Showing posts sorted by relevance for query sailpoint.object.identity. Sort by date Show all posts
Showing posts sorted by relevance for query sailpoint.object.identity. Sort by date Show all posts

Tuesday, July 20, 2021

Custom Report In Sailpoint IdentityIQ Using JavaDataSource

 Custom Report In Sailpoint IdentityIQ Using JavaDataSource , This Report Will give the Deleage Set for the User between the Dates (Start and End Date)

Form

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Form PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Form hidden="true" name="VIS Custom Delegate Identity Report Form" type="Report">
  <Section columns="2" label="Request Parameters" name="customProperties">
    <Field columnSpan="1" displayName="Forward Start Date" helpKey="rept_id_risk_help_last_login_start" name="forwardStartDate" type="date" value="ref:forwardStartDate">
      <Attributes>
        <Map>
          <entry key="endDate" value="true"/>
        </Map>
      </Attributes>
    </Field>
    <Field columnSpan="1" displayName="Forward End Date" helpKey="rept_id_risk_help_last_login_end" name="forwardEndDate" type="date" value="ref:forwardEndDate">
      <Attributes>
        <Map>
          <entry key="endDate" value="true"/>
        </Map>
      </Attributes>
    </Field>
  </Section>
</Form>

 TaskDefinition 

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE TaskDefinition PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<TaskDefinition executor="sailpoint.reporting.LiveReportExecutor" name="VIS Custom Delegate Identity Report" progressMode="String" resultAction="Delete" subType="Identity and User Reports" template="true" type="LiveReport">
  <Attributes>
    <Map>
      <entry key="report">
        <value>
          <LiveReport disablePreview="true" title="Identity Forwarding Report">
            <DataSource dataSourceClass="com.vis.reports.ExperianCustomUserForwardingDataSource" type="Java"/>
            <ReportForm>
              <Reference class="sailpoint.object.Form" name="VIS Custom Delegate Identity Report Form"/>
            </ReportForm>
            <Columns>
              <ReportColumnConfig field="identity" header="rept_usr_forward_col_identity" sortable="true" width="110"/>
              <ReportColumnConfig field="displayName" header="rept_usr_forward_col_identity_display" sortable="true" width="110"/>
              <ReportColumnConfig field="identityFirstName" header="First Name" sortable="true" width="110"/>
              <ReportColumnConfig field="identityLastName" header="Last Name" sortable="true" width="110"/>
              <ReportColumnConfig field="identityEmpNumber" header="Employee Number" sortable="true" width="110"/>
              <ReportColumnConfig field="identityStatus" header="Employee Status" sortable="true" width="110"/>
              <ReportColumnConfig field="identityEmail" header="Email" sortable="true" width="110"/>
              <ReportColumnConfig field="forwardingUser" header="Delegate User" width="110"/>
              <ReportColumnConfig field="forwardingDisplayName" header="Delegate User Display Name" width="110"/>
              <ReportColumnConfig field="startDate" header="Delegate StartDate" width="110"/>
              <ReportColumnConfig field="endDate" header="Delegate EndDate" width="110"/>
              <ReportColumnConfig field="forwardingEmail" header="Delegate Email" property="name" width="110"/>
              <ReportColumnConfig field="forwardingEmpNumber" header="Delegate Employee Number" width="110"/>
              <ReportColumnConfig field="forwardingFirstName" header="Delegate First Name" width="110"/>
              <ReportColumnConfig field="forwardingLastName" header="Delegate Last Name" width="110"/>
            </Columns>
          </LiveReport>
        </value>
      </entry>
    </Map>
  </Attributes>
  <Description>A list of users who have forwarding configured and to which user.</Description>
  <RequiredRights>
    <Reference class="sailpoint.object.SPRight" name="FullAccessUserReport"/>
  </RequiredRights>
  <Signature>
    <Inputs>
      <Argument name="forwardStartDate" type="date">
        <Description>delegation start date</Description>
      </Argument>
      <Argument name="forwardEndDate" type="date">
        <Description>delegation end date</Description>
      </Argument>
    </Inputs>
  </Signature>
</TaskDefinition>

 Report JavaDataSource src code

package com.vis.reports;

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.sql.Statement;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import net.sf.jasperreports.engine.JRException;
import net.sf.jasperreports.engine.JRField;
import sailpoint.api.SailPointContext;
import sailpoint.object.Attributes;
import sailpoint.object.Identity;
import sailpoint.object.LiveReport;
import sailpoint.object.QueryOptions;
import sailpoint.object.Sort;
import sailpoint.reporting.datasource.JavaDataSource;
import sailpoint.task.Monitor;
import sailpoint.tools.GeneralException;


public class CustomUserForwardingDataSource implements JavaDataSource{
	
	private Map<String, Object> currentRow;
	private QueryOptions baseQueryOptions;
	private SailPointContext context;
	private Map customQueryOptions = new HashMap();
	private Integer startRow;
	private Integer pageSize;
	private Iterator<Map<String, Object>> finalobjects;
	private Map<String, Object> object = new HashMap<String, Object>();	
	private Iterator<Entry<String, Object>> mapIterator;
	private List<Map<String, Object>> objectList = new ArrayList<Map<String, Object>>();
	
	Log logger = LogFactory.getLog("vis.task.CustomTask");
	
	@SuppressWarnings("unchecked")
	public void initialize(SailPointContext context, LiveReport report,Attributes<String, Object> arguments, String groupBy, List<Sort> sort) throws GeneralException {
		logger.info("entered initialize method of  CustomUserForwardingDataSource with :::arguments : "+arguments);
		this.context = context;
		baseQueryOptions = new QueryOptions();	
		try {			
			SimpleDateFormat formatter = new SimpleDateFormat("dd-MMM-YYYY");			
			if(arguments.containsKey("forwardStartDate")) { 
			    String startDate= formatter.format(arguments.get("forwardStartDate"));   
				customQueryOptions.put("forwardStartDate",startDate);	
				logger.info("forwardStartDate------convert" +startDate);
			}
			if(arguments.containsKey("forwardEndDate")) {
			    String endDate= formatter.format(arguments.get("forwardEndDate"));
				customQueryOptions.put("forwardEndDate",endDate);				
				logger.info("forwardEndDate------convert" +endDate);
			}			
			prepare();			
		} catch(Exception ex) {
			logger.info("Exception occured in initialize method CustomUserForwardingDataSource :::");
			ex.printStackTrace();
			logger.error(ex.getMessage());
		 }
	}
	
	private void prepare() throws GeneralException{
		
		logger.info("Enter in method prepare() of CustomUserForwardingDataSsource Class::::");
		Map<String, Object> itemMap = null;		
		String sql;
		String forwardStartDate = "";
		String forwardEndDate = "";		
		try {			
			if(null != customQueryOptions.get("forwardStartDate")) {
				
				forwardStartDate = (String) customQueryOptions.get("forwardStartDate");
			} 
			if(null != customQueryOptions.get("forwardEndDate")) {
				forwardEndDate = (String)customQueryOptions.get("forwardEndDate");
			}
	
			//SQL Query to fetch the delegated identity details with in date range.
	
        sql= "with A as(select name,display_name,EXTRACT(xmltype(preferences),'/Map/entry[@key=\"forward\"]/@value').getStringVal() as delegateduser,EXTRACT(xmltype(preferences),'/Map/entry[@key=\"forwardStartDate\"]/value/Date/text()').getStringVal() as forwardStartDate ,EXTRACT(xmltype(preferences),'/Map/entry[@key=\"forwardEndDate\"]/value/Date/text()').getStringVal() as forwardEndDate from spt_identity where preferences like ('%forward%'))"
		+ "select A.name as identity,A.display_name as displayName,A.delegateduser as forwardingUser, A.forwardStartDate as startDate,A.forwardEndDate as endDate from A "
		+ "where To_date('1970-01-01 00', 'yyyy-mm-dd hh24') + (A.forwardStartDate) / 1000 / 60 / 60 / 24 >=" 
		+ "'"+forwardStartDate+"'"+" and To_date('1970-01-01 00', 'yyyy-mm-dd hh24') + (A.forwardEndDate) / 1000 / 60 / 60 / 24<="
		+ "'"+forwardEndDate+"'";

		logger.info("Sqlquery build---------"+sql);
		System.out.println("Sqlquery build---------"+sql);
			
			Connection connection = context.getJdbcConnection();
	           Statement  stmt = connection.createStatement();
	           if (stmt == null){
	     			throw new Exception("Unable to create stmt");
	     		}
	           
