Sailpoint IdentityIQ Creating Business Role Using API

 Creating Business Role Using API

public static void buildRole(HashMap lineHash) {
		 
		String roleName = lineHash.get("RoleName").toString();
		String roleType = lineHash.get("RoleType").toString();
		String locCity = lineHash.get("locCity").toString();
		String coNumber = lineHash.get("coNumber").toString();
		
		System.out.println("locCity " + locCity );
		System.out.println("coNumber " + coNumber );
		
		//Added
		String displayName = lineHash.get("displayName").toString();
		String subRoleName = lineHash.get("requiredRole").toString();

		
		String roleOwner = "";
		String roleExists = "yes";
		Bundle role;
		System.out.println("Data " + lineHash );
		try {
		    role = context.getObject(Bundle.class, roleName);
			if (null == role) {
				role = new sailpoint.object.Bundle();
				roleExists = "no";
			}
			if (roleType.equalsIgnoreCase("business") && roleExists.equalsIgnoreCase("no")) {
				System.out.println("Creating Role :" + roleName );
				AccountSelectorRules rules = new AccountSelectorRules();
				role.setAccountSelectorRules(rules);
				
				HashMap mapDesc = new HashMap();
				mapDesc.put("en_US", "This is the BR " + roleName);
				
				Identity ownerId = context.getObject(Identity.class, roleOwner);
				if (null == ownerId) {
					ownerId = context.getObject(Identity.class, "spadmin");
				}
				role.setName(roleName);
				role.setDescriptions(mapDesc);
				role.setType("business");
				role.setAllowDuplicateAccounts(false);
				role.setAllowMultipleAssignments(false);
				role.setMergeTemplates(false);
				role.setOwner(ownerId);
				
				//Added
				role.setDisplayName(displayName);
				Bundle requiredRole = context.getObjectByName(Bundle.class, subRoleName);
				role.addRequirement(requiredRole);			

				IdentitySelector is = new IdentitySelector();
				MatchExpression me = new MatchExpression();
				me.setAnd(false);

				MatchTerm term = new MatchTerm();
				MatchTerm term1 = new MatchTerm();
				MatchTerm term2 = new MatchTerm();
				
				if((!(locCity.equalsIgnoreCase(""))) && (!(coNumber.equalsIgnoreCase("")))){
				
				term1.setName("locCity");
				term1.setValue(locCity);
				term.addChild(term1);
				
				term2.setName("coNumber");
				term2.setValue(coNumber);
				term.addChild(term2);
				
				term.setAnd(true);
				term.setContainer(true);
				me.addTerm(term);
				
				}else if(locCity.equalsIgnoreCase("")){
				
				term2.setName("coNumber");
				term2.setValue(coNumber);
				me.addTerm(term2);
				}else if(coNumber.equalsIgnoreCase("")){
				term2.setName("locCity");
				term2.setValue(locCity);
				me.addTerm(term2);
				}
				
				is.setMatchExpression(me);
				role.setSelector(is);
				context.saveObject(role);
				context.commitTransaction();
				context.decache();
			
			}else if(roleType.equalsIgnoreCase("business") && roleExists.equalsIgnoreCase("yes")){			
			    
				IdentitySelector is = role.getSelector();
				MatchExpression me = is.getMatchExpression();
				MatchTerm term = new MatchTerm();
				MatchTerm term1 = new MatchTerm();
				MatchTerm term2 = new MatchTerm();

				if((!(locCity.equalsIgnoreCase(""))) && (!(coNumber.equalsIgnoreCase("")))){
				
				term1.setName("locCity");
				term1.setValue(locCity);
				term.addChild(term1);
				
				term2.setName("coNumber");
				term2.setValue(coNumber);
				term.addChild(term2);
				
				term.setAnd(true);
				term.setContainer(true);
				me.addTerm(term);
				}else if(locCity.equalsIgnoreCase("")){		
				term2.setName("coNumber");
				term2.setValue(coNumber);
				me.addTerm(term2);
				}else if(coNumber.equalsIgnoreCase("")){
				term2.setName("locCity");
				term2.setValue(locCity);
				me.addTerm(term2);
				}
				
				is.setMatchExpression(me);
				role.setSelector(is);
				
				context.saveObject(role);
				context.commitTransaction();
				context.decache();
			} else{
			
