and more in a single search tool across platforms. Read the announcement here. |
03/12/2024 12:24 PM
Hello Team,
I have configured ImportAccountEntJSON , attached with URL etc replaced, and the data for accessImport shows up in logs, but not getting saved to entitlements list, also same way accounts are getting imported but shows only in logs and not getting mapped.
Can you please help me correct the mapping?
attched
1) ENTAccJSONN.txt (JSON for import)
2) AccountsResponse.txt, accounts list, co-relation rule used at endpoint is: concat(users.firstname ,' ', users.lastname) = concat(accounts.customproperty1,' ',accounts.displayName)
3) response1_AllEntsReturn_entparamsapi.txt which has all entitlements returned structure from postman
4) Logs
Thanks
Mahesh
03/12/2024 12:56 PM
Accounts got added by correcting a mapping in accountentparams, which imports all accounts as Inactive , API unfortunately does not return me account status, so how can I set all accounts active instead of letting it inactive.
Thanks
Mahesh
03/12/2024 06:33 PM
{
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"accountThresholdValue": 2000,
"inactivateAccountsNotInFile": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://abcd.com/rest/IBSET/v4/users/search-details",
"httpContentType": "application/json",
"httpMethod": "POST",
"httpParams": "{\"partialLstNme\": \"\",\"prcsGrpLst\": [ {\"prcsGrpId\": \"775\"}]}",
"httpHeaders": {
"application-id": "ET",
"uuid": "9ff89230-db26-11ee-8bfe-470231f22af8",
"Authorization": "${access_token}",
"source-id": "incorrectforsec",
"organization-id": "removedforsecurity",
"ibs-authorization": "removed1",
"security-token-type": "Oauth2",
"saf-indicator": "N",
"Accept": "*/*"
}
},
"listField": "Entity.usrIdLst",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "Entity.usrIdLst.usr.usrId~#~char",
"name": "Entity.usrIdLst.usr.usrId~#~char",
"displayName": "Entity.usrIdLst.usr.lstNme~#~char",
"customproperty1": "Entity.usrIdLst.usr.frstNme~#~char",
"customproperty2": "Entity.usrIdLst.usr.prcsGrpLst.prcsGrpId~#~char",
"customproperty3": "Entity.usrIdLst.usr.pwdManaged~#~char",
"customproperty30": "active~#~char",
"customproperty6": "last_login_at~#~char",
"customproperty7": "custom_role_id~#~char",
"customproperty8": "default_group_id~#~char",
"customproperty9": "created_at~#~char",
"customproperty10": "updated_at~#~char",
"customproperty11": "suspended~#~char",
"status": "#CONST#1~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
},
"pagination": {
"nextUrl": {
"nextUrlPath": "${response?.completeResponseMap?.next_page==null?null:response.completeResponseMap.next_page}"
}
}
},
"entitlementParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"STANDARD": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://abcd.com/rest/IBSET/v4/roles/search-details?prcsGrpId=775",
"httpContentType": "application/json",
"httpMethod": "GET",
"httpHeaders": {
"application-id": "ET",
"uuid": "23dbec8f-8978-45d0-97ff-172c296da805",
"Authorization": "${access_token}",
"source-id": "removed1",
"organization-id": "XYZ",
"ibs-authorization": "security1",
"security-token-type": "Oauth2",
"saf-indicator": "N",
"Accept": "*/*"
}
},
"listField": "Entity.roleList[0]",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "roleId~#~char",
"entitlement_value": "roleNme~#~char",
"customproperty1": "roleId~#~char",
"customproperty2": "displayName~#~char",
"customproperty10": "prcsGrpId~#~char",
"customproperty11": "roleTyp~#~char",
"customproperty6": "lstUpDte~#~char",
"customproperty7": "lstUpDteby~#~char",
"status": "active~#~char"
},
"pagination": {
"nextUrl": {
"nextUrlPath": "${response?.completeResponseMap?.next_page==null?null:response.completeResponseMap.next_page}"
}
},
"disableDeletedEntitlements": true
}
}
},
"3270": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://abcd.com/rest/IBSET/v4/roles/search-details?prcsGrpId=775",
"httpContentType": "application/json",
"httpMethod": "GET",
"httpHeaders": {
"application-id": "ET",
"uuid": "23dbec8f-8978-45d0-97ff-172c296da805",
"Authorization": "${access_token}",
"source-id": "removed1",
"organization-id": "incorrectforsec",
