Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

REST Connector - hide entitlements in ARS

IAM_99
Regular Contributor II
Regular Contributor II

‎10/24/2022 09:23 PM

Hi Team,

we have rest connector app- There are two roles are available - 'role_basic', 'role_admin'

'role_basic' is default for all users, only 'role_admin' is requestable.

We are showing only 'role_admin' as requestable ( using filter) its working as expected.

but when we run import job , 'role_basic' is getting added to the user - now user has 2 entitlements ('role_basic', 'role_admin').

1. Is there a way we can filter not to bring 'role_basic'  (default) to saviynt ?

2. While removing  access request- its showing both roles ( since 'role_basic' came through import) 

Can we hide entitlement 'role_basic' ?

removing/adding 'role_basic' is not supported by REST application, even though if its creates task , it will fail as target is not supported this operation, we want to avoid this.

any idea on how to achieve this ?

 

Labels:
0 Kudos
11 REPLIES 11

rushikeshvartak
All-Star
All-Star

‎10/25/2022 01:56 AM

As per audit concern we should not filter any data from application.

solution to your problem is in createAccountJson & RemoveAccessJson use if else loop & if its ROLE_BASIC call dummy api to complete task in saviynt only so task will not error out and issue will be resolved.

now to hide entitlement from ARS. Use filter on selected entitlements on ARS under Entitlement Type


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

IAM_99
Regular Contributor II
Regular Contributor II

‎10/25/2022 08:26 AM

Thanks for response , Can you share any sample/dummy api to complete task in saviynt.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to IAM_99

‎10/25/2022 08:39 AM

"url": "${entitlementValue.entitlement_values.equalsIgnoreCase('ROLE_ADMIN')?'https://actualURL/':'https://dummyapplicationgeturlwhichreturn200.com'}",

 

Example 3 from https://saviynt.freshdesk.com/support/solutions/articles/43000521736-rest-connector-guide%C2%A0 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

IAM_99
Regular Contributor II
Regular Contributor II

‎10/27/2022 06:31 AM - edited ‎10/27/2022 06:31 AM

hi , I tried like below but still see task not completed.

 

{
"call": [{
"name": "Roles",
"connection": "userAuth", "url":"${entitlementValue.entitlement_values.equalsIgnoreCase('ROLE_ADMIN')?'https://XXXXXXXXXXXXXXX/idams/b2c/api/v1/ext/application/users/${account.name}/role/${entitlementVal...'}",
"httpMethod": "DELETE",
"httpContenttype": "application/json",
"httpParams": "{}",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json"
},
"successResponses": {
"statusCode": [

{
200,204
}

]
}
}]
}

0 Kudos

IAM_99
Regular Contributor II
Regular Contributor II

‎10/31/2022 06:39 AM

Hi , Is there any additional configurations to be done ?

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to IAM_99

‎10/31/2022 06:47 AM

Please share error from Logs


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

IAM_99
Regular Contributor II
Regular Contributor II

‎11/01/2022 05:18 AM - edited ‎11/01/2022 05:44 AM

Please find exact JSON for Remove Access  & attached logs as well.

{
"call": [{
"name": "Roles",
"connection": "userAuth",
"url": "${entitlementValue.entitlement_values.equalsIgnoreCase('Agent')? 'https://xxxxx/b2c/api/v1/ext/application/users/${account.name}/role/${entitlementValue.entitlementID...'}",
"httpMethod": "${entitlementValue.entitlement_values.equalsIgnoreCase('Agent')? 'DELETE':'GET'}",
"httpContenttype": "application/json",
"httpParams": "{}",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json"
},
"successResponses": {
"statusCode": [200,204]
}
}]
}


This is the error when we are trying above " "Roles":{"headers":null,"message":"","statusCode":null,"description":null,"status":"Failed"}"


{"auditDetails":{"Roles":[{"headers":null,"message":"","statusCode":null,"description":null,"status":"Failed"},{"headers":{"date":"Tue, 01 Nov 2022 12:06:53 GMT","expires":"0","transfer-encoding":"chunked","x-content-type-options":"nosniff","x-xss-protection":"1; mode=block","vary":"origin,access-control-request-method,access-control-request-headers,accept-encoding","x-frame-options":"DENY","content-type":"application/json","cache-control":"no-cache, no-store, max-age=0, must-revalidate","pragma":"no-cache","strict-transport-security":"max-age=31536000 ; includeSubDomains"},"message":{"error":"Role restricted to Agent","code":400},"statusCode":400,"description":null,"status":"Failed"}]},
"Roles":{"headers":null,"message":"","statusCode":null,"description":null,"status":"Failed"}}


Can we try to complete the task if error message like this "Role restricted to Agent" ?

 

Preview file
869 KB
0 Kudos

IAM_99
Regular Contributor II
Regular Contributor II
In response to IAM_99

‎11/01/2022 05:45 AM

Logs

~~~~~~~~~~~

 

'https://xxxxxx.xxxxx.com/idams/b2c/api/v1/ext/application/users/${account.name}/role/${entitlementVa...'} with httpParams - [:]\n","stream":"stdout","time":"2022-11-01T12:38:58.039801967Z"}"
"ecm-worker","2022-11-01T12:38:59.036+00:00","{"log":"2022-11-01 12:38:58,039 [quartzScheduler_Worker-7] DEBUG rest.RestUtilService - Got showLogs = true\n","stream":"stdout","time":"2022-11-01T12:38:58.039807263Z"}"
"ecm-worker","2022-11-01T12:38:59.036+00:00","{"log":"2022-11-01 12:38:58,039 [quartzScheduler_Worker-7] DEBUG rest.RestProvisioningService - Got Webservice API Response: [:]\n","stream":"stdout","time":"2022-11-01T12:38:58.039809801Z"}"
"ecm-worker","2022-11-01T12:38:59.036+00:00","{"log":"2022-11-01 12:38:58,039 [quartzScheduler_Worker-7] DEBUG rest.RestProvisioningService - pullObjectsByRest - responseStatusCode ::null\n","stream":"stdout","time":"2022-11-01T12:38:58.039834441Z"}"
"ecm-worker","2022-11-01T12:38:59.036+00:00","{"log":"2022-11-01 12:38:58,039 [quartzScheduler_Worker-7] DEBUG rest.RestUtilService - Got showLogs = true\n","stream":"stdout","time":"2022-11-01T12:38:58.039837996Z"}"
"ecm-worker","2022-11-01T12:38:59.036+00:00","{"log":"2022-11-01 12:38:58,039 [quartzScheduler_Worker-7] DEBUG rest.RestProvisioningService - Got null response

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to IAM_99

‎11/01/2022 06:24 AM

Is it working with postman if yes screenshot 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

IAM_99
Regular Contributor II
Regular Contributor II

‎11/01/2022 07:45 AM

That error is gone , issue was this bold one " "httpMethod": "${entitlementValue.entitlement_values.equalsIgnoreCase('Agent')? 'DELETE':'GET'}",

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Now we are trying in + ve case

"url": "${entitlementValue.entitlement_value.equalsIgnoreCase('Agent')? 'https://xxxxx/idams/b2c/api/v1/ext/application/users/${account.name}/role/${entitlementValue.entitlementID}':'https://xxxxxx/idams/b2c/api/v1/ext/users'}",

$ was not able to resolve inside ' ' (single quotes), I have tried below still no luck

 

{
"call": [{
"name": "Roles",
"connection": "userAuth",
"url": "${entitlementValue.entitlement_value.equalsIgnoreCase('Agent')? 'https://xxxxx/idams/b2c/api/v1/ext/application/users/+'${account.name}'+/role/+'${entitlementValue.e...'}",
"httpMethod": "${entitlementValue.entitlement_value.equalsIgnoreCase('Agent')? 'DELETE':'GET'}",

"httpParams": "{}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"successResponses": {
"statusCode": [200,204]
}
}]
}

 

"ecm-worker","2022-11-01T14:36:55.101+00:00","{"log":"2022-11-01 14:36:54,453 [quartzScheduler_Worker-3] DEBUG println.PrintlnToLogger - Println :: \u001b[1;31m| Error \u001b[22;39mjava.lang.IllegalArgumentException: Illegal character in path at index 1: ${entitlementValue.entitlement_value.equalsIgnoreCase('Agent')? 'https://pa.h.sre2.ntg.equifax.com/idams/b2c/api/v1/ext/application/users/+'${account.name}'+/role/+'...u001b[m\n","stream":"stdout","time":"2022-11-01T14:36:54.45362212Z"}"
"ecm-worker","2022-11-01T14:36:55.101+00:00","{"log":"2022-11-01 14:36:54,453 [quartzScheduler_Worker-3] DEBUG println.PrintlnToLogger - Println :: \u001b[1;31m| Error \u001b[22;39m\u0009at java.net.URI.create(URI.java:852)\u001b[m\n","stream":"stdout","time":"2022-11-01T14:36:54.453835728Z"}"
"ecm-worker","2022-11-01T14:36:55.101+00:00","{"log":"2022-11-01 14:36:54,453 [quartzScheduler_Worker-3] DEBUG println.PrintlnToLogger - Println :: \u001b[1;31m| Error \u001b[22;39m\u0009at

 

Can you let us know any sample URL with songle quotes and passing  (${})dynamic value  ?

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to IAM_99

‎11/01/2022 08:52 AM 

{
"call": [{
"name": "Roles",
"connection": "userAuth",
"url": "${entitlementValue.entitlement_values.equalsIgnoreCase('Agent')? 'https://xxxxx/idams/b2c/api/v1/ext/application/users/'+account.name+'/role/'+entitlementValue.entitlement_values+'}",
"httpMethod": "${entitlementValue.entitlement_values.equalsIgnoreCase('Agent')? 'DELETE':'GET'}",

"httpParams": "{}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"successResponses": {
"statusCode": [200,204]
}
}]
}

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC