Showing posts with label IntegrationConfig. Show all posts
Showing posts with label IntegrationConfig. Show all posts

Monday, January 24, 2022

Sailpoint IdentityIQ IntegrationConfig and AggregationTask Using Code

 Creating IntegrationConfig & AggregationTask Using Code

	  private void createIntegrationConfigObject(String newAppName){
				
		try{
				String defaultIC_Name = "ServiceNow IntegrationConfig Dummy";
				IntegrationConfig defaultIC = context.getObjectByName(IntegrationConfig.class, defaultIC_Name);					
				if(defaultIC!= null){
						  Map attributesMap = new HashMap();
						  List managedResourcesList = new ArrayList();
						  ManagedResource managedResource = new ManagedResource();
							IntegrationConfig newIC = null;
							newIC=(IntegrationConfig) defaultIC.derive(context);							
							managedResource.setApplication(context.getObjectByName(Application.class, newAppName));
							managedResourcesList.add(managedResource);
							newIC.setResources(managedResourcesList);
							attributesMap.put(newAppName,"IdentityIQ Access Request");
							newIC.setAttribute("catalogItem",attributesMap);
							newIC.setName(newAppName+" ServiceNow IntegrationConfig");
							context.saveObject(newIC);
						   context.commitTransaction();			  
				}						
				}
				catch(Exception ex){
					ex.printStackTrace();
				}
		}

		private void createAggregationTask(String applicationNames) throws GeneralException {

		Configuration systemConfiguration = context.getConfiguration().getSystemConfig();
		String taskScheduleHosts = null;
		if (null == systemConfiguration) {
		  log.error("Unable to retrieve SystemConfiguration");
		  throw new GeneralException("Unable to retrieve SystemConfiguration");
		} else {
		  taskScheduleHosts = systemConfiguration.get("appFactoryTaskScheduleServerHosts");
		}
		try{
			TaskManager tm = new TaskManager(context);
			HashMap taskArgs = new HashMap();
			TaskDefinition taskDefinition = new TaskDefinition();
			taskDefinition.setName(applicationNames+ " Account Aggregation Task");
			taskDefinition.setDescription("Account Aggregation task for " + applicationNames);
			taskDefinition.setType(TaskItemDefinition.Type.AccountAggregation);
			taskDefinition.setResultAction(TaskDefinition.ResultAction.Delete);
			taskDefinition.setFormPath("/monitor/tasks/accountAggregationTask.xhtml");
			taskDefinition.setArgument("applications", applicationNames);
			taskDefinition.setArgument("checkDeleted", "true");
			taskDefinition.setArgument("promoteManagedAttributes", "true");
			if(taskScheduleHosts != null){
				taskDefinition.setHost(taskScheduleHosts);
			}
			taskDefinition.setParent(context.getObject(TaskDefinition.class, "Account Aggregation"));
			context.saveObject(taskDefinition);
			context.commitTransaction(); 
		}catch(Exception ex){
			logger.error("Error : " +ex.getMessage());
		}
	}

Wednesday, March 24, 2021

Sailpoint IIQ Service Now Integration - Sample Integration Config and Integration Rule

Below is the Customized Integration Config for Service Now Integration , Tested on orlando version

