Hi Franz,
Yes exactly this is the case when we use the console to create the account (the eruid is populated using the identity policy if it exists)., but this is not working when we are provisioning the account through web service.
I tried to use the parameters.eruid[0] in the provisioning policy as you suggested, and added the following code for the user id attribute:
var val = parameters.eruid[0];Enrole.logInfo("com.ibm.myExtension","ppscript", "value of eruid is from web service: " + val+ ".");return val;
Again I received the following error when I went to View Requests in admin console stating Account Add failed:
CTGIMD810E The adapter returned an error status for a add request.Status code: failure Adapter error message: Create user failed. Invalid eruid, Length of eruid is greater than 20 charactersAnd in the msg.log the following entries were observed:
<Message Id="None" Severity="INFO"> <Time Millis="1566387410580"> 2019.08.21 16:36:50.580+05:00</Time> <Server Format="IP">sim7017.hrt.com</Server> <ProductId>CTGIM</ProductId> <Component>com.ibm.myExtension</Component> <ProductInstance>ISIMVa_APP_MEMBER</ProductInstance> <LogText><![CDATA[value of eruid is from web service: jahanzaib.]]></LogText> <Source FileName="com.ibm.itim.script.extensions.impl.EnroleBeanImpl" Method="ppscript"/> <TranslationInfo Type="JAVA" Catalog="null" MsgKey="null"></TranslationInfo></Message><Message Id="None" Severity="INFO"> <Time Millis="1566387410850"> 2019.08.21 16:36:50.850+05:00</Time> <Server Format="IP">sim7017.hrt.com</Server> <ProductId>CTGIM</ProductId> <Component>com.ibm.myExtension</Component> <ProductInstance>ISIMVa_APP_MEMBER</ProductInstance> <LogText><![CDATA[value of eruid is from web service: .]]></LogText> <Source FileName="com.ibm.itim.script.extensions.impl.EnroleBeanImpl" Method="ppscript"/> <TranslationInfo Type="JAVA" Catalog="null" MsgKey="null"></TranslationInfo></Message><Message Id="None" Severity="INFO"> <Time Millis="1566387412904"> 2019.08.21 16:36:52.904+05:00</Time> <Server Format="IP">sim7017.hrt.com</Server> <ProductId>CTGIM</ProductId> <Component>com.ibm.myExtension</Component> <ProductInstance>ISIMVa_APP_MEMBER</ProductInstance> <LogText><![CDATA[value of eruid is from web service: .]]></LogText> <Source FileName="com.ibm.itim.script.extensions.impl.EnroleBeanImpl" Method="ppscript"/> <TranslationInfo Type="JAVA" Catalog="null" MsgKey="null"></TranslationInfo></Message>
As shown above, three entries were observed in the msg.log. The first entry shows that the user id was fetched from the identity policy and stored in the variable, but the variable is empty in the second and third log entry.
1) Why is that I am receiving three log entries?
2) Why is ISIM updating the variable with empty string when it has already got the value in the first entry? Is it giving priority to the value being sent from the web service?
Please can you give your comments on this whole scenario? Secondly, as you said that I will have to build the complete logic of identity policy in the provision policy, how will that work if we consider the above scenario (ISIM giving priority to what is passed from web service)
Best regards,
------------------------------
Jahanzaib Sarwar
------------------------------
Original Message:
Sent: Sun August 25, 2019 02:06 PM
From: Franz Wolfhagen
Subject: ISIM Web Services - Create Account using ISIM Identity Policy
I would strongly believe that this is worth a Case - any account creation should user the eruid passed from the Identity Policy (if it exists). I assume this is the case when you use the Console, SelfService or ISC ?
As a workaround you can use the parameters.eruid[0] in a provisioning policy for the eruid attribue (it is generally bad practice to do this - but in this case it may (or perhaps not - it may be the missing link that the parameters are not built - and just to be sure nobody get wrong hope - the parameter is the eruid coming from the identity policy...) - if this does not work either build the logic of the identity policy fully in the provisioning policy.
HTH
Regards
Franz Wolfhagen
------------------------------
Franz Wolfhagen
Original Message:
Sent: Sat August 24, 2019 06:03 AM
From: Jahanzaib Sarwar
Subject: ISIM Web Services - Create Account using ISIM Identity Policy
Respected fellows,
I am working with ISIM Web Services to provision accounts for users. I am trying to use ISIM's Identity Policy to set the eruid at the time of account creation from web service, just like when we provision the accounts from the admin console where identity policy kicks in. If I do not supply the eruid attribute in the web service request (assuming ISIM should set it according to identity policy for that service), I get the following error:
com.ibm.itim.ws.services.WSApplicationException: CTGIME015E An error occurred while processing policy analysis request. The following error occurred.
Error: CTGIMI100E The attribute eruid cannot be null.
And if I supply the eruid attribute but with value as an empty string, I get the request on SIM but with status failed and following message:
CTGIMD810E The adapter returned an error status for a add request.
Status code: failure
Adapter error message: Create user failed. Invalid eruid, Length of eruid is greater than 20 characters
Is it possible to use the identity policy when working with web services?
Best regards,
------------------------------
Jahanzaib Sarwar
------------------------------