Click HERE to see how Saviynt Intelligence is transforming the industry. |
10/24/2022 09:23 PM
Hi Team,
we have rest connector app- There are two roles are available - 'role_basic', 'role_admin'
'role_basic' is default for all users, only 'role_admin' is requestable.
We are showing only 'role_admin' as requestable ( using filter) its working as expected.
but when we run import job , 'role_basic' is getting added to the user - now user has 2 entitlements ('role_basic', 'role_admin').
1. Is there a way we can filter not to bring 'role_basic' (default) to saviynt ?
2. While removing access request- its showing both roles ( since 'role_basic' came through import)
Can we hide entitlement 'role_basic' ?
removing/adding 'role_basic' is not supported by REST application, even though if its creates task , it will fail as target is not supported this operation, we want to avoid this.
any idea on how to achieve this ?
10/25/2022 01:56 AM
As per audit concern we should not filter any data from application.
solution to your problem is in createAccountJson & RemoveAccessJson use if else loop & if its ROLE_BASIC call dummy api to complete task in saviynt only so task will not error out and issue will be resolved.
now to hide entitlement from ARS. Use filter on selected entitlements on ARS under Entitlement Type
10/25/2022 08:26 AM
Thanks for response , Can you share any sample/dummy api to complete task in saviynt.
10/25/2022 08:39 AM
"url": "${entitlementValue.entitlement_values.equalsIgnoreCase('ROLE_ADMIN')?'https://actualURL/':'https://dummyapplicationgeturlwhichreturn200.com'}",
Example 3 from https://saviynt.freshdesk.com/support/solutions/articles/43000521736-rest-connector-guide%C2%A0
10/27/2022 06:31 AM - edited 10/27/2022 06:31 AM
hi , I tried like below but still see task not completed.
{
"call": [{
"name": "Roles",
"connection": "userAuth", "url":"${entitlementValue.entitlement_values.equalsIgnoreCase('ROLE_ADMIN')?'https://XXXXXXXXXXXXXXX/idams/b2c/api/v1/ext/application/users/${account.name}/role/${entitlementVal...'}",
"httpMethod": "DELETE",
"httpContenttype": "application/json",
"httpParams": "{}",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json"
},
"successResponses": {
"statusCode": [
{
200,204
}
]
}
}]
}
10/31/2022 06:39 AM
Hi , Is there any additional configurations to be done ?
10/31/2022 06:47 AM
Please share error from Logs
11/01/2022 05:18 AM - edited 11/01/2022 05:44 AM
Please find exact JSON for Remove Access & attached logs as well.
{
"call": [{
"name": "Roles",
"connection": "userAuth",
"url": "${entitlementValue.entitlement_values.equalsIgnoreCase('Agent')? 'https://xxxxx/b2c/api/v1/ext/application/users/${account.name}/role/${entitlementValue.entitlementID...'}",
"httpMethod": "${entitlementValue.entitlement_values.equalsIgnoreCase('Agent')? 'DELETE':'GET'}",
"httpContenttype": "application/json",
"httpParams": "{}",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json"
},
"successResponses": {
"statusCode": [200,204]
}
}]
}
This is the error when we are trying above " "Roles":{"headers":null,"message":"","statusCode":null,"description":null,"status":"Failed"}"
{"auditDetails":{"Roles":[{"headers":null,"message":"","statusCode":null,"description":null,"status":"Failed"},{"headers":{"date":"Tue, 01 Nov 2022 12:06:53 GMT","expires":"0","transfer-encoding":"chunked","x-content-type-options":"nosniff","x-xss-protection":"1; mode=block","vary":"origin,access-control-request-method,access-control-request-headers,accept-encoding","x-frame-options":"DENY","content-type":"application/json","cache-control":"no-cache, no-store, max-age=0, must-revalidate","pragma":"no-cache","strict-transport-security":"max-age=31536000 ; includeSubDomains"},"message":{"error":"Role restricted to Agent","code":400},"statusCode":400,"description":null,"status":"Failed"}]},
"Roles":{"headers":null,"message":"","statusCode":null,"description":null,"status":"Failed"}}
Can we try to complete the task if error message like this "Role restricted to Agent" ?