"ibs-authorization": "incorrectforsec1",
"security-token-type": "Oauth2",
"saf-indicator": "N",
"Accept": "*/*"
}
},
"listField": "Entity.roleList[0]",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "roleId~#~char",
"entitlement_value": "roleNme~#~char",
"customproperty1": "roleId~#~char",
"customproperty2": "displayName~#~char",
"customproperty10": "prcsGrpId~#~char",
"customproperty11": "roleTyp~#~char",
"customproperty6": "lstUpDte~#~char",
"customproperty7": "lstUpDteby~#~char",
"status": "active~#~char"
},
"pagination": {
"nextUrl": {
"nextUrlPath": "${response?.completeResponseMap?.next_page==null?null:response.completeResponseMap.next_page}"
}
},
"disableDeletedEntitlements": true
}
}
},
"SECURITY": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://abcd.com/rest/IBSET/v4/roles/search-details?prcsGrpId=85",
"httpContentType": "application/json",
"httpMethod": "GET",
"httpHeaders": {
"application-id": "ET",
"uuid": "23dbec8f-8978-45d0-97ff-172c296da805",
"Authorization": "${access_token}",
"source-id": "incorrectforsec",
"organization-id": "removed1",
"ibs-authorization": "removedforsecurity",
"security-token-type": "Oauth2",
"saf-indicator": "N",
"Accept": "*/*"
}
},
"listField": "Entity.roleList[0]",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "roleId~#~char",
"entitlement_value": "roleNme~#~char",
"customproperty1": "roleId~#~char",
"customproperty2": "displayName~#~char",
"customproperty10": "prcsGrpId~#~char",
"customproperty11": "roleTyp~#~char",
"customproperty6": "lstUpDte~#~char",
"customproperty7": "lstUpDteby~#~char",
"status": "active~#~char"
},
"pagination": {
"nextUrl": {
"nextUrlPath": "${response?.completeResponseMap?.next_page==null?null:response.completeResponseMap.next_page}"
}
},
"disableDeletedEntitlements": true
}
}
}
}
},
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}
03/13/2024 11:42 AM - edited 03/13/2024 11:49 AM
Hi Rushikesh,
Thanks for the valuable inputs,.
I am able to set status for accounts now. Thanks for input, however entitlements not getting updated and looking to see how we can do the same, my json now looks as attached.
Also I want to set displayname for accounts as firstName+' '+lastname and the mapping is as below, can you/all suggest something here as this is not working: "displayName": "#CONST#${String lastname=lstNme~#~char;String firstname=frstNme~#~char;return firstname.concat(' ',lastname);}",
"listField": "Entity.usrIdLst.usr",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "usrId~#~char",
"name": "usrId~#~char",
"displayName": "#CONST#${String lastname=lstNme~#~char;String firstname=frstNme~#~char;return firstname.concat(' ',lastname);}",
"customproperty1": "frstNme~#~char",
"customproperty2": "prcsGrpLst.prcsGrpId~#~char",
"customproperty3": "pwdManaged~#~char",
"customproperty4": "lstNme~#~char",
"customproperty30": "#CONST#active~#~char",
Thanks
Mahesh
03/13/2024 08:44 PM
Hi @mbh_it ,
You can use this.
"displayname": "#CONST#${String data1 = response.givenName; String data2 = response.surname; ret = data1 + \" \" + data2; return ret}~#~char"
03/13/2024 08:47 PM
For entitlement try this.
03/14/2024 01:26 PM
Hi @NM
Thanks for your valuable response and guidance.
Good news is , Displayname setting is now working fine for accounts.
Problem still persists as: Entitlements stops updating when I set "listField": "Entity.roleList", and Updates when I am setting to "listField": "Entity.roleList[0]", Problem is now, when I am setting this it updates all three entitlements Type with same entitlement value, so I want to get rid of this and map it correctly. My json now looks as attached, kindly provide comments.
Thanks
Mahesh
03/14/2024 07:57 PM
can you share postman response for entitlement API?
03/15/2024 08:48 AM
03/15/2024 01:41 PM
Hi @rushikeshvartak @NM / All,
I am also not able to map account and entitlements, running into issues, my JSON attached here.
Response of account and associated role is attached and error logs attached for access Import
Thanks
Mahesh
03/18/2024 11:01 AM
Hi Team/ All/ @rushikeshvartak @NM ,
I am looking forward to inputs for this and meanwhile trying to figureout as well, I would appreciate inputs.
