Symantec IGA

 View Only
  • 1.  getAttibute fail in BHLT only for some attribute (that are not present in screen)

    Posted Sep 21, 2023 08:32 AM

    Hi to all,

    I'm writing a BLTH in javascript. My BLTH has thow parts. The first part is for handleSetSubject and I use it to retrieve some information via TEWS.

    in my handleSetSubject I have this code:


    var user = BlthContext.getUser();   
    var imAdminParentCodEnt=user.getAttribute("imAdminParentCodEnt");
     var hasOTP=user.getAttribute("teletexTerminalIdentifier").indexOf("phone") != -1 ? "TRUE" : "FALSE";

    var imDisabledState=user.getAttribute("imDisabledState");

    but it fail on read teletexTerminalIdentifier attribute.

    The issue is only on teletexTerminalIdentifier it gives me an AttributeNotPresentException 

    All three imAdminParentCodEntteletexTerminalIdentifier ,imDisabledState attribute are not present on task screen but are present on user store.

    The only difference is that in my userstore XML the atrtribute teletexTerminalIdentifieris marked sensitive

            <ImsManagedObjectAttr physicalname="teletexTerminalIdentifier" description="OTPSeed" displayname="OTPSeed" valuetype="String" maxlength="0">
                <DataClassification name="ignore_on_copy"/>
                <DataClassification name="sensitive"/>
            </ImsManagedObjectAttr>

    could this be the problem?

    My need is to let the person calling the task know whether that attribute is valued or not without showing its value. I will write hasOTP 

    in a screen logical attribute (such as |hasOTP| ).

    Thanks in advanve

    Marco



  • 2.  RE: getAttibute fail in BHLT only for some attribute (that are not present in screen)

    Posted Sep 21, 2023 03:48 PM

    Hi to all,

    It seems that I can't use getAttribute to get a sensitive attribute from BHLT.
    I marked this attribute sensitive beacuse I don't wont it appear on VST, but I need it's value in my BLTH beacuse I must report to helpdesk user in some way if it has a valid value for a derminated user.

    How could I implement it?

    I have an idea but I don't like it. I should extend the directory with a new non-sensitive attribute and make an identity policy that sets this new attribute to TRUE or FALSE depending on whether the sensitive attribute is valid or not. So with kettle I enhance the attribute for the users already present (which is 120K too many for a bulk task, with kettle it's faster)

    Do you have any other suggestions?

    Marco





  • 3.  RE: getAttibute fail in BHLT only for some attribute (that are not present in screen)

    Posted Sep 22, 2023 02:12 AM

    Try to add an AttributeRightsCollection before you get the attribute.

    String some = getAttributeSingleValue(user, "imAdminParentCodEnt");

        public static String getAttributeSingleValue(ManagedObject mo, String attributeName) 
        {
            String attrVal = null;
            try {
                attrVal = mo.getAttribute(attributeName);
            }
            catch (AttributeNotPresentException e)
            {
                AttributeRightsCollection attrC = new AttributeRightsCollection();
                attrC.addEntry(new AttributeRight(attributeName, PermissionType.READONLY));
                try {
                    mo.addAttributes(attrC);
                    attrVal = mo.getAttribute(attributeName);
                } catch (Exception ex) {
                    //throw new CustomException(ex.getMessage());
                }
            }
            catch (Exception ex) {
                // throw new CustomException(ex.getMessage());
            }
            return attrVal;
        }




  • 4.  RE: getAttibute fail in BHLT only for some attribute (that are not present in screen)

    Posted Sep 22, 2023 08:42 AM

    Hi Dirk!
    It work :) Thanks!

    Marco