Symantec IGA

  • Private Community
 View Only

  • 1.  Setting Tab not found in TEWS SOAP call.

    Posted Jul 01, 2019 08:46 AM
    Hi,

    I have a task which is configured as follows:

    Object type: Provisioning Role
    Event: Modify
    Search: All Provisioning roles

    Tabs:
    Owners

    And thats it.

    I would like to call this task with a SOAP action in a PX policy however initial testing has my stucked with the following error message:

    <?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tews="http://tews6/wsdl" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/soap/envelope/ http://schemas.xmlsoap.org/soap/envelope/" >
    <soapenv:Body>
        <soapenv:Fault>
            <faultcode>soapenv:Server</faultcode>
            <faultstring>Unknown processing error.</faultstring>
            <detail>
                <tews:ImsException version="6.0" >
                    <tews:exception>
                        <tews:name>com.netegrity.ims.exception.TabNotFoundException</tews:name>
                        <tews:code>700</tews:code>
                        <tews:description>
                            <![CDATA[The task does not contain the tab Owners.
]]>
                        </tews:description>
                        <tews:transaction>c1168b5b-017498db-31529fab-2369254</tews:transaction>
                    </tews:exception>
                </tews:ImsException>
            </detail>
        </soapenv:Fault>
    </soapenv:Body>
</soapenv:Envelope>

    This is nonsense as the SOAP body is created by using the excact generated WSDL example from SOAPUI and indeed there IS a tab named Owners.
    This is the Soap call:

    <?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">
   <soapenv:Header/>
   <soapenv:Body>
      <wsdl:CreateOwnerPoliciesForProvisioningRolesAPI>
          <wsdl:TaskContext>
             <wsdl:admin_id>adminuser</wsdl:admin_id>
             <wsdl:admin_password>password</wsdl:admin_password>
        </wsdl:TaskContext>
         <wsdl:CreateOwnerPoliciesForProvisioningRolesAPISearch>
            <!--<wsdl:CreateNew>true</wsdl:CreateNew>-->
            <wsdl:Subject index="0">
               <!--You have a CHOICE of the next 5 items at this level-->
               <wsdl:Tag>CreateOwnerPoliciesForProvisioningRolesAPI</wsdl:Tag>
            </wsdl:Subject>
            <!--<wsdl:Name>OS_P_TewsCreated-App2_Monitor</wsdl:Name>-->
            <wsdl:Filter index="0">
               <wsdl:Field>%NAME%</wsdl:Field>
               <wsdl:Op>EQUALS</wsdl:Op>
               <wsdl:Value>OS_P_TewsCreated-App2_Monitor</wsdl:Value>
               <!--<wsdl:Conj>?</wsdl:Conj>-->
            </wsdl:Filter>
         </wsdl:CreateOwnerPoliciesForProvisioningRolesAPISearch>
         <wsdl:CreateOwnerPoliciesForProvisioningRolesAPIOwnersTab>
            <wsdl:Policy>
               <wsdl:add index="0">
                  <wsdl:Owner><![CDATA[<MemberRule><RoleMember><AdminRole name="Anonymous"/><AdminRole name="Anonymous2"/><AdminRole name="System Manager"/><AdminRole name="Anonymous3"/></RoleMember></MemberRule>]]></wsdl:Owner>
               </wsdl:add>
            </wsdl:Policy>
         </wsdl:CreateOwnerPoliciesForProvisioningRolesAPIOwnersTab>
      </wsdl:CreateOwnerPoliciesForProvisioningRolesAPI>
   </soapenv:Body>
</soapenv:Envelope>

    And I probable also have an issue with the Subject in the Search screen.

    Br
    Kevin.



  • 2.  RE: Setting Tab not found in TEWS SOAP call.

    Broadcom Employee
    Posted Jul 01, 2019 01:23 PM
    You should be creating provisioning roles through IM.  If this is a one time jobs due to existing jobs it may be better to do the XML.  Please review the following KBs:

    Outside of TEWS:
    https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=31685  

    This provides an example of how to create a provisioning role via TEWS.  In your case you are resetting a provisioning role owner.
     


    ------------------------------
    Best regards,

    Scott Owens
    Sr Support Engineer
    Enterprise Software Division
    Broadcom Inc.
    ------------------------------

    Original Message


  • 3.  RE: Setting Tab not found in TEWS SOAP call.

    Posted Jul 01, 2019 02:33 PM
    Edited by Kevin Kruse Jul 02, 2019 02:13 AM
    Thank you, but I am perfectly aware what I am doing.
    I have no problem creating the roles through TEWS but I needs to enforce a specific owner and administrator policy on them - no matter what else the requester had defined in the initial provisioning role creation task. With PX policies the only way is to do a SOAP request which does this.



    Original Message


  • 4.  RE: Setting Tab not found in TEWS SOAP call.
    Best Answer

    Posted Jul 01, 2019 02:39 PM
    Edited by Christopher Hackett Jul 05, 2019 11:49 AM
    However I did find the answer though it is kinda weird.

    I removed the "Tab" part of the xml tag and then it worked. Now I have run it a couple of times and now it wants the "Tab" part again. It has been consistent now though and works rather well.

    Only caveat is that there seems to be no "override whatever else is already defined with this" functionality so all it does is to add a new policy along with whatever is already defined.
    I have to then remove everything already defined by using the wsdl:Remove node. But I needs to define excactly WHAT I would like to remove - complete with CDATA and all. Would be nice if I at least just had to define which index to remove.

    There is no smart/easy way of blanking policy definitions so apparently the only really good option is to do this excersise "externaly". :-(