11/01/2022 05:45 AM
Logs
~~~~~~~~~~~
'https://xxxxxx.xxxxx.com/idams/b2c/api/v1/ext/application/users/${account.name}/role/${entitlementVa...'} with httpParams - [:]\n","stream":"stdout","time":"2022-11-01T12:38:58.039801967Z"}"
"ecm-worker","2022-11-01T12:38:59.036+00:00","{"log":"2022-11-01 12:38:58,039 [quartzScheduler_Worker-7] DEBUG rest.RestUtilService - Got showLogs = true\n","stream":"stdout","time":"2022-11-01T12:38:58.039807263Z"}"
"ecm-worker","2022-11-01T12:38:59.036+00:00","{"log":"2022-11-01 12:38:58,039 [quartzScheduler_Worker-7] DEBUG rest.RestProvisioningService - Got Webservice API Response: [:]\n","stream":"stdout","time":"2022-11-01T12:38:58.039809801Z"}"
"ecm-worker","2022-11-01T12:38:59.036+00:00","{"log":"2022-11-01 12:38:58,039 [quartzScheduler_Worker-7] DEBUG rest.RestProvisioningService - pullObjectsByRest - responseStatusCode ::null\n","stream":"stdout","time":"2022-11-01T12:38:58.039834441Z"}"
"ecm-worker","2022-11-01T12:38:59.036+00:00","{"log":"2022-11-01 12:38:58,039 [quartzScheduler_Worker-7] DEBUG rest.RestUtilService - Got showLogs = true\n","stream":"stdout","time":"2022-11-01T12:38:58.039837996Z"}"
"ecm-worker","2022-11-01T12:38:59.036+00:00","{"log":"2022-11-01 12:38:58,039 [quartzScheduler_Worker-7] DEBUG rest.RestProvisioningService - Got null response
11/01/2022 06:24 AM
Is it working with postman if yes screenshot
11/01/2022 07:45 AM
That error is gone , issue was this bold one " "httpMethod": "${entitlementValue.entitlement_values.equalsIgnoreCase('Agent')? 'DELETE':'GET'}",
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Now we are trying in + ve case
"url": "${entitlementValue.entitlement_value.equalsIgnoreCase('Agent')? 'https://xxxxx/idams/b2c/api/v1/ext/application/users/${account.name}/role/${entitlementValue.entitlementID}':'https://xxxxxx/idams/b2c/api/v1/ext/users'}",
$ was not able to resolve inside ' ' (single quotes), I have tried below still no luck
{
"call": [{
"name": "Roles",
"connection": "userAuth",
"url": "${entitlementValue.entitlement_value.equalsIgnoreCase('Agent')? 'https://xxxxx/idams/b2c/api/v1/ext/application/users/+'${account.name}'+/role/+'${entitlementValue.e...'}",
"httpMethod": "${entitlementValue.entitlement_value.equalsIgnoreCase('Agent')? 'DELETE':'GET'}",
"httpParams": "{}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"successResponses": {
"statusCode": [200,204]
}
}]
}
"ecm-worker","2022-11-01T14:36:55.101+00:00","{"log":"2022-11-01 14:36:54,453 [quartzScheduler_Worker-3] DEBUG println.PrintlnToLogger - Println :: \u001b[1;31m| Error \u001b[22;39mjava.lang.IllegalArgumentException: Illegal character in path at index 1: ${entitlementValue.entitlement_value.equalsIgnoreCase('Agent')? 'https://pa.h.sre2.ntg.equifax.com/idams/b2c/api/v1/ext/application/users/+'${account.name}'+/role/+'...u001b[m\n","stream":"stdout","time":"2022-11-01T14:36:54.45362212Z"}"
"ecm-worker","2022-11-01T14:36:55.101+00:00","{"log":"2022-11-01 14:36:54,453 [quartzScheduler_Worker-3] DEBUG println.PrintlnToLogger - Println :: \u001b[1;31m| Error \u001b[22;39m\u0009at java.net.URI.create(URI.java:852)\u001b[m\n","stream":"stdout","time":"2022-11-01T14:36:54.453835728Z"}"
"ecm-worker","2022-11-01T14:36:55.101+00:00","{"log":"2022-11-01 14:36:54,453 [quartzScheduler_Worker-3] DEBUG println.PrintlnToLogger - Println :: \u001b[1;31m| Error \u001b[22;39m\u0009at
Can you let us know any sample URL with songle quotes and passing (${})dynamic value ?
11/01/2022 08:52 AM
{
"call": [{
"name": "Roles",
"connection": "userAuth",
"url": "${entitlementValue.entitlement_values.equalsIgnoreCase('Agent')? 'https://xxxxx/idams/b2c/api/v1/ext/application/users/'+account.name+'/role/'+entitlementValue.entitlement_values+'}",
"httpMethod": "${entitlementValue.entitlement_values.equalsIgnoreCase('Agent')? 'DELETE':'GET'}",
"httpParams": "{}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"successResponses": {
"statusCode": [200,204]
}
}]
}