IBM Security Verify

 View Only
Expand all | Collapse all

How to update an entity in ISIM workflow using ISIM APIs

  • 1.  How to update an entity in ISIM workflow using ISIM APIs

    Posted Tue September 21, 2021 02:50 AM
    Edited by Franz Wolfhagen Wed September 22, 2021 05:14 AM
    One of my customers has implemented an "blacklist" process for userids by storing a list of already userids not to be reused in an attribute on the root Organization entity in ISIM. They wanted to maintain this list when deleting users in ISIM and needed a sample workflow script for this - so wrapped up this code (script node code in an operational workflow):
     
    //Include java packgages for easier scripting

// these needs to be made available to the JavaScript engine

// in scriptframework.properties

importPackage(Packages.com.ibm.itim.dataservices.model);
importPackage(Packages.com.ibm.itim.dataservices.model.domain);
importPackage(Packages.com.ibm.itim.common);

//Find the root org -  note : if you have multiple root orgs "o=*" filter needs to be more specific
var OrgSearch = new ContainerSearch();
var myOrg = OrgSearch.searchByFilter("Organization", "(o=*)", 1);

// Use Java APIs to update the root Org "searchguide" attribute
// First get the Directory Object via DN->DirectyEntity
var myDistinguishedName = new DistinguishedName(myOrg[0].dn);
var myOrgEnt = new OrganizationSearch().lookup(myDistinguishedName);
var myOrg = myOrgEnt.getDirectoryObject();
//Add a value - using the addAttributeValues() will only add the value 
// if not already present - so need to check if it exists
//The attribute/value would be replaced some property from the workflow in a real scenario
var myAttrValues = new AttributeValue("searchguide","something");
myOrg.addAttributeValues(myAttrValues);
// Add another value
var myAttrValues1 = new AttributeValue("searchguide","something1");
myOrg.addAttributeValues(myAttrValues1);
//Get the Directory ObjectEntity  
var myOrgEntity = new OrganizationEntity(myOrg);
//This performs the ldap update
myOrgEntity.update();

    You could of course wrap up a JavaScript or Workflow extension to do this - but this is a quick way of doing the same and the same method could be used to update any entity not being updated through workflows e.g. any containers, services, roles etc.

    I hope this can be a help - let me know if there are comments/questions



    ------------------------------
    Franz Wolfhagen
    IAM Technical Architect for Europe - Certified Consulting IT Specialist
    IBM Security Expert Labs
    ------------------------------


  • 2.  RE: How to update an entity in ISIM workflow using ISIM APIs

    Posted Wed September 22, 2021 05:00 AM
    Totally useful. Thanks for your valuable contribution.

    Just let me to rewrite your code in a legible way (using return carriage), and besides, I would suggest to incorporate in this thread the needed entries of the scriptframework.properties for having the whole of the information together

    //Include java packgages for easier scripting
    // these needs to be made available to the JavaScript engine
    // in scriptframework.properties
    importPackage(Packages.com.ibm.itim.dataservices.model);
    importPackage(Packages.com.ibm.itim.dataservices.model.domain);
    importPackage(Packages.com.ibm.itim.common);

    //Find the root org - note : if you have multiple root orgs "o=*" filter needs to be more specific
    var OrgSearch = new ContainerSearch();
    var myOrg = OrgSearch.searchByFilter("Organization", "(o=*)", 1);

    // Use Java APIs to update the root Org "searchguide" attribute
    // First get the Directory Object via DN->DirectyEntity
    var myDistinguishedName = new DistinguishedName(myOrg[0].dn);
    var myOrgEnt = new OrganizationSearch().lookup(myDistinguishedName);
    var myOrg = myOrgEnt.getDirectoryObject();

    //Add a value - using the addAttributeValues() will only add the value
    // if not already present - so need to check if it exists
    //The attribute/value would be replaced some property from the workflow in a real scenario
    var myAttrValues = new AttributeValue("searchguide","something");
    myOrg.addAttributeValues(myAttrValues);

    // Add another value
    var myAttrValues1 = new AttributeValue("searchguide","something1");
    myOrg.addAttributeValues(myAttrValues1);

    //Get the Directory ObjectEntity
    var myOrgEntity = new OrganizationEntity(myOrg);

    //This performs the ldap update
    myOrgEntity.update();

    ------------------------------
    Felipe Risalde Serrano
    Security Expert
    Banco de España
    ------------------------------

    Original Message


  • 3.  RE: How to update an entity in ISIM workflow using ISIM APIs

    Posted Wed September 22, 2021 05:25 AM
    Thanks for taking the time to put this out in a readable format - and I have to say that I use the standard insert code sample ({i} in the menu - but that seems to have a problem with line endings - in the preview it looks perfectly...

    I hope I haven't spammed too many trying to fix it without success...- I will report the problem so that it hopefully can get fixed - code samples not showing new lines are unreadable.....

    Here is my scriptframework.properties entries :

    ITIM.java.access.common=com.ibm.itim.common.*
    ITIM.java.access.model=com.ibm.itim.dataservices.model.*
    ITIM.java.access.domain=com.ibm.itim.dataservices.model.domain.*

    This time not using the code snippet ;-)

    HTH

    ------------------------------
    Franz Wolfhagen
    IAM Technical Architect for Europe - Certified Consulting IT Specialist
    IBM Security Expert Labs
    ------------------------------

    Original Message