Service Now Integration Config

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE IntegrationConfig PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<IntegrationConfig executor="sailpoint.integration.servicenow.ServiceNowIntegrationExecutor" name="ServiceNow IntegrationConfig Vishal Demo Application" roleSyncStyle="none">
  <Attributes>
    <Map>
      <entry key="alias"/>
      <entry key="authType"/>
      <entry key="catalogItem">
        <value>
          <Map>
            <entry key="Vishal Demo Application" value="IdentityIQ Access Request"/>
          </Map>
        </value>
      </entry>
      <entry key="dateFormat" value="yyyy-MM-dd&apos;T&apos;HH:mm:ss"/>
      <entry key="visDefaultAssignmentQueue" value="IAM Requests Queue"/>
      <entry key="visServiceAcount" value="iiq.integration"/>
      <entry key="getRequestStatus">
        <value>
          <Map>
            <entry key="CONNECTION_TIMEOUT" value="30000"/>
            <entry key="SO_TIMEOUT" value="30000"/>
            <entry key="endpoint" value="https://sailpointdev.service-now.com/sc_req_item.do?SOAP"/>
            <entry key="prefix" value="sc"/>
            <entry key="responseElement" value="state"/>
			<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sc="http://www.service-now.com/sc_req_item">        
			<soapenv:Header></soapenv:Header>                        
			<soapenv:Body>                          
			<sc:getRecords>                            
			<number>$requestID</number>                          
			</sc:getRecords>                        
			</soapenv:Body>                      
			</soapenv:Envelope>                    
			"/>
			</Map>
        </value>
      </entry>
      <entry key="keyPass"/>
      <entry key="keystorePass"/>
      <entry key="keystorePath"/>
      <entry key="keystoreType"/>
      <entry key="noProvisioningRequests" value="false"/>
      <entry key="operations" value="Create,Modify,Delete,Enable,Unlock,SetPassword"/>
      <entry key="password" value="<password>"/>
	  <entry key="provision">
        <value>
          <Map>
            <entry key="CONNECTION_TIMEOUT" value="30000"/>
            <entry key="SOAPAction" value="https://sailpointdev.service-now.com/ScRequestGenerator/insert"/>
            <entry key="SO_TIMEOUT" value="30000"/>
            <entry key="endpoint" value="https://sailpointdev.service-now.com/ScRequestGenerator.do?SOAP"/>
            <entry key="groupItemBy" value="application"/>
            <entry key="multipleItem" value="true"/>
            <entry key="multipleTicket" value="true"/>
            <entry key="prefix" value="sc"/>
            <entry key="responseElement" value="scResult"/>
            <entry key="soapMessage" value="<?xml version="1.0" encoding="UTF-8"?>
			<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:scr="http://www.service-now.com/ScRequestGenerator">
			<soapenv:Header></soapenv:Header>
			<soapenv:Body>
			<scr:insert>
			<screquest>
			<opened_by>$!provisioningPlan.integrationData.openedBy</opened_by>
			<requested_for>$!provisioningPlan.integrationData.requestedFor</requested_for>
			<assignment_group>$!provisioningPlan.integrationData.assignmentGroup</assignment_group>
			<short_description>IIQ $!provisioningPlan.integrationData.identityRequestId</short_description>
			<req_description>This request item has been generated for an access request initiated in IIQ the requestor are in the Requested Item Description field.</req_description>
			<screqitems>
				#if ($config.multipleItem == &apos;true&apos;)
					#if (($config.groupItemBy) &amp;&amp; ($config.groupItemBy.toLowerCase() == &apos;application&apos;))               
						#set ($requestGroupByApp = {})
						#foreach ($request in $provisioningPlan.accountRequests)
							#if($requestGroupByApp.containsKey($request.application))
								$requestList = $!requestGroupByApp.get($request.application)
								$!requestList.add($request)
								$!requestGroupByApp.put($request.application, $requestList)
							#else
								#set ($requestList = [])
								$!requestList.add($request)
								$!requestGroupByApp.put($request.application, $requestList)
							#end
						#end
						#foreach ($mapEntry in $requestGroupByApp.entrySet())
						<item>
							<tracking_id>$!mapEntry.value.get(0).trackingId</tracking_id>
							<cat_item>$!catalogItem.get($!mapEntry.value.get(0).application)</cat_item>
							<description>
								#foreach ($request in $mapEntry.value)
									#if ($request.attributeRequests)
										#if($request.operation == &apos;Create&apos;)
											Lan ID: $provisioningPlan.integrationData.lanID
											Employee Number: $provisioningPlan.integrationData.empNumber
											Email Address: $provisioningPlan.integrationData.email
										#else
											Lan ID: $provisioningPlan.integrationData.lanID
											Employee Number: $provisioningPlan.integrationData.empNumber
											Email Address: $provisioningPlan.integrationData.email
										#end
									Application Name: $request.application
									#foreach ($att in $request.attributeRequests)
										Entitlement/Group/Role/Permission: $att.value
										#if($request.operation != &apos;Create&apos;)
											Account Id : $request.nativeIdentity
										#end
										Action needed: $att.operation access
									#end
									#elseif ($request.permissionRequests)
										For $request.nativeIdentity in application $request.application
										#foreach ($att in $request.permissionRequests)
											$att.operation Right $att.rights on $att.target
										#end
									#else
										$request.operation $request.application nativeIdentity $request.nativeIdentity
									#end
								#end
							</description>
						</item>
						#end
					#end
				#end
			</screqitems>
			</screquest>
			</scr:insert>
			</soapenv:Body>
			</soapenv:Envelope>
			"/>
          </Map>
        </value>
      </entry>
      <entry key="roleSyncHistory"/>
      <entry key="statusMap">
        <value>
          <Map>
            <entry key="-5" value="inProcess"/>
            <entry key="1" value="inProcess"/>
            <entry key="16" value="inProcess"/>
            <entry key="2" value="inProcess"/>
            <entry key="3" value="committed"/>
            <entry key="7" value="failure"/>
            <entry key="8" value="failure"/>
            <entry key="9" value="failure"/>
          </Map>
        </value>
      </entry>
      <entry key="username" value="iiq.integration"/>
    </Map>
  </Attributes>
  <PlanInitializer>
    <Reference class="sailpoint.object.Rule" name="VIS ServiceNow Service Integration Rule"/>
  </PlanInitializer>
  <ManagedResources>
    <ManagedResource>
      <ApplicationRef>
        <Reference class="sailpoint.object.Application" name="Vishal Demo Application"/>
      </ApplicationRef>
    </ManagedResource>
  </ManagedResources>
</IntegrationConfig>


