I am developing a custom adapter which supports add/modify/delete user operation.

For ADD user operation, I need to set the ISIM request status to WARNING in case few attributes are failed to add on user profile.

In the custom connector I am setting a new attribute called failedAttribute to identify failed entries.

And in the assembly line After Add hook I have written following script

var failed = conn.getAttribute("failedAttribute");

if(failed != null){

work.removeAllAttributes();

work.setAttribute("details",failed);

work.getAttribute("details").setOper(Packages.com.ibm.di.entry.AttributeValue.AV_UNCHANGED);

for(attrIdx=0;attrIdx<failed.getValues().length;attrIdx++) {

work.getAttribute("details").setValueOper(attrIdx,Packages.com.ibm.di.entry.AttributeValue.AV_UNCHANGED);

}

var v1 = new Packages.java.util.Vector();

v1.add(conn.getProperty(REQST_OP_STATUS_REASON));

work.setProperty(Packages.com.ibm.di.dispatcher.Defs.REASON_MESSAGE_ARGS, v1);

work.setProperty(Packages.com.ibm.di.dispatcher.Defs.STATUSCODE, new Packages.java.lang.Integer(Packages.com.ibm.itim.remoteservices.provider.Status.SUCCESSFUL_WARNING));

work.setProperty(Packages.com.ibm.di.dispatcher.Defs.REASONCODE, Packages.com.ibm.itim.remoteservices.provider.Reason.PROCESSING_ERROR );

work.setProperty(Packages.com.ibm.di.dispatcher.Defs.REASON_MESSAGE, Packages.com.ibm.di.dispatcher.DispatcherReasonMessage.ADAPTER_ADD_WARNING );

}else{

work.setProperty(Packages.com.ibm.di.dispatcher.Defs.STATUSCODE, new Packages.java.lang.Integer(Packages.com.ibm.itim.remoteservices.provider.Status.SUCCESSFUL));

}

I am afraid you are off to a wrong direction - you should not use attributes for flagging errors. To return an error on a single (or multiple) attribute(s) follow the guidelines in the "IBM Security Identity Adapter Development and Customization Guide" (CC2FTEN) available from Passport Advantage.

The relevant section is found in Custom Adapters/Custom Adapter Documents/Develop the ISVI assembly lines.html (in my version).

You may need to test this somewhat as the guidelines are easier understood when you have got it working :-)

Regards

Franz Wolfhagen

IAM Technical Architect for Europe

Certified Consulting IT Specialist

IBM Security Expert Labs

Hi Franz,

Thanks for your reply.

The explanation in the customization guide is as follows --

Assume that a MODIFY request is made from IBM Security Identity Manager with the following three attributes:

Attr1 Val11

Attr2 Val21, Val22, Val23 (multi value attribute)

Attr3 Val31

While processing this MODIFY request, if

Setting Attr1 failed on managed resource AND

Setting Val22 of Attr2 failed on managed resource

then, the return ENTRY should contain:

Attr1 Val11

Attr2 Val22

In the work entry I am adding the failed attributevalue to the failed attribute so that it can be marked as FAILED.

Though due to above logic I can see that the failed values are not displayed on account form, but the submitted request is being marked as SUCCESSFUL instead of WARING

Did you mark the whole entry with Warning status ? IIRC that is the responsibility of the adapter to do so - basically the ISIM Service Provider just handles what ever comes back.

So - if you have an attribute value that is failing you should flag that as an error on value level. Attribute level should be warning and entry should also be warning. If the attribute is failing completely (single value or all values failing) you should flag the attribute as error (I am not sure if you should return any value in this case - you would need to test that) and the Entry as warning.

This is not a very well documented part of the adapter logic - so also I may nbot be correct here (formal documentation is the final arbiter) - so if you are sure that you follow the documentation 100% and does not work you should raise a case to IBM Support and get it resolved as there may be either documentation or code bugs.

HTH

Regards

Franz Wolfhagen