	           ResultSet rs=stmt.executeQuery(sql);
	           if (rs == null){
	               throw new Exception("Result set is null");
	             }
	           ResultSetMetaData md = rs.getMetaData();
	           int columns = md.getColumnCount();	          
	           while (rs.next()){
	        	     itemMap = new HashMap<String, Object>();
				     for(int i=1; i<=columns; ++i){           
				    	 itemMap.put(md.getColumnName(i),rs.getObject(i));
				     }				     
				     mapIterator = itemMap.entrySet().iterator();				     
				     while(mapIterator.hasNext()) {
				    	 Entry<String, Object> entry = 	mapIterator.next();	 
				    	// logger.info("Item map entries::::"+entry.getKey() + ": " + entry.getValue());
				     }
				     
				     objectList.add(itemMap);				    
	           }
	           			           		
	           finalobjects = objectList.iterator();
	           
		}catch(Exception ex){
			System.out.println("Error occured in prepare() method of CustomUserForwardingDataSsource Class:::");
			ex.printStackTrace();
			logger.error(ex.getMessage());
		}
	}

	public Object getFieldValue(String fieldName) throws GeneralException {
		
		logger.info("Enter into getFieldValue() method of CustomUserForwardingDataSsource Class:::");;
		
     	Identity identity = this.context.getObjectByName(Identity.class, (String)this.object.get("IDENTITY"));		
		Identity delegateId = this.context.getObjectByName(Identity.class, (String)this.object.get("FORWARDINGUSER"));				
		SimpleDateFormat formatteddate = new SimpleDateFormat("MM/dd/yyyy");		
		if(fieldName.equals("identity")) {			
			return this.object.get("IDENTITY");
		}else if(fieldName.equals("displayName")) {			
			return this.object.get("DISPLAYNAME");			
		}else if(fieldName.equals("identityFirstName")) {
			return identity.getFirstname();
		}else if(fieldName.equals("identityLastName")) {
			return identity.getLastname();
		}else if(fieldName.equals("identityEmpNumber")) {
			return identity.getAttribute("employeeNumber");
		}else if(fieldName.equals("identityStatus")) {
			return identity.getAttribute("employeeStatus");
		}else if(fieldName.equals("identityEmail")) {
			return identity.getEmail();
		}else if(fieldName.equals("forwardingUser")) {
			return this.object.get("FORWARDINGUSER");
		}else if(fieldName.equals("startDate")) {					
			Date d = new Date();
			 if(this.object.get("STARTDATE") != null) {
				 long milliSeconds= Long.parseLong((String) this.object.get("STARTDATE"));
			    d.setTime(milliSeconds);
			    String startDate = formatteddate.format(d);
			    return startDate;
			 }
				 return "";
		}
		else if(fieldName.equals("endDate")) {			
			Date d = new Date();
			 if(this.object.get("ENDDATE") != null) {
				 long milliSeconds= Long.parseLong((String) this.object.get("ENDDATE"));
			    d.setTime(milliSeconds);
			    String endDate = formatteddate.format(d);
			    return endDate;
			 }
				 return "";
		}else if(fieldName.equals("forwardingEmail")) {
			return delegateId.getEmail();
		}
		else if(fieldName.equals("forwardingEmpNumber")) {
			return delegateId.getAttribute("employeeNumber");
		}else if(fieldName.equals("forwardingFirstName")) {
			return delegateId.getFirstname();
		}
		else if(fieldName.equals("forwardingLastName")) {
			return delegateId.getLastname();
		}else if(fieldName.equals("forwardingDisplayName")) {
			return delegateId.getDisplayName();
		}
		else {
			throw new GeneralException("Unknown column '" + fieldName + "'");
		} 	
	}
	
	public int getSizeEstimate() throws GeneralException {
		// TODO Auto-generated method stub
		return 0;
	}

	@Override
	public void close() {
		// TODO Auto-generated method stub
		
	}

	@Override
	public void setMonitor(Monitor arg0) {
		// TODO Auto-generated method stub
		
	}

	public Object getFieldValue(JRField jrField) throws JRException {
		String fieldName = jrField.getName();
		try {			
			return getFieldValue(fieldName);
			
		} catch (GeneralException e) {
			throw new JRException(e);
		}
	}

	public boolean next() throws JRException {
		boolean hasMore = false;
		 
		if (this.finalobjects != null) {
			hasMore = this.finalobjects.hasNext();
			if (hasMore) {
				this.object = this.finalobjects.next();
			} else {
				this.object = null;
			}

		}
		return hasMore;
	}

	@Override
	public void setLimit(int startRow, int pageSize) {
		this.startRow = startRow;
		this.pageSize = pageSize;

	}

	@Override
	public String getBaseHql() {
		// TODO Auto-generated method stub
		return null;
	}

	@Override
	public QueryOptions getBaseQueryOptions() {
		return baseQueryOptions;
	}
}
Posted by at 3 comments:
Labels: , , , , ,

Wednesday, January 22, 2020

Sailpoint Rule - AfterProvisioning Rule

Sailpoint Identity IQ IIQ Rule - AfterProvisioning Rule

Creating a AfterProvisioning Rule and sending the details in email with the details

 Below code will give the below details.

 1. Read all the required constant value from the custom object
2. send the email to the user manager and also to the user with the details once the account creation is successful.
3. send the email to the user and user manager with the error details if the account creation fails
4. this also gives the information about the request ID


<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule language="beanshell" name="Active Directory PH Accounts After Provisioning Rule" type="AfterProvisioning">
  <Description>An IdentityIQ server-side rule that is executed after the connector's provisioning method is called. This gives the customer the ability to customize or react to anything in the ProvisioningPlan AFTER it has been sent out to the specific applications. 

    This rule will be called for any application found in a plan that also has a configured 'afterProvisioningRule' configured.</Description>
  <Signature>
    <Inputs>
      <Argument name="log">
        <Description>
          The log object associated with the SailPointContext.
        </Description>
      </Argument>
      <Argument name="context">
        <Description>
          A sailpoint.api.SailPointContext object that can be used to query the database if necessary.
        </Description>
      </Argument>
      <Argument name="plan">
        <Description>
          The ProvisioningPlan object on its way to the Connector.
        </Description>
      </Argument>
      <Argument name="application">
        <Description>
          The application object that references this before/after script.
        </Description>
      </Argument>
      <Argument name="result">
        <Description>
          The ProvisioningResult object returned by the connectors provision method. This can be null and in many cases the connector will  not return a result and instead will annotate the plan's ProvisioningResult either at the plan or account level.        
        </Description>
      </Argument>
    </Inputs>
  </Signature>
  <Source>
  <![CDATA[
  import java.util.Map;
  import java.util.HashMap;
  import sailpoint.object.Identity;
  import sailpoint.object.EmailOptions;
  import sailpoint.object.EmailTemplate;
  import sailpoint.tools.GeneralException;
  import sailpoint.object.ProvisioningPlan; 
  import sailpoint.object.ProvisioningResult;
  import sailpoint.object.ProvisioningPlan.AccountRequest; 
  import sailpoint.object.ProvisioningPlan.AttributeRequest;
  import org.apache.commons.logging.Log;
  import org.apache.commons.logging.LogFactory;


  Log log = LogFactory.getLog("rule.afterProvisioningRule");
  log.debug("Entering After Provisioning Rule");
 

  String email = "";
  String defalutEmail = "";
  String plainPassword = "";
  String trackingID= "";
  String usersAMAccountName = "";
  Identity identity = null;

  log.debug("Plan Source " + plan.getSource());
  if (plan != null &amp;amp;&amp;amp; plan.getSource().equals("LCM")) {
    ProvisioningResult provisioningResult = plan.getResult();
    trackingID = plan.getTrackingId();
    identity = plan.getIdentity();

    if(identity != null){
      log.debug("Identity " + identity);
      String userEmail = identity.getEmail();

      log.debug("userEmail " + userEmail);
      for (AccountRequest accountRequest : plan.getAccountRequests("Active Directory PH Accounts")) {
        ProvisioningPlan.AccountRequest.Operation op = accountRequest.getOperation();
        if (op != null &amp;amp;&amp;amp; accountRequest.getOperation().equals(AccountRequest.Operation.Create)){
          log.debug("Operation " + accountRequest.getOperation());
          log.debug("status " + accountRequest.getResult().getStatus());

          AttributeRequest attrsamAccountName = accountRequest.getAttributeRequest("sAMAccountName");
          if(null != attrsamAccountName) {
            usersAMAccountName = (String) attrsamAccountName.getValue();
            log.debug("sAMAccount Name from the provisioning rule : " + usersAMAccountName);
          }

          if(accountRequest != null &amp;amp;&amp;amp; accountRequest.getResult().getStatus().equalsIgnoreCase("Committed")){

            String identityRequest = plan.get("identityRequestId").toString();
            log.debug("identityRequest of the user from the privilege After Provisioning : "+identityRequest);

            EmailTemplate createTemplate = context.getObjectByName(EmailTemplate.class, "Active Directory PH Accounts Joiner AD Account Creation Notification");
            EmailOptions options = new EmailOptions();
            options.setTo(userEmail);

            Map args = new HashMap();
            args.put("password",plainPassword);
            args.put("identity",identity);
            args.put("samAccountType",usersAMAccountName);
            args.put("userReqID",identityRequest);
            options.setVariables(args);
            context.sendEmailNotification(createTemplate,options);
          }
          if(accountRequest != null &amp;amp;&amp;amp; accountRequest.getResult().getStatus().equalsIgnoreCase("failed")){
            String adError = accountRequest.getResult().getErrors().get(0).getKey();
            EmailTemplate template = context.getObjectByName(EmailTemplate.class, "Active Directory PH Accounts Joiner AD Failure Notification");
            EmailOptions options = new EmailOptions();
            options.setTo(userEmail);
            Map args = new HashMap();
            args.put("adError",adError);
            args.put("identity",identity);
            args.put("samAccountType",usersAMAccountName);
            options.setVariables(args);
            context.sendEmailNotification(template,options);
          }
        }    
      }
    }
  }
  log.debug("Exiting After Provisioning Rule");
   ]]>
  </Source>
</Rule>
Posted by at No comments:
Labels: , , , , , , ,

Sunday, August 1, 2021

Sailpoint IdentityIQ PolicyViolation WorkFlow

 PolicyViolation WorkFlow , This WF is used to modify the violation object , This will remove the violation object and will remove if anything is added through LCM .

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Workflow PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Workflow explicitTransitions="true" handler="sailpoint.api.StandardWorkflowHandler" name="VIS Detective SOD Policy Violation Workflow" type="PolicyViolation">
  <Variable input="true" name="approvalObject">
    <Description>PolicyViolation to process.  Note that we use approvalObject for
      consistency with other workflows, but the violation has already
      been persisted.  Calling the commit or rollback actions will 
      have no effect.</Description>
  </Variable>
  <Variable input="true" name="approver">
    <Description>The user to receive the work item, normally the owner of the policy.</Description>
    <Script>
      <Source>
	  import sailpoint.object.Identity;
      
	  Identity newOwner= approvalObject.getOwner();
	  return newOwner.getName();
      </Source>
    </Script>
  </Variable>
  <Variable input="true" name="violator">
    <Description>The identity that has the violation.</Description>
  </Variable>
  <Variable name="approved">
    <Description>Internal variable automatically set logically true an Approval
      process completes with no rejects.
	</Description>
  </Variable>
  <Variable name="action">
    <Description>Variable that may be set in the approval page to determine 
      the action to take on this violation.  We handle violation approvals
      differently than most work items.  There is no &amp;quot;reject&amp;quot; there
      is a selection of an action (mitigate, remediate, delete, ignroe) 
      followed by buttons that always post approval.</Description>
  </Variable>
  <Variable name="expiration">
    <Description>Variable that must be set to a Date (or the String representation
      of a Date) in order to use the &amp;quot;mitigate&amp;quot; action.  This will
      be tested in the call:mitigate handler and logged if it is invalid.
      You may wish to have the worklfow do it&amp;#39;s own validation.</Description>
  </Variable>
  <Variable name="comments">
    <Description>Variable that may be set to comments to be included with
      a mitigation or remediation.</Description>
  </Variable>
  <Variable name="remediatables">
    <Description>Variable that may be set to a list of things that can
      be selected for remediation.  Currently this will only
      be set for Role SOD violations.</Description>
  </Variable>
  <Variable name="remediations">
    <Description>Variable holding the remediatables selected in the work item.</Description>
  </Variable>
  <RuleLibraries>
    <Reference class="sailpoint.object.Rule" name="Rule Library"/>
  </RuleLibraries>
  <Step icon="Default" name="Logs" posX="98" posY="126">
    <Arg value="ref:remediatables"/>
    <Script>
      <Source>
		import java.util.Map;
		import java.util.Date;
		import java.util.List;
		import java.util.HashMap;
		import java.util.ArrayList;
		import sailpoint.tools.Util;
		import sailpoint.object.Filter;	
		import sailpoint.api.ObjectUtil;		
		import java.text.ParseException;
		import java.text.SimpleDateFormat;
		import sailpoint.object.Identity;
		import sailpoint.object.QueryOptions;
		import sailpoint.api.SailPointContext;
		import sailpoint.object.EmailOptions;
		import sailpoint.object.EmailTemplate;
		import sailpoint.object.PolicyViolation;
		import sailpoint.object.ManagedAttribute;	
		import org.apache.commons.logging.Log;
		import sailpoint.tools.GeneralException;
		import sailpoint.object.IdentityEntitlement;
		import org.apache.commons.logging.LogFactory;
		import sailpoint.object.IdentitySelector.MatchTerm;

