Saviynt Forums

Hi Rushikesh,

Thanks for the valuable inputs,.

I am able to set status for accounts now. Thanks for input, however entitlements not getting updated and looking to see how we can do the same, my json now looks as attached.

Also I want to set displayname for accounts as firstName+' '+lastname and the mapping is as below, can you/all suggest something here as this is not working: "displayName": "#CONST#${String lastname=lstNme~#~char;String firstname=frstNme~#~char;return firstname.concat(' ',lastname);}", 

"listField": "Entity.usrIdLst.usr",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "usrId~#~char",
"name": "usrId~#~char",
"displayName": "#CONST#${String lastname=lstNme~#~char;String firstname=frstNme~#~char;return firstname.concat(' ',lastname);}",
"customproperty1": "frstNme~#~char",
"customproperty2": "prcsGrpLst.prcsGrpId~#~char",
"customproperty3": "pwdManaged~#~char",
"customproperty4": "lstNme~#~char",
"customproperty30": "#CONST#active~#~char",

Thanks

Mahesh

Hi @mbh_it ,

You can use this.

"displayname": "#CONST#${String data1 = response.givenName; String data2 = response.surname; ret = data1 + \" \" + data2; return ret}~#~char"

For entitlement try this.

Hi @NM 

Thanks for your valuable response and guidance.

Good news is , Displayname setting is now working fine for accounts.

Problem still persists as: Entitlements stops updating when I set   "listField": "Entity.roleList", and Updates when I am setting to      "listField": "Entity.roleList[0]", Problem is now, when I am setting this it updates all three entitlements Type with same entitlement value, so I want to get rid of this and map it correctly. My json now looks as attached, kindly provide comments.

Thanks

Mahesh

can you share postman response for entitlement API?

Hi @NM 

Please find attached.

Thank you,

Mahesh

Hi @rushikeshvartak @NM / All,

I am also not able to map account and entitlements, running into issues, my JSON attached here.

Response of account and associated role is attached and error logs attached for access Import

Thanks

Mahesh

Hi Team/ All/ @rushikeshvartak  @NM ,

I am looking forward to inputs for this and meanwhile trying to figureout as well, I would appreciate inputs.

Thanks

Mahesh

Hi @mbh_it , are you able to import entitlement now in the system.

Hi @NM , entitlements imported but all entitlements got mapped to all three types, so query is how to prevent that?

And during access Import, how to map ent to accounts? Looking forward to some inputs. 

Kindly take a look at the responses and json as well as logs attached in earlier thread, it would be appreciated if I get how to resolve the same.

Thanks

Mahesh

I am getting following error, it seems for fetching accounts and its ent, when I pass accountID in post call, the variable itself is not resolved by saviynt as I am seeing that in logs as below instead of picking each account and making call.

"2024-03-19T16:39:57.131+00:00","ecm-worker","","","","2024-03-19T16:39:56.904977503Z stdout F 2024-03-19 16:39:56,904 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService - Got Webservice API Response: [headers:[Server: Apache, Access-Control-Expose-Headers: ETag, Access-Control-Allow-Origin: *, Access-Control-Allow-Methods: POST, Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.fnfis.com *.fnis.com *.fisglobal.com *.fiscloudservices.com *.prod.local https://abc.local https://abc.local *.fisdev.local *.swagger.io *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com, uuid: 9ff89230-db26-11ee-8bfe-470231f22af8, Access-Control-Allow-Headers: Content-Type,source-id,application-id,uuid,authorization,security-token-type,saf-indicator,organization-id,ibs-authorization,fis-ic-enc-sk,fis-ic-enc-x5ts256,Authorization, Content-Language: en, Content-Type: application/json, Content-Length: 351, Date: Tue, 19 Mar 2024 16:39:56 GMT, Connection: close, Strict-Transport-Security: max-age=31536000 ; includeSubDomains], responseText:{"Metadata":{"MsgLst":[{"Code":"7000","Text":"7000 - Input XML in Invalid Format. - cvc-pattern-valid: Value '${account.accountID}' is not facet-valid with respect to pattern '([a-zA-Z0-9])+' for type '#AnonType_UsrIdUsrIdListRetrieveUserDetailsRequestType'. location :Column is 593 at line number 1","Type":"Application Error","Severity":"Error"}]}}, cookies:[], statusCode:500]"
"2024-03-19T16:39:57.131+00:00","ecm-worker","","","","2024-03-19T16:39:56.904980203Z stdout F 2024-03-19 16:39:56,904 [quartzScheduler_Worker-9] DEBUG rest.RestUtilService - pullObjectsByRest - responseStatusCode ::500"
"2024-03-19T16:39:57.131+00:00","ecm-worker","","","","2024-03-19T16:39:56.905005504Z stdout F 2024-03-19 16:39:56,904 [quartzScheduler_Worker-9] ERROR rest.RestProvisioningService - Exception in pullObjectsByRest :500"
"2024-03-19T16:39:57.131+00:00","ecm-worker","","","","2024-03-19T16:39:56.905019204Z stdout F 2024-03-19 16:39:56,904 [quartzScheduler_Worker-9] ERROR rest.RestProvisioningService - Inside token Expiry Exception block. connectionParamMap.refreshTryCount : 5"

@rushikeshvartak I have corrected the JSON, however still not able to map ent to account , actually used different format example, still I am not able to map, latest JSON is attached here.

