Wednesday, January 22, 2020

Sailpoint Rule - FieldValue Rule

Sailpoint Identity IQ  IIQ Rule FieldValue Rule


Creating a FiledValue Rule to populate the value in the provisioning policy . 

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule language="beanshell" name="Active Directory PH Accounts Field Value Rule" type="FieldValue">
  <Description>This rule can be used to generate a field value (eg - an account name) using data from the given Identity. If this rule is run in the context of a workflow step then the arguments passed into the step will also be available. Also, any field values that have been processed so far from the policy related to the Application/Role will be available.</Description>

  <Signature returnType="String">
    <Inputs>
      <Argument name="log">
        <Description>
          The log object associated with the SailPointContext.
        </Description>
      </Argument>
      <Argument name="context">
        <Description>
          A sailpoint.api.SailPointContext object that can be used to query the database if necessary.
        </Description>
      </Argument>
      <Argument name="identity" type="Identity">
        <Description>
          The Identity object that represents the user needing the field value.
        </Description>
      </Argument>
      <Argument name="link" type="Link">
        <Description>
          The sailpoint.object.Link that is being acted upon. If the link is not applicable,
          this value will be null.
        </Description>
      </Argument>
      <Argument name="group" type="ManagedAttribute">
        <Description>
          The sailpoint.object.ManagedAttribute that is being acted upon. If the managed attribute
          is not applicable, the value will be null.
        </Description>
      </Argument>
      <Argument name="project" type="ProvisioningProject">
        <Description>
          The provisioning project being acted upon. If a provisioning project is not applicable,
          the value will be null.
        </Description>
      </Argument>
      <Argument name="accountRequest" type="ProvisioningPlan.AccountRequest">
        <Description>
          The account request. If an account request is not applicable, the value will be null.
        </Description>
      </Argument>
      <Argument name="objectRequest" type="ProvisioningPlan.ObjectRequest">
        <Description>
          The object request. If an object request is not applicable, the value will be null.
        </Description>
      </Argument>
      <Argument name="role" type="Bundle">
        <Description>
          The role with the template we are compiling. If the role is
          not applicable, the value will be null.
        </Description>
      </Argument>
      <Argument name="application" type="Application">
        <Description>
          The sailpont.object.Application with the template we are compiling. If the application
          is not applicable, the value will be null.
        </Description>
      </Argument>
      <Argument name="template" type="Template">
        <Description>
          The Template that contains this field.
        </Description>
      </Argument>
      <Argument name="field" type="Field">
        <Description>
          The current field being computed.
        </Description>
      </Argument>
      <Argument name="current" type="Object">
        <Description>
          The current value corresponding to the identity or account attribute that the field represents.
          If no current value is set, this value will be null.
        </Description>
      </Argument>
      <Argument name="operation" type="ProvisioningPlan.Operation">
        <Description>
          The operation being performed.
        </Description>
      </Argument>
    </Inputs>
    <Returns>
      <Argument name="value">
        <Description>
          The string value created.
        </Description>
      </Argument>
    </Returns>
  </Signature>
  <Source>
    import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import sailpoint.object.Field;
 import sailpoint.object.Identity;  
 
 Log log = LogFactory.getLog("rule.fieldValueRule");
 log.debug("Entering FieldValue Rule");
   String value = ""; 
   log.debug("determining value for the field: "+field.getName());

    switch (field.getName()) {

      case "distinguishedName":
          value = "CN="+identity.getDisplayName().replace(",","\\,")+"OU=Accounts,DC=corp,DC=staging"; 
      break;
      
      case "sAMAccountName": 
      value= identity.getStringAttribute("name");      
      break; 

      case "userPrincipalName": 
         value=identity.getStringAttribute("name")+"@corp.staging";
      break; 

      case "password": 
      value= generatePassword();      
      break; 

      case "givenName": 
      value= identity.getFirstname();      
      break; 

      case "sn": 
      value= identity.getLastname();      
      break;  

      case "middleName": 
      value= identity.getStringAttribute(IDENTITY_MIDDLE_NAME);      
      break; 

      case "displayName": 
      value= identity.getDisplayName();    
      break;

      case "cn": 
      value= identity.getDisplayName();
      break;

      case "extensionAttribute1": 
      value = identity.getStringAttribute("employeeNumber");     
      break;

      default: 
      break;
    }
 log.debug("setting value: "+value);  
 log.debug("Exiting FieldValue Rule"); 
 return value;
  </Source>
</Rule>

Posted by at
Labels: , , , , , , ,

1 comment:

  1. Vishal KejriwalJanuary 25, 2021 at 10:55 PM

    switch case will be better , otherwise what i will suggest use the FiledValueRule Framework from SSF

    ReplyDelete

Subscribe to: Post Comments (Atom)