Good to see you managed to get it to work.
A couple of things that made med wonder :
Why is this needed - normally you would drive this through setting the service to "Correct Compliance" and providing an "automatic" provisioning policy with the correct settings. The a role membership would result in this without any custom code ?
Be aware that if your service is set "Correct Compliance" your code may fail if the attributes are not compliant with policies - that is one major reason why creating an account attribute by attribute is not a good design choice. It is possible to create an account based on the provisioning policies (just like the UI does) which is a much better approach.
It is definitely possible to use APPS apis on the server platform - you can get the platform and subject through public APIs - you will need to create your ejbuser as an ITIM account (password does not matter) and off you go :-). This is of course "customization" and is as any customization only supported by your self (and a little by the community). I use this method to create groups on the fly in the operational workflow.
You do NEED to package your API calls in an extension although this is recommended - in some cases it is easier to open the APIs to the JavaScript engine as outlined in scriptFramework.properties - but this CAN open up the system so unless you understand and control the total ISIM security model you need to be very careful :-)
I am planning to write a blog series covering the ISIM Java APIs to show the power of them and how to use them in operations/JavaScript and from SDI locally and remotely. Do not hold your breath for this as I am pretty busy - but hopefully I can get it out of the door this year :-)
HTH
------------------------------
Franz Wolfhagen
IAM Technical Architect for Europe - Certified Consulting IT Specialist
IBM Security Expert Labs
------------------------------
Original Message:
Sent: Tue November 26, 2019 08:01 AM
From: Prashant Narkhede
Subject: ISIM - Facing issue while creating account using AccountFactory in custom javascript extension
Unfortunately, I was setting the Service Profile Name instead of the Account Profile Name.
I changed it and it worked for me.
------------------------------
Prashant Narkhede
Original Message:
Sent: Tue November 26, 2019 05:29 AM
From: Prashant Narkhede
Subject: ISIM - Facing issue while creating account using AccountFactory in custom javascript extension
I did minor changes to set correct uid but still facing the same issue.
<code>
String uid = newPersonEntity.getDirectoryObject().getAttribute("uid").getValueString();
acctAttrs.put( new AttributeValue("eruid", uid));
</code>
------------------------------
Prashant Narkhede
Original Message:
Sent: Tue November 26, 2019 04:53 AM
From: Prashant Narkhede
Subject: ISIM - Facing issue while creating account using AccountFactory in custom javascript extension
Hi,
As per my requirement, I need to create an account from the custom javascript extension. Since I don't have a platform and subject hence I am using AccountFactory instead of AccountManager.
However while creating an account by using AccountFactory.create(PersonEntity, ServiceEntity, Account) method, I am getting below exception.
com.ibm.itim.dataservices.model.ModelCreationException: CTGIMF014E The Service category is not valid.
Note: Trying to create Linux account for which uid only is sufficient.
<code_snippet>
AttributeValues acctAttrs = new AttributeValues();
AttributeValues acctAttrs = new AttributeValues();
acctAttrs.put( new AttributeValue("eruid", newPersonEntity.getDirectoryObject().getAttribute("uid"))); acctAttrs.put(oldacctAttrs.get("objectclass"));
account.setAttributes(acctAttrs); account.setAccountType(Account.USER_ACCOUNT); account.setProfileName(serviceEntity.getProfile().getName());
AccountFactory factory = new AccountFactory(); factory.create(newPersonEntity, serviceEntity, account);
</code_snippet>
Please let me know if I am missing anything here.
------------------------------
Prashant Narkhede
------------------------------