Symantec IGA

Expand all | Collapse all

Modifying string attribute in connector xpress

Jump to Best Answer
  • 1.  Modifying string attribute in connector xpress

    Posted 11-08-2017 01:49 AM

    I have created a jdbc connector through connector xpress. I am provisioning user ID attribute to the database. I have a custom requirement that I need to insert '-' before the last character in the user ID before writing to the database like if ID is 41924F in Identity I need to change it to 41924-F. I need to know can this be achieved through connector xpress and how.

     

    Regards

    Ankur Arora



  • 2.  Re: Modifying string attribute in connector xpress
    Best Answer

     
    Posted 11-13-2017 05:33 AM

    Hi Ankur

     

    Connector xPress simply creates a dynamic connector that uses the same logic as the rest of the out of the box connectors. There are several ways of achieving your requirement out of the box. I am describing 2 approaches. My recommended approach would be the second one (using IM policy xpress)

     

    1. If your string has a fixed length, you can use the Rule Substrings supported in the provisioning server:  https://docops.ca.com/ca-identity-manager/14-1/EN/administrating/managed-endpoints-and-provisioning/provisioning-roles/advanced-rule-expressions/rule-substrings

     

    so if your string is always 8 characters then you could extract the first 7 characters, then add hyphen, then extract the last character, so your rule string becomes something like this:

     

    %YOURATTRIBUTE:1,7%-%YOURATTRIBUTE:8,1%

     

    2. I think your best option (and this would work with both static and dynamic length strings) is using Policy xPress policies. With policy xpress you have a possibility of using much more complex logic than with built-in rule substrings in provisioning server. You can dynamically search for strings / substrings via policy xpress.

     

    So I would trigger policy xpress whenever the value of your attribute is added / changed in IM and then using policy xpress I would break up the value of your attribute into the desired substrings and then write the modified value in a new user attribute mapped to your provisioning store user attribute that you later use in your JDBC DYN connector account templates.

     

     

    KR
    Russi



  • 3.  Re: Modifying string attribute in connector xpress

    Posted 11-14-2017 03:40 AM

    Hi Russi,

     

    I can't use the first approach as length of user ID is not fixed.

    For the 2nd approach do I need to take one more attribute in user store to store the modified value or I can directly pass that value to provisioning store or connector account template after modifying in xpress policy.

    If I have to maintain one more attribute in user store, can I manage this scenario in connector xpress somehow. Like I can modify the value of the attribute in connector xpress.

     

    Regards

    Ankur Arora



  • 4.  Re: Modifying string attribute in connector xpress

     
    Posted 11-14-2017 12:10 PM

    Hi Ankur,

     

    Please try to explore 'Converter' code in CX together with Operation Bindings.

     

    Regards,

    Sumeet

     



  • 5.  Re: Modifying string attribute in connector xpress

     
    Posted 11-15-2017 09:30 AM

    Hi Ankur

     

    So in addition to what Sumeet has suggested, Policy xPress is also an option. You cannot update Provisioning User attributes directly from Policy xPress, you need to update IM user attribute.

     

    You have 2 options:

     

    1) either you substitute the value of the existing IM user attribute with the new, policy xpress transformed value and in this case you don't need another IM user attribute. Whether you want to do this depends on whether you need both values (i.e. the previous value without hyphen and the new value with hyphen)

     

    2) You create a new IM user attribute where you store the new transformed value - this way you keep both values: the old without the hyphen and the new with hyphen. However, you don't have to map both of these IM user attributes to provisioning user attributes. You can map just the second IM attribute to the provisioning user.

     

    KR
    Russi