			System.out.println("Doing Nothing !" );
			
			}
		} catch (GeneralException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		
		}

Reading CSV File Data

Sample data

RoleName,displayName,RoleType,locCity,coNumber
AAA1,AAA1 DN,business,AA,1
AAA1,AAA1 DN,business,BB,2
AAA1,AAA1 DN,business,CC,3
AAA2,AAA2 DN,business,AA,1

AAA2,AAA2 DN,business,BB,2

AAA2,AAA2 DN,business,CC,3

AAA2,AAA2 DN,business,DD,4

AAA2,AAA2 DN,business,EE,5

AAA2,AAA2 DN,,business,FF,6

AAA2,AAA2 DN,business,GG,7

AAA2,AAA2 DN,business,HH,8

AAA2,AAA2 DN,business,II,9

AAA2,AAA2 DN,business,JJ,10

AAA2,AAA2 DN,business,KK,11

AAA2,AAA2 DN,business,LL,12

AAA2,AAA2 DN,business,MM,13

AAA1,AAA1 DN,business,DD,4
AAA1,AAA1 DN,business,EE,5
AAA2,AAA2 DN,business,NN,14

Sample Code

 

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule  language="beanshell"  name="VIS CreateBundle">
  <Source>
  <![CDATA[
import java.io.File;
import java.util.List;
import java.util.HashMap;
import java.io.FileReader;
import java.io.IOException;
import java.util.ArrayList;
import java.io.BufferedReader;
import java.io.FileNotFoundException;
import sailpoint.api.SailPointContext;
import sailpoint.api.SailPointFactory;
import sailpoint.object.Bundle;
import sailpoint.object.Identity;
import sailpoint.object.IdentitySelector;
import sailpoint.spring.SpringStarter;
import sailpoint.tools.GeneralException;
import sailpoint.tools.RFC4180LineParser;
import sailpoint.object.AccountSelectorRules;
import sailpoint.object.IdentitySelector.MatchTerm;
import sailpoint.object.IdentitySelector.MatchExpression;

		
		String dlm = ",";
		String csvFileName = "/tmp/bCopy/SampleBundle.csv";

		System.out.println("Role Creation Started ...");

		File bundleFile = new File(csvFileName);
		if ((!bundleFile.exists()) || (bundleFile.isDirectory())) {
			System.out.println("Unable to find the bundle csv file: " + csvFileName);
			return;
		}

		System.out.println("Reading Bundle Data from: '" + csvFileName);

		
		try {
			int lineCounter = 0;
			ArrayList headerStrings = new ArrayList();
			String thisLine = "";
		
			BufferedReader fileIn = new BufferedReader(new FileReader(csvFileName));

			RFC4180LineParser parser = new RFC4180LineParser(dlm);

			while (null != (thisLine = fileIn.readLine())) {
				ArrayList tokens = parser.parseLine(thisLine);
				if (lineCounter == 0) {
					for (int i = 0; i<tokens.size(); i++) {
						headerStrings.add((String) (tokens.get(i)));
					}
				}else {
					HashMap lineHash = new HashMap();
					for (int i = 0; i<tokens.size(); i++) {
						String headerString = headerStrings.get(i);
						String valueString = (String) tokens.get(i);
						if (null != valueString) {
							valueString = valueString.trim();
						}else{
							//Added Else Condition
							valueString = "";
						}
						lineHash.put(headerString, valueString);
					}
					try{ 
						//buildRole(lineHash);
					}catch (Exception e){
						System.out.println("Error While Creating Bundle " + lineHash);				
					}	
				}
				lineCounter++;				
			}
			fileIn.close();
			System.out.println("Role Creation Completed ...");					
		} catch (FileNotFoundException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		} catch (GeneralException e) {
			e.printStackTrace();
		}
]]>
  </Source>
</Rule>

Sailpoint IdentityIQ Export Object using Sailpoint API

All Sailpoint IdentityIQ Object can be exported using the API also , hear is the example of the code which is used to export all the Bundle object present in the instance.