Thanks
Mahesh
03/18/2024 09:17 PM
Hi @mbh_it , are you able to import entitlement now in the system.
03/19/2024 05:55 AM
Hi @NM , entitlements imported but all entitlements got mapped to all three types, so query is how to prevent that?
And during access Import, how to map ent to accounts? Looking forward to some inputs.
Kindly take a look at the responses and json as well as logs attached in earlier thread, it would be appreciated if I get how to resolve the same.
Thanks
Mahesh
03/19/2024 10:20 AM
I am getting following error, it seems for fetching accounts and its ent, when I pass accountID in post call, the variable itself is not resolved by saviynt as I am seeing that in logs as below instead of picking each account and making call.
"2024-03-19T16:39:57.131+00:00","ecm-worker","","","","2024-03-19T16:39:56.904977503Z stdout F 2024-03-19 16:39:56,904 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService - Got Webservice API Response: [headers:[Server: Apache, Access-Control-Expose-Headers: ETag, Access-Control-Allow-Origin: *, Access-Control-Allow-Methods: POST, Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.fnfis.com *.fnis.com *.fisglobal.com *.fiscloudservices.com *.prod.local https://abc.local https://abc.local *.fisdev.local *.swagger.io *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com, uuid: 9ff89230-db26-11ee-8bfe-470231f22af8, Access-Control-Allow-Headers: Content-Type,source-id,application-id,uuid,authorization,security-token-type,saf-indicator,organization-id,ibs-authorization,fis-ic-enc-sk,fis-ic-enc-x5ts256,Authorization, Content-Language: en, Content-Type: application/json, Content-Length: 351, Date: Tue, 19 Mar 2024 16:39:56 GMT, Connection: close, Strict-Transport-Security: max-age=31536000 ; includeSubDomains], responseText:{"Metadata":{"MsgLst":[{"Code":"7000","Text":"7000 - Input XML in Invalid Format. - cvc-pattern-valid: Value '${account.accountID}' is not facet-valid with respect to pattern '([a-zA-Z0-9])+' for type '#AnonType_UsrIdUsrIdListRetrieveUserDetailsRequestType'. location :Column is 593 at line number 1","Type":"Application Error","Severity":"Error"}]}}, cookies:[], statusCode:500]"
"2024-03-19T16:39:57.131+00:00","ecm-worker","","","","2024-03-19T16:39:56.904980203Z stdout F 2024-03-19 16:39:56,904 [quartzScheduler_Worker-9] DEBUG rest.RestUtilService - pullObjectsByRest - responseStatusCode ::500"
"2024-03-19T16:39:57.131+00:00","ecm-worker","","","","2024-03-19T16:39:56.905005504Z stdout F 2024-03-19 16:39:56,904 [quartzScheduler_Worker-9] ERROR rest.RestProvisioningService - Exception in pullObjectsByRest :500"
"2024-03-19T16:39:57.131+00:00","ecm-worker","","","","2024-03-19T16:39:56.905019204Z stdout F 2024-03-19 16:39:56,904 [quartzScheduler_Worker-9] ERROR rest.RestProvisioningService - Inside token Expiry Exception block. connectionParamMap.refreshTryCount : 5"
03/19/2024 07:48 PM
You have error in JSON Input XML in Invalid Format
03/21/2024 09:28 AM
@rushikeshvartak I have corrected the JSON, however still not able to map ent to account , actually used different format example, still I am not able to map, latest JSON is attached here.
03/21/2024 11:02 AM - edited 03/22/2024 12:27 PM
Hi All ,
Can you please comment, it would be great if you could help me rectify this?
Summarizing pending issues:
Can you please get me some help, I have got response to few problems like corrected display name, following are open issues:
1) Account to entitlements mapping not working though I have used two calls in accountparams and tried different API format from Documentation, I see both API gets called and data comes but mapping not happening
2) Entitlement import, totally three types are there but it dumps same data in all three types of entitlements though I have used seperate type in JSON as the api called does not have any filter to distinguish ent types, does it dump in all three? seems this is the issue, and how to fix it.
Logs and all JSON response for each API is attached with curl showing each API.
Kindly let me know if I could get resolution to this. I will update the last comment to summarize this pending problems.