		Log logger = LogFactory.getLog("vis.workflow.visDetectiveSODPolicyViolationWorkflow");
        
		public boolean checkIfThroughLCM(String applicationName, String identityName, String entitlementName) {
			boolean wasThroughLCM = false;
		 
			StringBuilder result = new StringBuilder();
			String sDate1 = "06/05/2021";
			   
			Date date = new SimpleDateFormat("MM/dd/yyyy").parse(sDate1);
			result.append("date [").append(date).append("]\n");
			Filter dateCheckFilter = Filter.gt("created", date);

			logger.debug(" new Date dt : "+ sDate1 + " new date : " + result);
			QueryOptions  qo = new QueryOptions();

			qo.addFilter(Filter.and(Filter.eq("source","Aggregation"),Filter.eq("application.name",applicationName), Filter.eq("identity.name",identityName),Filter.eq("value",entitlementName),dateCheckFilter));
			List identityEntitlements = context.getObjects(IdentityEntitlement.class, qo);
			logger.debug("identityEntitlements :: " + identityEntitlements);
			if(identityEntitlements.size() > 0) {
				return true;
			}else {
				return false;
			}
		}
		public Map getEntitlementDetails(String entitlementValue, String applicationName) {
			QueryOptions qo = new QueryOptions();
			qo.addFilter(Filter.and(Filter.eq("value", entitlementValue)  ,   Filter.eq("application.name", applicationName)));
			Map entDetailsMap = new HashMap();
			List managedAttributes = context.getObjects(ManagedAttribute.class, qo);
			if(managedAttributes != null &amp;&amp; managedAttributes.size() > 0) {
				ManagedAttribute managedAttribute = managedAttributes.get(0);
				entDetailsMap.put("LogiplexName", managedAttribute.getAttribute("logiplexAppName"));
				entDetailsMap.put("EntitlementDescription", managedAttribute.getDescriptions().get("en_US") );
			}
			return entDetailsMap;
		}	


		//Main code starts here
		
		logger.debug("Startes Main code here");

		String piiMarkerGroup = "<<Left Group>>";
		String notificationTemplateForPolicyViolation = "VIS Policy Violation Notification Template";
		Identity violationOnwer   = approvalObject.getOwner();
		EmailTemplate violationTemplate = context.getObjectByName(EmailTemplate.class,notificationTemplateForPolicyViolation );
		Map emailVariables = new HashMap();
		String ownerEmails=   Util.listToCsv(ObjectUtil.getEffectiveEmails(context,violationOnwer));
		List entitlementsTobeAddedToViolation = new ArrayList();
		List PIIEntitlementsToBeAddedToViolation = new ArrayList();
        
		if (approvalObject != null &amp;&amp; approvalObject.getArgument("ViolatingEntitlements") != null) { 
			
			Identity identityWithViolation = approvalObject.getIdentity();
			