Generally we use the console to export the sailpoint identityIQ object 

> checkout <class name> <object name or ID> <file> [-clean [=id,created…]]

Similar thing can be done using the API also, below is the sample source code 

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

import sailpoint.api.SailPointContext;
import sailpoint.api.SailPointFactory;
import sailpoint.object.Bundle;
import sailpoint.object.Filter;
import sailpoint.object.QueryOptions;
import sailpoint.server.ExportVisitor;
import sailpoint.server.Exporter.Cleaner;
import sailpoint.spring.SpringStarter;
import sailpoint.tools.GeneralException;
import sailpoint.tools.Util;
		
               List propertiesToClean = new ArrayList();
		propertiesToClean.add("id");
		propertiesToClean.add("created");
		propertiesToClean.add("modified");
		Cleaner cleaner = new Cleaner(propertiesToClean);
		
		
		try {
			List<Bundle> roles = context.getObjects(Bundle.class);
			System.out.println(roles);
			  for (Bundle bun : roles){
			    try{
			    	if(null !=bun.getType() && bun.getType().equalsIgnoreCase("business")){
						//new ExportVisitor(context).visit(bun);
						String xml = bun.toXml();
						System.out.println("raw xml" + xml);
					if (propertiesToClean != null){
						xml = cleaner.clean(xml);
						System.out.println("clean xml" + xml);
					}
					Util.writeFile("C://Temp//"+bun.getName()+".xml", xml);		    	
			    	}
			    }catch (GeneralException e) {
					// TODO Auto-generated catch block
					e.printStackTrace();
				}			
			  }
		} catch (GeneralException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}finally {
			try {
				SailPointFactory.releaseContext(context);
			} catch (GeneralException e) {
				e.printStackTrace();
			}
		}
		
	}

Sailpoint IdentityIQ Patching from 7.3p2 to 7.3p3

Shutdown the application

All the Application server instance must be stopped before starting the process. 

Navigate to the /apps/tomcat/bin

./shutdown.sh

Database backup

Once the application is in MM, DB  backup should be taken

File backup

SP binaries need to be backed up before performing the patching of the system, this file backup step need to be performed on all the application server nodes

1.      Navigate to

/apps/tomcat/webapps/

2.      Run below command

tar -zcvf identityiq_node1_7.3p2.tar.gz identityiq/

move the tar file to some common backup path the /apps/backup

Build War File

Use SSB to build the war file , few important things to note here

1. Read the Read me from the Patch war file
2. Check out what the patch contain basically the files which are modified as the part of the patch and if you have modified anything
3. For example , we have modified the Bundle.js , so here we need to take the patch file and rewrite /overwite our changes on this file
4. This Patch contains few changes related to AD , example they have introduced few entry in XML related to performance and also the IIQ TLS and connectivity has been introduced , make sure you have updated the Application xml accordingly
5. Other Changes related to Active Directory Application is "ldapExtendedControls" and "ADAppVersion" entry addition , Same way check for the other application in your environment and make the changes accordingly.
6.  Few Changes related to most common Application are below
7. Copy the patch jar file in base\patch dir of SSB
8. Make a directory with name 7.3p3 inside base\efix
9. build.properties values need to be updated to IIQVersion=7.3 IIQPatchLevel=p3

Active Directory Application

<entry key="ADAppVersion" value="V2"/>
<entry key="ldapExtendedControls"> 
		<value> 
		  <List> 
			<String>1.2.840.113556.1.4.1339</String> 
		  </List> 
		</value> 
</entry>

Delimited Application

<entry key="sftpAuthMethod" value="password"/>

Web Service Application

Support <AUTHENTICATE>	  
<entry key="isGetObjectRequiredForPTA">
           <value>
            <Boolean>true</Boolean>
          </value>
</entry>
<entry key="httpCookieSpecsStandard" value="true" />
<entry key="encrypted" value="accesstoken,refresh_token,oauth_token_info,client_secret,private_key,private_key_password,clientCertificate,clientKeySpec,resourceOwnerPassword" />

Database patching

Copy the created war file inside the identityiq directory

inside the identityiq

jar xvf identityiq.war

Navigate to \WEB-INF\database check for the file name and execute the scripts related changes on the database upgrade_identityiq_tables-7.3p3.oracle

Sailpoint patching

Navigate to \WEB-INF\bin folder and execute the patch command to update IIQ

IQ service update

Uninstall the IQService and Install it again , follow the steps