Maqsood Bhatti - iDENTITY

Boost strap your start with identity application REST API: If you want to play out with NetIQ rest API within identity application (IDMProv), you can see a few examples here: these are the rest API protected by Oauth2 Authorization (resource owner password credentials grant): The first step is to obtain token: ( you must have enabled client "rbpm" in the OSPF for the resource owner password credential grant) flow: An example is taken in c#: (postman) Get an access token: var client = new RestClient("https://<your host>/osp/a/idm/auth/oauth2/grant"); client.Timeout = -1; var request = new RestRequest(Method.POST); request.AddHeader("Content-Type", "application/x-www-form-urlencoded"); request.AddHeader("Authorization", "Basic Basic bas64 encoded string clientid<rbpm>:clientsecret>"); request.AddHeader("Content-Type", "application/x-www-form-urlencoded"); req

Suppose  query nodeset: <do-set-local-variable name="local.sub.etp.q.User" scope="policy"> <arg-node-set> <token-query class-name="User" scope="entry"> <arg-match-attr name="CN"> <arg-value type="string"> <token-src-attr class-name="User" name="CN"/> </arg-value> </arg-match-attr> </token-query> </arg-node-set> </do-set-local-variable> Output: <nds dtdversion="3.0"> <source> <product build="20180222_0635" version="1.0.0.2">Identity Manager REST Driver</product> <contact>NetIQ Corporation.</contact> </source> <output> <status event-id="0" level="success" type="driver-general"> <operation-data prop.pub.itp.matac

Suppose query: <do-set-local-variable name="local.sub.ctp.QueryContacts" scope="policy"> <arg-node-set> <token-query class-name="User" scope="entry"> <arg-match-attr name="UPN"> <arg-value type="string"> <token-src-attr class-name="User" name="UPN"/> </arg-value> </arg-match-attr> <arg-match-attr name="contacts"> <arg-value type="string"> <token-text xml:space="preserve">get-contacts</token-text> </arg-value> </arg-match-attr> <arg-match-attr name="userid"> <arg-value type="string"> <token-association/> </arg-value> </arg-match-attr> </token-query> </arg-node-set> </do-set-local-variable> Outpu

How to convert any application-specific JSON  to XDS format for NetIQ REST driver to consume See tip: MessageValueTextToNetIQ <rule> <description>Successfull poll-users command handler actions bases on trigger job;</description> <conditions> <and> <if-operation mode="regex" op="equal">status</if-operation> <if-xpath op="true">./driver-operation-data[@command="custom-IDM-JOB-GET-USERS"]</if-xpath> <if-local-variable mode="nocase" name="StatusValue" op="equal">200</if-local-variable> </and> </conditions> <actions> <do-trace-message> <arg-string> <token-text xml:space="preserve">poll-users completed successfully; </token-text> </arg-string> </do-trace-message> <do-set-local-variable name="StatusValue" sc

Put this policy on output. <rule> <description>Update CostCenter SOAP doc</description> <comment name="author" xml:space="preserve">Maqsood Ali Bhatti</comment> <comment name="version" xml:space="preserve">5</comment> <comment name="lastchanged" xml:space="preserve">Sep 20, 2016</comment> <conditions> <and> <if-operation mode="regex" op="equal">modify</if-operation> <if-op-attr name="customCommand" op="changing" /> <if-op-attr mode="regex" name="customCommand" op="equal">updateCostCenter.*</if-op-attr> </and> </conditions> <actions> <!-- add operaiton data --> <do-for-each> <arg-node-set> <token-op-attr name="customComman

Read Email Attribute from Group: < do-set-local-variable name = "local.sub.etp.MailboxEmail" scope = "policy" > < arg-node-set > < token-src-attr class-name = "Group" name = "EMail Address" > < arg-dn > < token-local-variable name = "loca.sub.etp.Group" /> </ arg-dn > </ token-src-attr > </ arg-node-set > </ do-set-local-variable > This would do following Output: < nds dtdversion = "4.0" ndsversion = "8.x" > < source > < product edition = "Advanced" version = "4.5.6.0" > DirXML </ product > < contact > NetIQ Corporation </ contact > </ source > < output > < instance class-name = "Group" qualified-src-dn = "/N/A" src-dn = "/N/A" src-entry-id = "1