Discussion:
Rest Api Find Entitlement Method for ISIGI Schemas Error
(too old to reply)
Devran Uluçay
2020-02-18 07:25:09 UTC
Permalink
Hi,

I want to use IBM Identity Governance and Intelligence Rest Api in IBM SDI(Find Entitlement Method).

Output Map: http.body

{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"]
}

I filled realm Authorization(Bearer Auth) etc.

I take error(The attribute schemas required in schema.)

What can I do?

Thanks.

Thanks.
Franzw
2020-02-18 07:32:58 UTC
Permalink
Post by Devran Uluçay
Hi,
I want to use IBM Identity Governance and Intelligence Rest Api in IBM SDI(Find Entitlement Method).
Output Map: http.body
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"]
}
I filled realm Authorization(Bearer Auth) etc.
I take error(The attribute schemas required in schema.)
What can I do?
Thanks.
Thanks.
So - if I understand you correct you are trying to run REST through the ISIGI VA ?

I have a sample somewhere for ISIM VA that is basically the same platform (LMI wise) - if you can confirm that you are trying to use the LMI REST I can dig it up for you...

HTH

Regards
Franz Wolfhagen
Devran Uluçay
2020-02-18 08:09:24 UTC
Permalink
Hi,

I am using IBM SDI Http Client Connector Call Reply Mode.
I can login method successfuly. I take token for ISIGI Admin Console.
Then I use this token second Http Client Connector for ISIGI Find Entitlement Rest Api Method. I use http.body in output map but I receive error.
Schemas required in body but there is a schemas in body.
Devran Uluçay
2020-02-18 08:26:02 UTC
Permalink
I filled output map in http client connector output map.

http.body = { "schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"] }

Document: https://www.ibm.com/support/knowledgecenter/en/SSGHJR_5.2.4/com.ibm.igi.doc/reference/ref/ref_governance_rest_api_download.html

First I authenticate in first http client connector, then I call the find entitlement method for ISIGI with the token that came to me and the second http client connector. I get the following error although there is schemas in http.body.

Error: Attribute schemas required in body.
Devran Uluçay
2020-02-18 12:56:40 UTC
Permalink
Hello,

I wanted to explain it properly.

ISIGI = IBM Security Identity Governance and Intelligence

With POSTMAN Rest Api
First login method then,
I achieved I got the data I wanted.
Request = {
"schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],
"filter" : "urn:ibm:params:scim:schemas:extension:bean:agc:2.0:Entitlement:name eq \"\"",
"count" : 349
}

Header = realm = IDEAS
Authorization = Bearer Authorization (Token from first connector)
Content-Type = application/scim+json


MY IBM SDI PROJECT DETAILS

First Http Client Connector(Login Method for ISIGI)

I achieved IBM Security Identity Governance and Intelligence Rest Api Login method. I got a token from here.


Second Http Client Connector(Find Entitlement Method for ISIGI)

Connection = https://igitst.bilgibirikim.com:9343/igi/v2/agc/entitlements/.search

Post Method

Input Map = Empty

Output Map

http.body = {
"schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],
"filter" : "urn:ibm:params:scim:schemas:extension:bean:agc:2.0:Entitlement:name eq \"\"",
"count" : 349
}

http.realm = IDEAS

http.Authorization = ret.value="Bearer " + work.Token; (Token came from first connector)

When I click Run in Console in IBM SDI

I take error =

detail (replace): 'The attribute "schemas" in the body is required.'

Bad Request 401 Error

There are actually schemas in http.body.
j***@gmail.com
2020-02-19 03:41:42 UTC
Permalink
Hi Devran,
your explanation looks good to me.

You could try to dump the conn Entry in the Before CallReply hook,
and see if that gives you any clue as to what the problem could be:
task.dumpEntry(conn)
Maybe some quotes that are missing or something like that.

Also, be aware that if you have attached a Parser to the HTTPClientConnector,
that Parser will be used to generate a body, overriding the http.body attribute.
Devran Uluçay
2020-02-19 07:32:07 UTC
Permalink
Hi Jens,

Thanks for your answer.
I added task.dumpEntry(conn) in before callreply hook however I couldn't observe a change.
When I changed parser(previously i was using json parser), error is change '{"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":400,"scimType":"invalidSyntax","detail":"Invalid request body. Details: Unrecognized token 'HTTP': was expecting ('true', 'false' or 'null')\n at [Source: org.apache.cxf.transport.http.AbstractHTTPDestination$***@7f77e119; line: 1, column: 6

I couldn't understand why.

Thanks.
Franzw
2020-02-19 07:46:01 UTC
Permalink
Post by Devran Uluçay
Hi Jens,
Thanks for your answer.
I added task.dumpEntry(conn) in before callreply hook however I couldn't observe a change.
I couldn't understand why.
Thanks.
Do not use a parser....

Build you json payload as outlined by Eddie here : http://www.tdiingoutloud.com/2013/09/json-and-xml-tutorial-part-1.html (you will probably need to go through all the tutorials - this is just the first).

I normally build json or xml using the "dot" syntax of SDI making it easy to handle it.

Basically the flow is :
1.create an Entry
2.Build your payload
3.output the Entry to http.body using Entry.toJSON()

You can also start with a json strin - create your entry using the Entry.fromJSON() - it is also a good way to play around with an entry to learn how to reference your json structure...

Study the Attribute and Entry apidoc entries - they are containing a lot of gold...

HTH
Regards
Franz Wolfhagen
Devran Uluçay
2020-02-19 08:30:24 UTC
Permalink
Hi,

Thanks for your answer.
I'm new in SDI.
I couldn't understand exactly how to do it. I last wrote what I wrote in http.body. Now I removed the parser. hentry = system.newEntry () in empty script before the second connecter
hentry.root = "schemas"
hentry.root.branch = "urn: ietf: params: scim: api: messages: 2.0: SearchRequest"

I wrote this. Then, after the second connector, again in empty script task.logmsg ("Data:" + hentry.toJSON ());

I wrote this but it didn't work. Can you explain in detail?
Franzw
2020-02-19 08:39:35 UTC
Permalink
Post by Devran Uluçay
Hi,
Thanks for your answer.
I'm new in SDI.
I couldn't understand exactly how to do it. I last wrote what I wrote in http.body. Now I removed the parser. hentry = system.newEntry () in empty script before the second connecter
hentry.root = "schemas"
hentry.root.branch = "urn: ietf: params: scim: api: messages: 2.0: SearchRequest"
I wrote this. Then, after the second connector, again in empty script task.logmsg ("Data:" + hentry.toJSON ());
I wrote this but it didn't work. Can you explain in detail?
The code looks fine from an SDI perspective - but what you create is ONLY a schema entry - you also need to build a search request...

In the I doc for "Find Entitlement" I find this example

Example 1
POST https://www.example.com:9343/igi/v2/agc/entitlements/.search
POST_DATA:
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],
"filter" : "urn:ibm:params:scim:schemas:extension:bean:agc:2.0:Entitlement:name sw \"testEnt\""
}

Example 2: to find administrative entitlement must specifies administrative eq 1 in filter expression
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],
"filter" : "urn:ibm:params:scim:schemas:extension:bean:agc:2.0:Entitlement:name sw \"REST\"
and urn:ibm:params:scim:schemas:extension:bean:agc:2.0:Entitlement:administrative eq 1"
}

As you can see you are missing a lot of payload in your POST.

You can eventually just take this string as payload and see it works...

Advice - go through Eddie's tutorial and things will hopefully be clearer - SDI has a learning curve and you need to invest some time (not much - but some) to gt a grip on how it works - powerful tools requires some experience before you can really use them...

HTH

Regards
Franz Wolfhagen
Devran Uluçay
2020-02-19 10:20:54 UTC
Permalink
Hi Franz,

Thanks for your answer.
In my request, as you mentioned in the document.

My http client connector call reply mode Output Map Arguments:

http.Authorization = bearer auth(token came from first http client connector no problem)
http.body =
ret.value = {
"schemas" : ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],
"filter" : "urn:ibm:params:scim:schemas:extension:bean:agc:2.0:Entitlement:name eq \"\"",
"count" : 226
}

http.realm = IDEAS

body was filled as you said, but the error continues.
Franzw
2020-02-19 10:41:12 UTC
Permalink
Post by Devran Uluçay
Hi Franz,
Thanks for your answer.
In my request, as you mentioned in the document.
http.Authorization = bearer auth(token came from first http client connector no problem)
http.body =
ret.value = {
"schemas" : ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],
"filter" : "urn:ibm:params:scim:schemas:extension:bean:agc:2.0:Entitlement:name eq \"\"",
"count" : 226
}
http.realm = IDEAS
body was filled as you said, but the error continues.
If this is accurat output you are missing (single) quotes around your json string :

ret.value = '{
"schemas" : ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],
"filter" : "urn:ibm:params:scim:schemas:extension:bean:agc:2.0:Entitlement:name eq \"\"",
"count" : 226
}'

and it should be on one line or use "+" to build the correct string value...

HTH

Regards
Franz Wolfhagen
Devran Uluçay
2020-02-19 11:01:49 UTC
Permalink
Hi,

I tried

ret.value = '{
"+" "schemas" : ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],
"+" "filter" : "urn:ibm:params:scim:schemas:extension:bean:agc:2.0:Entitlement:name eq \"\"",
"+" "count" : 349
}';


but it looks wrong.

second way

ret.value = '{
"schemas" : ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],
"filter" : "urn:ibm:params:scim:schemas:extension:bean:agc:2.0:Entitlement:name eq \"\"",
"count" : 349
}';


this didn't work either.
Franzw
2020-02-19 18:48:04 UTC
Permalink
Post by Devran Uluçay
Hi,
I tried
ret.value = '{
"+" "schemas" : ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],
"+" "filter" : "urn:ibm:params:scim:schemas:extension:bean:agc:2.0:Entitlement:name eq \"\"",
"+" "count" : 349
}';
but it looks wrong.
second way
ret.value = '{
"schemas" : ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],
"filter" : "urn:ibm:params:scim:schemas:extension:bean:agc:2.0:Entitlement:name eq \"\"",
"count" : 349
}';
this didn't work either.
You need to be careful about quoting - and understand the difference between single and double quotes (and how to handle quotes inside a JavaScript string...

If you have very little experience in programming you must start learning the basics. SDI can help you - but you need to master the basics...

Regards
Franz Wolfhagen
j***@gmail.com
2020-02-20 02:25:56 UTC
Permalink
You could try something like this:

ret.value = '{\n' +
' "schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],\n'+
' "filter" : "urn:ibm:params:scim:schemas:extension:bean:agc:2.0:Entitlement:name eq \\"\\"",\n'+
' "count" : 349\n' +
'} '
Devran Uluçay
2020-02-25 12:01:36 UTC
Permalink
Thanks for your answer.
I solved problem.
I have json data. I want to parse this json data to csv file.
I'm using hierarchy entry but not working.
Example Data:

{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 349,
"totalPage": 1,
"page": 1,
"itemsPerPage": 349,
"resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Entitlement",
"urn:ibm:params:scim:schemas:extension:bean:agc:2.0:Entitlement"
],
"id": "800",
"meta": {
"created": 1556093067000,
"lastModified": 1556093068000
},
"type": 3,
"urn:ibm:params:scim:schemas:extension:bean:agc:2.0:Entitlement": {
"code": "testRole",
"lastModTime": 1556093068000,
"incompHigh": false,
"incompMedium": false,
"incompLow": false,
"administrative": 0,
"published": 1,
"isFulFilled": false,
"creationDate": 1556093067000,
"name": "testRole",
"description": "testRole_mta"
}
},
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Entitlement",
"urn:ibm:params:scim:schemas:extension:bean:agc:2.0:Entitlement"
],
"id": "1097",
"meta": {
"created": 1576146817000,
"lastModified": 1576146815000,
"lastModUser": "Rule Engine TARGET"
},
"type": 1,
"urn:ibm:params:scim:schemas:extension:bean:agc:2.0:Entitlement": {
"code": "d4efcd9a-238c-4d33-b9ee-85785afd8d74",
"application_id": 132,
"application_name": "MSSQLConnector",
"lastModTime": 1576146815000,
"lastModUser": "Rule Engine TARGET",
"externalRef": "master:dbo",
"incompHigh": false,
"incompMedium": false,
"incompLow": false,
"administrative": 0,
"published": 0,
"isFulFilled": true,
"creationDate": 1576146817000,
"name": "master:dbo",
"permissionType_id": 144,
"permissionType_name": "SQLDbSchemaGrpProfile"
}
},

Thanks.

Loading...