Monday, October 16, 2023

Disable BlackListUsers in ForgeRock

 //ForgeRock IDM ->Configure ->Mappings ->Behaviour ->Situational Event Script

Check Policies under behavior like absent - create, Found -update

//OnCreate Script to Disable the BlackListUsers based on cisNo matching to blackListUser. So that they cannot login into the system

var cisNo=target.blcCisNo;

if(cisNo){

var userQuery={"_queryFilter": "cisNo eq "+cisNo};

}

try{

var matchingUsers=openidm.query("managed/user", userQuery);

if(matchingUsers.result.length > 0)){

for(var i=0; i< matchingUsers.result.length; i++){

var userId=matchingUsers.result[i]._id;

var user =openidm.read("managed/user/"+userid);

var result=openidm.patch("managed/user/"+userid", null ,[{"operation": "replace","field":"/disabledStatus","value":"1"}]);

}

catch(e){

logger.error("error updating user account " +e);

}

}

}

Thursday, October 12, 2023

AfterProvisioning Rule

import java.util.ArrayList;

import java.util.HashMap;

import java.util.List;

import java.util.Map;

import org.apache.commons.logging.Log;

import org.apache.commons.logging.LogFactory;

import sailpoint.api.SailPointContext;

import sailpoint.object.EmailOptions;

import sailpoint.object.EmailTemplate;

import sailpoint.object.Identity;

import sailpoint.object.ProvisioningPlan;

import sailpoint.object.ProvisioningPlan.AccountRequest;

import sailpoint.object.ProvisioningResult;

import sailpoint.tools.GeneralException;


public class SendMail {

static SailPointContext context = null;

static ProvisioningPlan plan = null;

public static void main(String[] args) throws GeneralException {

Log logger = LogFactory.getLog("rule.active directory.Common.fieldvalue.create");

String userType = null;

Map emailTemplateArguments = new HashMap();

List toEmailList = new ArrayList();

EmailOptions options = new EmailOptions();

if (null != plan && null != plan.getNativeIdentity()) {

logger.debug("Got the falcon delete plan :");

List<AccountRequest> accReqList = plan.getAccountRequests();

Identity identity = context.getObjectByName(Identity.class, plan.getNativeIdentity());

if (null != identity) {

logger.debug("The identity is : " + identity);

userType = identity.getAttribute("type").toString();

for (AccountRequest acctReq: accReqList) {

ProvisioningResult provResult = acctReq.getResult();

if (AccountRequest.Operation.Modify.equals(acctReq.getOperation())

&& !provResult.getStatus().equalsIgnoreCase("faild") && null != userType

&& !userType.equalsIgnoreCase("service")) {


logger.debug("Display name" + identity.getDisplayName());

emailTemplateArguments.put("identityDiaplayName", identity.getDisplayName());


logger.debug("The email address" + identity.getAttribute("email"));

String mail = (identity.getAttribute("email") != null)? identity.getAttribute("email").toString(): null;


if (null != mail) {

toEmailList.add(mail);

options.setTo(toEmailList);

options.addVariables(emailTemplateArguments);

EmailTemplate emailTemplateUserID = context.getObjectByName(EmailTemplate.class, "emailTemplateName");

logger.debug("The emailTemplateUserID------------------------------" + emailTemplateUserID);

emailTemplateUserID.setBcc("abc@gmail.com");

context.sendEmailNotification(emailTemplateUserID, options);

logger.debug("email sent successfully-----------------------");

}

}


if (AccountRequest.Operation.Delete.equals(acctReq.getOperation())

&& !provResult.getStatus().equalsIgnoreCase("faild") && null != userType

&& !"service".equalsIgnoreCase(userType)) {

Map emailTemplaetArguments = new HashMap();

logger.debug("The falcon Display name" + identity.getDisplayName());

emailTemplaetArguments.put("identityDiaplayName", identity.getDisplayName());

String mail = (identity.getAttribute("email") != null)? identity.getAttribute("email").toString(): null;

logger.debug("Got the email address" + mail);

if (null != mail) {

logger.debug("Inside the loop testing");

toEmailList.add(mail);

options.setTo(toEmailList);

options.addVariables(emailTemplaetArguments);

EmailTemplate emailTemplateUserID = context.getObjectByName(EmailTemplate.class,"LeaveremailTemplateName");

emailTemplateUserID.setBcc("abc@gmail.com");

context.sendEmailNotification(emailTemplateUserID, options);

logger.debug("email sent successfully-----------------------");

}

}

}

}

}

}

}

Single Account Aggregation

  import sailpoint.object.Application;

  import sailpoint.object.Attributes;

  import sailpoint.object.ResourceObject;

  import sailpoint.object.TaskResult;

  import sailpoint.object.Rule;

  import sailpoint.api.Aggregator;

  import sailpoint.connector.Connector;

  import sailpoint.tools.CloseableIterator;

  import java.util.regex.Pattern;

  import org.apache.log4j.Logger;

  import org.apache.log4j.Level;


  long startTime = System.currentTimeMillis();

  // Initialize the error message to nothing.

  String errorMessage = "";

  String mtaRefreshrule="RuleAdLdsAccountGroupRefresh";

  String rchRefreshrule="ActiveDirectory Account Group Refresh Rule";

  List nativeIdentities= new ArrayList(); 

  //chagnge only below two values

  nativeIdentities.add("CN=testrenamecidm2renamedAgain3,DC=test,DC=com");

  appName="Active Directory";  

  log.error("nativeIdentitiesList:: "+nativeIdentities);

  Application appObject = context.getObjectByName(Application.class, appName);

  String appConnName = appObject.getConnector();


  if(appName.equals("LDAP - MTA")) rule=mtaRefreshrule;

  if(appName.equals("Active Directory")) rule=rchRefreshrule;

  rule=null;


  log.debug("Application " + appName + " uses connector " + appConnName);

  Connector appConnector = sailpoint.connector.ConnectorFactory.getConnector(appObject, null);


  if (null == appConnector)

  {

    errorMessage = "Failed to construct an instance of connector [" + appConnName + "]";

    return errorMessage;

  }

  log.debug("Connector instantiated, calling getObject() to read group details...");

  List resourceObjects = new ArrayList();

  for (String nativeIdentity : nativeIdentities)  {

    ResourceObject rObj;

    try

    {

      rObj = appConnector.getObject("group", nativeIdentity, null);    

      resourceObjects.add(rObj);

      log.debug("Got raw resourceObject: " + rObj.toXml());

    }

    catch (sailpoint.connector.ObjectNotFoundException onfe)

    {

      errorMessage = "Connector could not find group: [" + nativeIdentity + "]";

      errorMessage += " in application  [" + appName + "]";

      log.error(errorMessage);

      log.error(onfe);

      return errorMessage;

    }

    if (null == rObj)    {

      errorMessage = "ERROR: Could not get ResourceObject for group : " + nativeIdentity;

      log.error(errorMessage);

      return errorMessage;

    }

  }

  // Next we perform a miniature "Aggregation" using IIQ's built in Aggregator.

  // Create an arguments map for the aggregation task. 

  // To change this (if you need to), the map contains aggregation options and is the same as the 

  // arguments to the account aggregation tasks.  Some suggested defaults are:

  Attributes argMap = new Attributes();

  argMap.put("descriptionLocale", "en_US");

  argMap.put("accountGroupRefreshRule", rule);

  argMap.put("aggregationType", "group");

  argMap.put("checkDeleted", "true");

  //Construct an aggregator instance.

  Aggregator agg = new Aggregator(context, argMap);


  if (null == agg)

  {

    errorMessage = "Null Aggregator returned from constructor.  Unable to Aggregate!";

    log.error(errorMessage);

    return errorMessage;

  }

  // Invoke the aggregation task by calling the aggregate() method.

  // Note: the aggregateGroup() call may take several seconds to complete.

  log.debug("Calling aggregateGroup() method... ");


  //Rule customizationRule = context.getObjectByName(Rule.class, "RuleGMCustomization");

  Rule customizationRule = appObject.getCustomizationRule();

  for (rObject : resourceObjects)

  {

    if (null != customizationRule)

    {

      log.debug("Customization rule selected for applicaiton " + appName);


      try

      {

        // Pass the mandatory arguments to the Customization rule for the app.

        HashMap ruleArgs = new HashMap();

        ruleArgs.put("context", context);

        ruleArgs.put("log", log);

        ruleArgs.put("object", rObject);

        ruleArgs.put("application", appObject);

        ruleArgs.put("connector", appConnector);

        ruleArgs.put("state", new HashMap());


        // Call the customization rule just like a normal aggregation would.

