Register Sign in Need help? FAQ SailPoint directory
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Provisioning to a JDBC Source via an external jar

Provisioning to a JDBC Source via an external jar

Disclaimer: Some information in this article may be outdated, please verify details by referring to latest resources or reach out to our technical teams.

Introduction

In an effort to better enable both partners and customers, we have outlined a process that allows technically savvy customers the ability to make modifications to their JDBC provisioning rule without directly engaging IdentityNow's Expert Services team. We do not recommend this approach if you do not have the correct technical resources on hand with at least an intermediate level knowledge of Java.

 

Prerequisites

  1. A functional JDBC source that is aggregating accounts into IdentityNow successfully.
  2. A JDBC Driver jar attached to the Source Config. (see Required JDBC Driver JAR Files)
  3. Eclipse or another IDE able to import Maven projects.
  4. The 'identityiq.jar' to import into your IDE. (Attached at the bottom).
  5. Intermediate knowledge of Java.
  6. Understanding of Account and Attribute requests within an IdentityNow provisioning plan.

 

Elements of the project

  1. JDBC Rule Adapter- This is the rule that will still be needed to be uploaded to your org by Expert Services or Professional Services. Essentially, this rule calls a 'provision' method in an attached jar and all the logic is built there. Getting passed into the method is the application, the connection to the database, the plan, and an *optional* log file. An example is attached below.
  2. Primary Java class- This is the main class that we will be using in our example. This is essentially the tunneling and logic portion of the code. It is the home of the 'provision' method, receives the account and attribute requests and directs the request to the appropriate calls in the auxiliary class in the project. (In the attached project, this is TestDemo.java)
  3. Auxiliary Java class- This is the class that executes stored procedures or (in this projects case) prepared statements to the target source and contains the methods that are called from the Primary Java class. In this project, it is called database.java

 

Building a project structure

Within Eclipse, or any other IDE, your file structure should be as follows:

 

Project Structure

 

Make sure that you have imported the 'identityiq.jar' and you can see it in your Maven dependencies.

 

Elements of the Primary Java class

This is the foundation that handles our project. Every request initially comes here and then calls other methods.

 

  1. Provision Method- This breaks down the request and calls the appropriate method for the operation:
    Provision Method
  2. Operation methods- These exist for every operation (Create, Modify, Enable, Disable).
    Create Method
  3. Now that a request has come in and we have defined it's type, we need to call the Auxiliary Java class in our project.

 

Elements of the Auxiliary Java class

  1. Static Final strings- We create both public and private final strings in order to streamline interacting with the database. This may include the query string and/or constants in the project.

    Constants
  2. Working methods- These are the working methods in the class. We have received the request, determined where it should go, and now need to execute it. Notice that it's simply a prepared statement that calls a final string

    Create Worker Method

Clean Compile Package

The next step is to compile your Maven package. Upload the jar that is created to the source config.

Upload screen

 

Final Notes:

JDBC Rules can be very complicated depending on the source you are trying to connect to. We STRONGLY recommend that if you have any questions, bring them up to the Expert Services team for assistance.

Labels (1)
Labels:
Attachments
identityiq.jar
JDBC Rule Adapter.xml.zip
TestDemo.zip
Comments
mohanas
‎Mar 04, 2021 10:13 AM
‎Mar 04, 2021 10:13 AM

Thanks @cassidiopia@manoj_caisucar .

I am now seeing a weird error, the user account's status is getting disabled in DB via the custom code that I have written as part of JDBC provisioning rule.

However the account status in IdentityNow is not getting changed to Disabled. In the event log search, I am getting below error 

"Invalid object name 'account'."
 
Any idea what might be the cause. This was working fine till sometime back.
manoj_caisucar
‎Mar 05, 2021 06:34 AM
‎Mar 05, 2021 06:34 AM

How are you handling the  IIQDisabled attribute a part of aggregation.

Also can you check the schema type and the one which you are handling in the code if they are matching.

nehab
‎May 06, 2021 05:54 AM
‎May 06, 2021 05:54 AM

Hi @mohanas ,

Were you able to figure out issue for "invalid object name" error? I am also facing the same.

mohanas
‎May 06, 2021 06:03 AM
‎May 06, 2021 06:03 AM

I was getting this error because of code issue. I had to put System.out.println("") to identify the root cause.

Probably you can try to do the same to see if it is code issue. Hope this helps.

Amber_Campbell
‎May 11, 2022 03:06 PM
‎May 11, 2022 03:06 PM

@mohanas + @nehab 

Hey I am having the same error, but it's only occurring in our production environment and I do not know where to start to troubleshoot it (other than comparing environments). Where in your code did you find the problem?

akremer
‎May 26, 2022 11:21 AM
‎May 26, 2022 11:21 AM

@cassidiopia @manoj_caisucar 

I have used this statement as well in my code and I do not see any logs in my ccg.log. What kind of log the customJDBClog is referring to?

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
Log _log = LogFactory.getLog("customJDBCLog");

mohanas
‎May 27, 2022 12:32 AM
‎May 27, 2022 12:32 AM

@Amber_Campbell I was trying to get the Identity object using getIdentity method which was throwing null pointer exception. In your case it might be for something else. Try adding System.out.println statements to see where the code is getting errored out. 

tovarr1
‎Oct 21, 2022 11:55 AM
‎Oct 21, 2022 11:55 AM

Hi SailPoint Team:

The Prerequisites list (bullet 2) mentions that we need a JDBC driver JAR, and the image in the "Clean Compile Package" section shows only one ojdbc6.jar file.


In our case, our project requires 3 related libraries to connect to MongoDB databases:

  • bson-4.7.2.jar
  • mongodb-driver-core-4.7.2.jar
  • mongodb-driver-sync-4.7.2.jar.


Is it possible to upload our main JAR file and these other three libraries, or is the system limited to only one JDBC driver JAR file per source? I ask this because the "Required JDBC Driver JAR Files" document mentions drivers with a single JAR file for each database type.

Thank you for your help.

Michael_Tai
‎Apr 04, 2023 10:58 PM
‎Apr 04, 2023 10:58 PM

Recently we got one strange thing, we had tried to modify the jar by adding some logs in that java file, however there is no related logs printed, even we changed the jar name we deployed and we also modify some decriptions in the source and restart the ccg, it still failed.

It seems that SailPoint is always picking the orignial jar we deployed. It is some bugs related.

Is there any advices on this? @cassidiopia 


leenaraj
‎Apr 12, 2023 04:02 AM
‎Apr 12, 2023 04:02 AM

@Michael_Tai I am facing the similar issue, were you able to get it working?

Version history
Revision #:
2 of 2
Last update:
‎Sep 04, 2024 04:29 PM
Updated by:
SailPoint Employee
 
View Article History
Contributors