Hi All ,

Can you please comment, it would be great if you could help me rectify this?

Summarizing pending issues:

Can you please get me some help, I have got response to few problems like corrected display name, following are open issues:
1) Account to entitlements mapping not working though I have used two calls in accountparams and tried different API format from Documentation, I see both API gets called and data comes but mapping not happening
2) Entitlement import, totally three types are there but it dumps same data in all three types of entitlements though I have used seperate type in JSON as the api called does not have any filter to distinguish ent types, does it dump in all three? seems this is the issue, and how to fix it.

Logs and all JSON response for each API is attached with curl showing each API.

Kindly let me know if I could get resolution to this. I will update the last comment to summarize this pending problems.

More info:

Accountparams:
API1: call1: users/search-details ==> Account import: returns: AccountID(usrId), firstName,LastName
API2: Call2 (dependentcall) : users/get-roles ==> Takes accountID(postcall) : returns: accountID,roleid(entitlementID),roleNme,roleTyp

Entparams:
API3: roles/search-details?prcsGrpId=775 ==> Returns: roleid(entitlementID),roleNme,roleTyp ==> all entitlements(roles)

Thanks
Mahesh

Can you confirm if accounts are imported correctly? As we see the attached logs, it throws 500, which indicates data isnt getting pulled from target. 

esponseText:{"Metadata":{"MsgLst":[{"Code":"1099","Text":"1099 - Administrator's user ID is not authorized to perform task; do not reapply the task.  Please contact Metavante Support.","Type":"Application Error","Severity":"Error"}]}}, cookies:[], statusCode:500]"
"2024-03-21T20:31:51.230+00:00","ecm-worker","","","","2024-03-21T20:31:50.956083585Z stdout F 2024-03-21 20:31:50,956 [quartzScheduler_Worker-10] DEBUG rest.RestUtilService  - pullObjectsByRest - responseStatusCode ::500"
"2024-03-21T20:31:51.230+00:00","ecm-worker","","","","2024-03-21T20:31:50.956110986Z stdout F 2024-03-21 20:31:50,956 [quartzScheduler_Worker-10] ERROR rest.RestProvisioningService  - Exception in pullObjectsByRest :500"

Else, if these are not the recent logs, please validate the logs and attach the latest logs for accounts import. 

Hi @adarshk 

Accounts are imported correctly, there is no issue with authentication. It could be when I am making some change some time if I did not make it correctly it may fail for auth. So kindly ignore the same, I want correct mapping json if I come across auth issue, I will resolve it.

Kindly note that I have opened this thread on 12th and looking for resolution soon as next week this needs to go to prod. Hence it would be greatly appreciated if I get correct mapping JSON for the same.

Also, as can be seen in last thread logs attached by me , the account and its access also returned but mapping is not happening.

uuid: 9ff89230-db26-11ee-8bfe-470231f22af8, Access-Control-Allow-Headers: Content-Type,source-id,application-id,uuid,authorization,security-token-type,saf-indicator,organization-id,ibs-authorization,fis-ic-enc-sk,fis-ic-enc-x5ts256,Authorization, Content-Language: en, Content-Type: application/json, Content-Length: 847, Date: Thu, 21 Mar 2024 20:32:55 GMT, Connection: keep-alive, Strict-Transport-Security: max-age=31536000 ; includeSubDomains], responseText:{"Entity":{"usrIdLst":[{"usr":{"usrId":"Z775044","roleLst":[{"role":{"roleId":"2302e88d-8c9b-4af5-a4b7-36f61432c327","roleNme":"Home Page Access","roleTyp":"STANDARD","lstUpDte":"2022-09-21-12.30.10","lstUpDteBy":"A203002","prcsGrpId":"775","rsmeDte":"2022-11-25-15.24.14"}},{"role":{"roleId":"0b8daff4-75fc-4fdc-83d4-3d6af0ffff14","roleNme":"RACF TellerInsight","roleTyp":"3270","lstUpDte":"2022-10-19-09.13.42","lstUpDteBy":"A203002","prcsGrpId":"775","rsmeDte":"2022-11-25-15.24.14"}},{"role":{"roleId":"ac8b4bef-b5fc-42a0-8ca4-d1d0f91580f0","roleNme":"Training-Platform","roleTyp":"STANDARD","lstUpDte":"2022-10-31-10.44.48","lstUpDteBy":"A203002","prcsGrpId":"775","rsmeDte":"2022-11-25-15.24.14"}}],"errCde":"0000","errMsg":"Success"}}]},"Metadata":{"MsgLst":[{"Code":"0","Text":"Success","Type":"Informational Message","Severity":"Info"}]}}, cookies:[], statusCode:200]"

Thanks

Mahesh

It looks that acctEntParams needs to be updated to define entIdField

Please refer the below mappings sample and test by modifying acctEntParams  

"listField": "Groups",
"entKeyField": "entitlementID",
"entIdField": "GroupID",
"acctIdPath": "userID",
"acctKeyField": "accountID"

Hi @adarshk 

I will check this, actually my password for connection got expired, so I have requested it to reset, I will check this soon as, I need to deliver this next week.

Thanks

Mahesh