Click HERE to see how Saviynt Intelligence is transforming the industry. |
10/01/2024 11:22 AM
Hi,
We're dealing with an issue related to XML formatting and variable replacement when triggering an Access add/remove.
Because of the way this suite of applications works, in an hybrid JSON/XML approach, we created an Enhanced Query Execution job with a custom query to obtain the entitlements assigned and to be removed for the account, as recommended by Saviynt. The output of this query is an XML string concatenated with all the entitlements in the format required by the application. This output is saved in the Task comments, to be used in the Provisioning/Access stage/task.
We’re encountering an issue related to how this task comments variable is replaced at provisioning/access time. We noticed that “< AppRole >”, in this example, is being replaced with Unicode characters.
This is just a simplification of the usecase, to make it easy to understand.
Task comments with the values in XML format:
This is the AddAccessJSON with the task.comment variable inyected:
{
"accountIdPath": "accountName",
"call": [
{
"name": "Access-Role",
"connection": "userAuth",
"url": "https://testdev/finegrain/createUserProfileWithUserInfo",
"httpMethod": "POST",
"httpParams": "{\"sso\":\"${user.username}\",\"appName\":\"MYPAYMENTS\",\"xmlMessage\": \"<Roles>${arsTasks.comments}</Roles>\"}",
"httpHeaders": {
"Authorization": "${access_token}",
"x-apigw-api-id": "",
"Content-type": "application/json"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200
]
},
"unsuccessResponses": {
"statusCode": [
400,
403,
500
]
}
}
]
}
This is the logs with the way the variable is consumed and replaced, marked to better readability. Noticed that it’s injecting the variable but adding Unicode characters, which the application endpoint is not able to consume:
2024-10-01T14:34:36-03:00-ecm-worker-rest.RestProvisioningService-quartzScheduler_Worker-7-qq42h-DEBUG-Calling Webservice Url - https:// dev/finegrain/createUserProfileWithUserInfo with httpParams - [sso:503508027, appName:MYPAYMENTS, xmlMessage:<Roles>< AppRole ></Roles>]
We already have tried adding and removing spaces and changing the format, with same results.
Is there a configuration to allow this XML strings to be used without any conversion? If Unicode conversion can be disabled in a Global fashion, it’s not really required for our integrations.
Thanks
10/01/2024 02:36 PM - edited 10/01/2024 02:37 PM
@wronzitti
Try this to escape the special characters
${org.apache.commons.lang.StringEscapeUtils.escapeJava(arsTasks.comments)}
10/01/2024 03:20 PM
Still having the same issue. I see this in the logs:
2024-10-01T19:01:49-03:00-ecm-worker-rest.RestProvisioningService-quartzScheduler_Worker-7-s4pz2-DEBUG-params.memento.removeAccessJSON: [accountIdPath:accountName, call:[[name:Access-Role, connection:userAuth, url:https://dev/finegrain/createUserProfile, httpMethod:POST, httpParams:{"sso":"${user.username}","appName":"MYFUNDING","xmlMessage": "<Roles>${org.apache.commons.lang.StringEscapeUtils.escapeJava(arsTasks.comments)}</Roles>"}, httpHeaders:[Authorization:${access_token}, x-apigw-api-id:11, Content-type:application/json], httpContentType:application/json, successResponses:[statusCode:[200]], unsuccessResponses:[statusCode:[400, 403, 500]]]]]
2024-10-01T19:01:49-03:00-ecm-worker-rest.RestProvisioningService-quartzScheduler_Worker-7-s4pz2-DEBUG-Calling Webservice Url - https://dev/finegrain/createUserProfile with httpParams - [sso:503508027, appName:MYFUNDING, xmlMessage:<Roles><Role><Function>Treasury</Function><AppRole>Controller</AppRole></Role></Roles>]
This in the task comments content:
This is the XML payload the application is expecting in the body: