Symantec IGA

I have a date in a string format in IDM and while provisioning to a custom database account this needs to be parsed using the following format:

Date format: DDMMYYYY

Rule String: %UCU06:5,4%-%UCU06:3,2%-%UCU06:1,2%

the format yields YYYY-MM-DD

however, when there is no date this yields "--", and that fails provisioning as that is not a valid date type for a database

could i check in the first place if the date is blank and then convert the date using rule strings?

any pointers or alternate solutions are appreciated. The base date format may not be changed as that is the customer specified format.

Thanks

Abinash

Hi Abinash,

I do not see any easy quick solution based on existing template rule strings and built-in functions.
The solution is to write a Custom Function Program Exit.
Please look at:

https://docops.ca.com/ca-identity-manager/12-6-8/EN/reference/program-exits/common-program-exits/custom-function-program-exits
It requires some technical development skills.
In the past I had written the following TEC595663 tech doc:
https://support.ca.com/us/knowledge-base-articles.TEC595663.html
You can see my sample Custom Function Program Exit which returns an XML block with the expected formatted date as "yyyy-mm-ddTHH:MM:SSZ" of the current date/time in local time.
In your case, %UCU06% can be passed in argument to your custom function, e.g.: %$FuncName(%UCU06%)%, your program exit can test if the argument is empty, if so returning an empty result value else the formatted date.

Philippe.

Hi Sumeet, 

I would like to pursue this idea, as a Program exit would be a bit tricky. Are you suggesting we can change the values in the customfields in an Globaluser, without making changes to to the user in IDM?

could you please elaborate?

Thanks

Abinash

PS: how are you doing? been a long time since we met!

Hi Sumeet,

I am trying to configure a PX to update the account with the required value, and that seems possible, however, I am stuck at a point in the task where the account is not created when the policy is evaluating, as the task is a create user task and the birthright AD account is an identity policy. I tried, AssignProvisioningRoleEvent to no avail. How do I delay the update till the account is created?

Thanks,

Abinash

I would not advise with custom coded provisioning program exit as that has been marked for deprecation long ago and adds complexity/cost to upgrades and maintainability of the system.

Instead you may want to review the below documentation link which mentions some existing built-in rule string functions. The FIRSTOF and NOTEMPTY ones look like they might be helpful to meet your requirements.

Built-in Rule Functions - CA Identity Manager - 12.6.8 - CA Technologies Documentation 

Hi Kenny,

The NOTEMPTY does not seem to me as a likely option as it fails provisioning when the value is empty, and that is no different from now, which fails provisioning due to an incorrect format for the date.

The FIRSTOF is taking the first value, in my case i am creating the entire date from its value, so: 

for example:

FIRSTOF(%UCU06:5,4%-%UCU06:3,2%-%UCU06:1,2%,'')

this will create the first value as '--' and that is not blank so it will be set and fail provisioning. 

have i understood it incorrectly?

Thanks

Abinash

The FIRSTOF or NOTEMPTY would be useful if you were trying to set some default values if no date was set in %UCU06% in your case.

As was mentioned in someone's earlier reply you could look to use PX Policies or Javascript in the IM screen to ensure that a value exists and/or a default value is set and also look to handle the formatting in the IM layer such that the already formatted value (if any) is passed to the Provisioning User's %UCU06% and then you can simply reference %UCU06% without trying to reformat it within a template's rulestring. That is probably best.