			String firstName = identityWithViolation.getFirstname();
			String lastName = identityWithViolation.getLastname();
			String lanId = identityWithViolation.getAttribute("lanId");
			String identityName = identityWithViolation.getAttribute("displayName");

			emailVariables.put("firstName", firstName);
			emailVariables.put("lastName", lastName);
			emailVariables.put("lanId", lanId);
			emailVariables.put("identityName", identityName);

			for (int i = 0; i &lt; approvalObject.getArgument("ViolatingEntitlements").size(); i++) {
				sailpoint.object.IdentitySelector.MatchTerm entitlementViolatingAtTop = approvalObject.getArgument("ViolatingEntitlements").get(i);
				if (entitlementViolatingAtTop != null) {       
					String applicationNameForViolatingEntitlement = "";
					String entitlementValueForViolatingEntitlement = "";
					String accountNameForViolatingEntitlement="";

					if(entitlementViolatingAtTop.getApplication() != null ){
						applicationNameForViolatingEntitlement = entitlementViolatingAtTop.getApplication().getName();
						accountNameForViolatingEntitlement= getAccountNmae(identityWithViolation, entitlementViolatingAtTop.getApplication());                                   
					}
					if(entitlementViolatingAtTop.getValue() != null) {
						entitlementValueForViolatingEntitlement = entitlementViolatingAtTop.getValue();
					}

					if(entitlementValueForViolatingEntitlement.equalsIgnoreCase(piiMarkerGroup)) {
						PIIEntitlementsToBeAddedToViolation.add(entitlementViolatingAtTop);
					}else {      
						boolean checkThruLCMmethodResult = checkIfThroughLCM(applicationNameForViolatingEntitlement, identityWithViolation.getName(), entitlementValueForViolatingEntitlement) ;      
						logger.debug("CheckThruLCMmethodResult::  " + checkThruLCMmethodResult );      
						if( checkThruLCMmethodResult == true ) {
							entitlementsTobeAddedToViolation.add(entitlementViolatingAtTop);     
							Map entDetails = getEntitlementDetails(entitlementValueForViolatingEntitlement, applicationNameForViolatingEntitlement);
				
							auditDetectiveSOD( "Violation Detected","Aggregation",lanId,entDetails.get("LogiplexName"),entitlementValueForViolatingEntitlement,accountNameForViolatingEntitlement,approvalObject,"Aggregation",lanId );  
				
							emailVariables.put("entitltmentName",entitlementValueForViolatingEntitlement);
							emailVariables.put("entitltmentDesc",entDetails.get("EntitlementDescription"));
			   
							if(violationTemplate!= null){
								logger.debug("Violation temp loop");
								Identity policyViolationApproverObject   = approvalObject.getOwner();							
								if(null!=policyViolationApproverObject &amp;&amp; ( Util.listToCsv(ObjectUtil.getEffectiveEmails(context,policyViolationApproverObject)) != null)){
									approverEmails =  Util.listToCsv(ObjectUtil.getEffectiveEmails(context,policyViolationApproverObject));		
									EmailOptions ops = new EmailOptions(approverEmails, emailVariables);            
									try {
										context.sendEmailNotification(violationTemplate, ops);
									}catch(Exception e){ 
										log.error("Could not send email to GS team as : " + e);
									}
									logger.debug("Email Sent ");
								}
							}
						}
					}
				}
			}  
		}		
		if(entitlementsTobeAddedToViolation != null &amp;&amp; entitlementsTobeAddedToViolation.size() >0){         
			entitlementsTobeAddedToViolation.addAll(PIIEntitlementsToBeAddedToViolation) ;
			approvalObject.setArgument("ViolatingEntitlements",entitlementsTobeAddedToViolation );
			context.saveObject(approvalObject);
			context.commitTransaction();
			logger.debug("OBJECT persisted");
        }else{
			context.removeObject(approvalObject);
			context.commitTransaction();
			logger.debug("OBJECT DELETED");
        }
		
		logger.debug("End of workflow Step");
      </Source>
    </Script>
    <Transition to="End"/>
  </Step>
  <Step icon="Stop" name="End" posX="160" posY="126"/>
  <Step icon="Start" name="Start" posX="28" posY="10">
    <Transition to="Logs"/>
  </Step>
</Workflow>
Posted by at No comments:
Labels: , , , , ,

Wednesday, January 22, 2020

Sailpoint Rule - FieldValue Rule

Sailpoint Identity IQ  IIQ Rule FieldValue Rule


Creating a FiledValue Rule to populate the value in the provisioning policy . 

