned that the delete method cannot be used in updateaccountjson.
Similarly, I am wondering if the get method cannot be used in createaccountjson.

For example, when I included the following JSON in createaccountjson and executed the job, the following error was output.

{

"call": [

{

"name": "call1",

"connection": "userAuth",

"url": "https://graph.microsoft.com/v1.0/users?$filter=mail%2Beq%2B%27${user.email}%27",

"httpMethod": "GET",

"httpParams": {},

"httpHeaders": {

"Authorization": "${access_token}",

"Content-Type": "application/json"

},

"httpContentType": "application/json",

"successResponses": {

"statusCode": [

200,

201,

204,

205

]

}

}]

}

error :

{"call1":{"message":"No signature of method: com.saviynt.provisoning.rest.RestUtilService.getDynamicBindString() is applicable for argument types: (java.util.LinkedHashMap, java.util.HashMap) values: [[:], [ServiceAccountOwnerMap:[:], endpointsObj:AzureAD_Couple1, ...]]\nPossible solutions: getDynamicBindString(java.lang.String, java.util.Map)","status":"Failed"}}

It seems to me that the error is due to a method mismatch.Can you confirm whether the type of HTTP method really doesn't matter in this context?

NM · ‎05/31/2024

@JPMac , we are using get method in create json .. try by removing httpparams field completely.

JPMac · ‎05/31/2024

@NM

I try by using this json(remove httpparams), but it's not working.

{
"call": {
"name": "call1",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/users?$filter=mail%2Beq%2B'${user.email}'",
"httpMethod": "GET",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [200, 201, 204, 205]
}
}
}

NM · ‎05/31/2024

Try this - "url": "https://graph.microsoft.com/v1.0/users?$filter=mail%20Beq%20B'${user.email}'"

JPMac · ‎05/31/2024

@NM

The same error...

"call1":{"message":"No signature of method: com.saviynt.provisoning.rest.RestUtilService.getDynamicBindString() is applicable for argument types: (java.util.LinkedHashMap, java.util.HashMap) values: [[:], [ServiceAccountOwnerMap:[:], endpointsObj:AzureAD_Couple1, ...]]\nPossible solutions: getDynamicBindString(java.lang.String, java.util.Map)","status":"Failed"}}

using Json

{
"call": [
{
"name": "call1",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/users?$filter=mail%20Beq%20B '${user.email}'",
"httpMethod": "GET",
"httpParams": {},
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}]
}

NM · ‎05/31/2024

Hey @JPMac, first question what is "B"? As per my knowledge we don't have to add that

Second don't send httpsparams

JPMac · ‎05/31/2024

@NM

I use this, but it's not working too...

{
"call": [
{
"name": "call1",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/users?$filter=mail%20eq%20'${user.email}'",
"httpMethod": "GET",
"httpParams": {},
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}]
}

rushikeshvartak · ‎06/03/2024

Share logs

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

JPMac · ‎06/04/2024

It's working now by removing httpparams.

{

"accountIdPath": "call1.message.id",

"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",

"responseColsToPropsMap": {

"comments": "call1.message.displayName~#~char",

"displayName": "call1.message.displayName~#~char",

"name": "call1.message.userPrincipalName~#~char"

},

"call": [

{

"name": "call1",

"connection": "userAuth",

"url": "https://graph.microsoft.com/v1.0/users?$filter=mail%20eq%20'<domain>'",

"httpMethod": "GET",

"httpHeaders": {

"Authorization": "${access_token}",

"Content-Type": "application/json"

},

"httpContentType": "application/json",

"successResponses": {

"statusCode": [

200,

201,

204,

205

]

}

]

}

Saviynt Forums

Multiple call(GET and Post) in same create account json