Sample Integration Rule
 
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule language="beanshell" name="VIS ServiceNow Service Integration Rule" type="Integration">
  <Description>
 The rule is used to compute the requested for, opened by and assignmnent queue that needs to be 
 set on the ticket created by IIQ for delimited apps.The provisioning plan and its integrationData 
 object are used by Velocity to populate values in the XML templates for the web service calls.
  </Description>
  <Signature returnType="Object">
    <Inputs>
      <Argument name="identity">
        <Description>
    A sailpoint.object.Identity representing the person being remediated.
  </Description>
      </Argument>
      <Argument name="plan">
        <Description>
    A sailpoint.object.ProvisioningPlan representing remediation.
  </Description>
      </Argument>
      <Argument name="integration">
        <Description>
    A sailpoint.object.IntegrationConfig representing configuration object.
  </Description>
      </Argument>
      <Argument name="context">
        <Description>
    A sailpoint.api.SailPointContext object that can be used to query the database to find the Rule.
  </Description>
      </Argument>
      <Argument name="log">
        <Description>
    A Log object to help report and/or debug the Rule.
  </Description>
      </Argument>
    </Inputs>
  </Signature>
  <Source>
   <![CDATA[ 
   
	 import sailpoint.object.Identity;
	 import sailpoint.object.Filter;
	 import sailpoint.object.Configuration;
	 
	 String applicationName;
	 String openedBy;
	 String requestedFor;
	 String defaultUserOpenedBy = (String) integration.getAttribute("visServiceAcount");
	 List accountRequests = plan.getAccountRequests();
	 Map argument = (Map)plan.getArguments();
	 String planSource = plan.getSource();
	 
		requestedFor = identity.getName();
		openedBy = defaultUserOpenedBy;                         
		argument.put("requestedFor", requestedFor);      
		argument.put("openedBy", openedBy);
		argument.put("lanID", identity.getName());
		argument.put("email", identity.getEmail());
		argument.put("empNumber", identity.getAttribute("employeeNumber"));

	 if(accountRequests != null && accountRequests.size() > 0) {
		AccountRequest accountRequest = accountRequests.get(0);
		applicationName = accountRequest.getApplicationName();  
	 }
		   
	  String visDefaultAssignmentGroup = (String)integration.getAttribute("visDefaultAssignmentQueue");  
	  argument.put("assignmentGroup", visDefaultAssignmentGroup);
  ]]>  
  </Source>
</Rule>