        ResourceObject newRObj = context.runRule(customizationRule, ruleArgs, null);


        // Make sure we got a valid resourceObject back from the rule.  

        if (null != newRObj)

        {

          rObject = newRObj;


          log.debug("Got post-customization resourceObject: " + rObject.toXml());

        }

      }

      catch (Exception ex)

      {

        // Swallow any customization rule errors, the show must go on!

        log.error("Error while running Customization rule for " + appName);

      }

    }

    aggObject = agg.aggregateGroup(appObject, rObject);

    log.error("aggregation complete for :: " + rObject.toXml());

  }

  long endTime = System.currentTimeMillis();

  long testDuration = endTime - startTime;

  return aggObject;

  log.error("testDuration:: "+testDuration);

  if(aggObject != null) return "success";


  return "fail";



Wednesday, October 4, 2023

How to Call Task from TaskManager?

 import java.util.HashMap;

import java.util.Map;

import sailpoint.api.SailPointContext;

import sailpoint.api.TaskManager;

import sailpoint.object.Attributes;

import sailpoint.object.TaskDefinition;

import sailpoint.object.TaskResult;

import sailpoint.tools.GeneralException;


public class CallTask {

static SailPointContext context = null;


public static void main(String[] args) {

String taskName = "Test Rule";

Map map = new HashMap();

map.put("UserID", "000123");


Attributes attributes = new Attributes();

attributes.setMap(map);


try {

TaskManager taskManager = new TaskManager(context);

TaskDefinition taskDefinition = taskManager.getTaskDefinition(taskName);

TaskResult runWithResult = taskManager.runWithResult(taskDefinition, attributes);

runWithResult.getId();

} catch (GeneralException e) {

System.out.println("GeneralException: " + e.getMessage());

}

}

}

How to import Roles in IIQ?


import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import sailpoint.api.SailPointContext;
import sailpoint.api.Terminator;
import sailpoint.object.Application;
import sailpoint.object.Bundle;
import sailpoint.object.Filter;
import sailpoint.object.GroupDefinition;
import sailpoint.object.Identity;
import sailpoint.object.IdentitySelector;
import sailpoint.object.Profile;
import sailpoint.tools.GeneralException;
import sailpoint.tools.RFC4180LineParser;

public class ITRole {

static SailPointContext context = null;

public static void deleteRole(HashMap roleHash) throws GeneralException {

String roleName = roleHash.get("Role Name").toString();

Bundle bundle = context.getObjectByName(Bundle.class, roleName);
if (bundle != null) {
Terminator terminator = new Terminator(context);
terminator.deleteObject(bundle);
} else {
System.out.println("Role doesn't exist /  Role deleted...");
}

}

public static void bundBusinessRole(HashMap roleHash) throws GeneralException {
String orgRole = roleHash.get("Organization Role").toString();
String roleName = roleHash.get("Role Name").toString();
String roleType = roleHash.get("Role Type").toString();
String roleOwner = roleHash.get("Role Owner").toString();
String itRole = roleHash.get("IT Role").toString();
String assignmentRule = roleHash.get("Entilements").toString();

Bundle role = context.getObject(Bundle.class, roleName);

if (role == null) {
role = new Bundle();
}
role.setName(roleName);
if (roleType.toLowerCase().startsWith("it")) {
role.setType("it");
} else {
role.setType("business");
}

Identity ownerId = context.getObject(Identity.class, roleOwner);
if (ownerId == null) {
ownerId = context.getObjectById(Identity.class, "spadmin");
}
role.setOwner(ownerId);
role.setDisplayName(roleName);
role.setAllowDuplicateAccounts(false);
role.setAllowMultipleAssignments(false);
role.setMergeTemplates(false);

// Look up the role for the Inheritance here
Bundle bundleObj = context.getObject(Bundle.class, "LD");
role.addInheritance(bundleObj);

// Handle Business - role specific build out options here
if (role.getType().contains("business")) {
IdentitySelector identitySelector = new IdentitySelector();
GroupDefinition groupDefinition = context.getObjectByName(GroupDefinition.class, assignmentRule);
identitySelector.setPopulation(groupDefinition);
role.setSelector(identitySelector);

// Clear the Previous List of requirements for this role
if (null != role.getRoleAssignments()) {
role.getRequirements().clear();
}
// Add the required IT Roles for this business Role
Bundle requiredRole = context.getObjectByName(Bundle.class, itRole);
if (null == requiredRole) {
System.out.println("Required Roles not found...");
} else {
role.addRequirement(bundleObj);
}
}

context.saveObject(role);
context.commitTransaction();
context.decache(role);

return;
}

public static void bundRole(HashMap roleHash) throws GeneralException {
String roleName = roleHash.get("Role Name").toString();
String roleType = roleHash.get("Role Type").toString();
String roleOwner = roleHash.get("Role Owner").toString();
String appName = roleHash.get("Application Name").toString();
String attName = roleHash.get("Attribute").toString();
String entsList = roleHash.get("Entilements").toString();

Bundle role = null;
try {
role = context.getObject(Bundle.class, roleName);

if (role == null) {
role = new Bundle();
}
role.setName(roleName);
if (roleType.toLowerCase().startsWith("it")) {
role.setType("it");
} else {
role.setType("business");
}

Identity ownerId = context.getObject(Identity.class, roleOwner);
if (ownerId == null) {
ownerId = context.getObjectById(Identity.class, "spadmin");
}
role.setOwner(ownerId);
role.setDisplayName(roleName);
role.setAllowDuplicateAccounts(false);
role.setAllowMultipleAssignments(false);
role.setMergeTemplates(false);

// Lookup the application for the role, if one is required
Application appObj = null;

if (appName != null) {
appObj = context.getObject(Application.class, appName);
if (appObj == null) {
return;
}
}
// Convert the entitlements list into a list object

if (null != entsList) {
entsList.replace("\\/", "/");
}

RFC4180LineParser entParser = new RFC4180LineParser("|");
ArrayList<String> entitlements = entParser.parseLine(entsList);

// Look up the role for the Inheritance here
Bundle bundleObj = context.getObject(Bundle.class, "LD");
role.addInheritance(bundleObj);

// Handle IT - role specific build out options here
if (role.getType().contains("it")) {
// clear out the previous profiles on the role
if (null != role.getProfiles()) {
role.getProfiles().clear();
}
for (int e = 0; e < entitlements.size(); e++) {
Filter filter = Filter.eq(attName, entitlements.get(e));
Profile profile = new Profile();
profile.addConstraint(filter);
profile.setApplication(appObj);
role.add(profile);
}
}
} catch (Exception e) {
System.out.println("Exception : " + e.getMessage());
}
context.saveObject(role);
context.commitTransaction();
context.decache(role);

return;
}

public static void main(String[] args) {
int lineCounter = 0;
String dlm = ",";
String thisLine = "";
String headerString = "";
String valueString = "";
HashMap lineHash = null;
List bundles = null;
List headerStrings = new ArrayList();
String csvFileName = "P:\\IDM\\Sailpoint\\Ent-users.csv";

System.out.println("Role Creation Started ...");

BufferedReader fileIn = null;
File bundleFile = null;
System.out.println("Reading Bundle Data from : " + csvFileName);

try {
bundleFile = new File(csvFileName);

if ((!bundleFile.exists()) || bundleFile.isDirectory()) {
System.out.println("Unable to find the bundle csv file: " + csvFileName);
return;
}

fileIn = new BufferedReader(new FileReader(csvFileName));
RFC4180LineParser parser = new RFC4180LineParser(dlm);

while (null != (thisLine = fileIn.readLine())) {
ArrayList tokens = parser.parseLine(thisLine);

if (lineCounter == 0) {
for (int i = 0; i < tokens.size(); i++) {
headerStrings.add((String) tokens.get(i));
}
} else {
lineHash = new HashMap();
for (int i = 0; i < tokens.size(); i++) {
headerString = headerStrings.get(i).toString();
valueString = tokens.get(i).toString();
}
if (null != valueString) {
valueString = valueString.trim();
} else {
valueString = "";
}
lineHash.put(headerString, valueString);
}

try {
// Creating Roles Data
bundRole(lineHash);
} catch (Exception e) {
System.out.println("Error while Creating Data Exception : " + lineHash);
}
}
lineCounter++;

if ((lineCounter % 20) == 0) {
context.decache();
}
}
// fileIn.close();

catch (FileNotFoundException e) {
System.out.println("FileNotFoundException : " + e.getMessage());
} catch (IOException e) {
System.out.println("IOException : " + e.getMessage());
} catch (GeneralException e) {
System.out.println("GeneralException : " + e.getMessage());
}
}
}

Sunday, October 1, 2023

How to configure IdentityIQ to display all Identity Attributes?

Navigate to the Debug Page and add this entry to the UI Configuration object:

  • Search for "identityViewAttributes" keyword.
  • Add the attribute names correctly.
  • Scroll down and Save 

Fetch Members from Workgroup

  import java.util.ArrayList;   import java.util.Iterator;   import java.util.List;   import sailpoint.api.ObjectUtil;   import sailpoint.ob...