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule language="beanshell" name="Active Directory PH Accounts Field Value Rule" type="FieldValue">
  <Description>This rule can be used to generate a field value (eg - an account name) using data from the given Identity. If this rule is run in the context of a workflow step then the arguments passed into the step will also be available. Also, any field values that have been processed so far from the policy related to the Application/Role will be available.</Description>

  <Signature returnType="String">
    <Inputs>
      <Argument name="log">
        <Description>
          The log object associated with the SailPointContext.
        </Description>
      </Argument>
      <Argument name="context">
        <Description>
          A sailpoint.api.SailPointContext object that can be used to query the database if necessary.
        </Description>
      </Argument>
      <Argument name="identity" type="Identity">
        <Description>
          The Identity object that represents the user needing the field value.
        </Description>
      </Argument>
      <Argument name="link" type="Link">
        <Description>
          The sailpoint.object.Link that is being acted upon. If the link is not applicable,
          this value will be null.
        </Description>
      </Argument>
      <Argument name="group" type="ManagedAttribute">
        <Description>
          The sailpoint.object.ManagedAttribute that is being acted upon. If the managed attribute
          is not applicable, the value will be null.
        </Description>
      </Argument>
      <Argument name="project" type="ProvisioningProject">
        <Description>
          The provisioning project being acted upon. If a provisioning project is not applicable,
          the value will be null.
        </Description>
      </Argument>
      <Argument name="accountRequest" type="ProvisioningPlan.AccountRequest">
        <Description>
          The account request. If an account request is not applicable, the value will be null.
        </Description>
      </Argument>
      <Argument name="objectRequest" type="ProvisioningPlan.ObjectRequest">
        <Description>
          The object request. If an object request is not applicable, the value will be null.
        </Description>
      </Argument>
      <Argument name="role" type="Bundle">
        <Description>
          The role with the template we are compiling. If the role is
          not applicable, the value will be null.
        </Description>
      </Argument>
      <Argument name="application" type="Application">
        <Description>
          The sailpont.object.Application with the template we are compiling. If the application
          is not applicable, the value will be null.
        </Description>
      </Argument>
      <Argument name="template" type="Template">
        <Description>
          The Template that contains this field.
        </Description>
      </Argument>
      <Argument name="field" type="Field">
        <Description>
          The current field being computed.
        </Description>
      </Argument>
      <Argument name="current" type="Object">
        <Description>
          The current value corresponding to the identity or account attribute that the field represents.
          If no current value is set, this value will be null.
        </Description>
      </Argument>
      <Argument name="operation" type="ProvisioningPlan.Operation">
        <Description>
          The operation being performed.
        </Description>
      </Argument>
    </Inputs>
    <Returns>
      <Argument name="value">
        <Description>
          The string value created.
        </Description>
      </Argument>
    </Returns>
  </Signature>
  <Source>
    import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import sailpoint.object.Field;
 import sailpoint.object.Identity;  
 
 Log log = LogFactory.getLog("rule.fieldValueRule");
 log.debug("Entering FieldValue Rule");
   String value = ""; 
   log.debug("determining value for the field: "+field.getName());

    switch (field.getName()) {

      case "distinguishedName":
          value = "CN="+identity.getDisplayName().replace(",","\\,")+"OU=Accounts,DC=corp,DC=staging"; 
      break;
      
      case "sAMAccountName": 
      value= identity.getStringAttribute("name");      
      break; 

      case "userPrincipalName": 
         value=identity.getStringAttribute("name")+"@corp.staging";
      break; 

      case "password": 
      value= generatePassword();      
      break; 

      case "givenName": 
      value= identity.getFirstname();      
      break; 

      case "sn": 
      value= identity.getLastname();      
      break;  

      case "middleName": 
      value= identity.getStringAttribute(IDENTITY_MIDDLE_NAME);      
      break; 

      case "displayName": 
      value= identity.getDisplayName();    
      break;

      case "cn": 
      value= identity.getDisplayName();
      break;

      case "extensionAttribute1": 
      value = identity.getStringAttribute("employeeNumber");     
      break;

      default: 
      break;
    }
 log.debug("setting value: "+value);  
 log.debug("Exiting FieldValue Rule"); 
 return value;
  </Source>
</Rule>

Posted by at 1 comment:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)