More info:
Accountparams:
API1: call1: users/search-details ==> Account import: returns: AccountID(usrId), firstName,LastName
API2: Call2 (dependentcall) : users/get-roles ==> Takes accountID(postcall) : returns: accountID,roleid(entitlementID),roleNme,roleTyp
Entparams:
API3: roles/search-details?prcsGrpId=775 ==> Returns: roleid(entitlementID),roleNme,roleTyp ==> all entitlements(roles)
Thanks
Mahesh
03/26/2024 03:22 AM
Can you confirm if accounts are imported correctly? As we see the attached logs, it throws 500, which indicates data isnt getting pulled from target.
esponseText:{"Metadata":{"MsgLst":[{"Code":"1099","Text":"1099 - Administrator's user ID is not authorized to perform task; do not reapply the task. Please contact Metavante Support.","Type":"Application Error","Severity":"Error"}]}}, cookies:[], statusCode:500]"
"2024-03-21T20:31:51.230+00:00","ecm-worker","","","","2024-03-21T20:31:50.956083585Z stdout F 2024-03-21 20:31:50,956 [quartzScheduler_Worker-10] DEBUG rest.RestUtilService - pullObjectsByRest - responseStatusCode ::500"
"2024-03-21T20:31:51.230+00:00","ecm-worker","","","","2024-03-21T20:31:50.956110986Z stdout F 2024-03-21 20:31:50,956 [quartzScheduler_Worker-10] ERROR rest.RestProvisioningService - Exception in pullObjectsByRest :500"
Else, if these are not the recent logs, please validate the logs and attach the latest logs for accounts import.
03/26/2024 06:53 AM - edited 03/26/2024 08:00 AM
Hi @adarshk
Accounts are imported correctly, there is no issue with authentication. It could be when I am making some change some time if I did not make it correctly it may fail for auth. So kindly ignore the same, I want correct mapping json if I come across auth issue, I will resolve it.
Kindly note that I have opened this thread on 12th and looking for resolution soon as next week this needs to go to prod. Hence it would be greatly appreciated if I get correct mapping JSON for the same.
Also, as can be seen in last thread logs attached by me , the account and its access also returned but mapping is not happening.
uuid: 9ff89230-db26-11ee-8bfe-470231f22af8, Access-Control-Allow-Headers: Content-Type,source-id,application-id,uuid,authorization,security-token-type,saf-indicator,organization-id,ibs-authorization,fis-ic-enc-sk,fis-ic-enc-x5ts256,Authorization, Content-Language: en, Content-Type: application/json, Content-Length: 847, Date: Thu, 21 Mar 2024 20:32:55 GMT, Connection: keep-alive, Strict-Transport-Security: max-age=31536000 ; includeSubDomains], responseText:{"Entity":{"usrIdLst":[{"usr":{"usrId":"Z775044","roleLst":[{"role":{"roleId":"2302e88d-8c9b-4af5-a4b7-36f61432c327","roleNme":"Home Page Access","roleTyp":"STANDARD","lstUpDte":"2022-09-21-12.30.10","lstUpDteBy":"A203002","prcsGrpId":"775","rsmeDte":"2022-11-25-15.24.14"}},{"role":{"roleId":"0b8daff4-75fc-4fdc-83d4-3d6af0ffff14","roleNme":"RACF TellerInsight","roleTyp":"3270","lstUpDte":"2022-10-19-09.13.42","lstUpDteBy":"A203002","prcsGrpId":"775","rsmeDte":"2022-11-25-15.24.14"}},{"role":{"roleId":"ac8b4bef-b5fc-42a0-8ca4-d1d0f91580f0","roleNme":"Training-Platform","roleTyp":"STANDARD","lstUpDte":"2022-10-31-10.44.48","lstUpDteBy":"A203002","prcsGrpId":"775","rsmeDte":"2022-11-25-15.24.14"}}],"errCde":"0000","errMsg":"Success"}}]},"Metadata":{"MsgLst":[{"Code":"0","Text":"Success","Type":"Informational Message","Severity":"Info"}]}}, cookies:[], statusCode:200]"
Thanks
Mahesh
03/27/2024 07:09 AM - edited 03/27/2024 10:50 PM
It looks that acctEntParams needs to be updated to define entIdField
Please refer the below mappings sample and test by modifying acctEntParams
"listField": "Groups",
"entKeyField": "entitlementID",
"entIdField": "GroupID",
"acctIdPath": "userID",
"acctKeyField": "accountID"
03/28/2024 01:08 PM
Hi @adarshk
I will check this, actually my password for connection got expired, so I have requested it to reset, I will check this soon as, I need to deliver this next week.
Thanks
Mahesh