Is there any integration/steps documentation available for AEM integration with SailPoint user certification?
Solved! Go to Solution.
Views
Replies
Total Likes
hello Mahmood ,
The integration itself is relatively simple: the integration consists of an IntegrationConfig object as well as a plan initializer rule. Tickets can be initiated through any SailPoint provisioning action such as an access review revocation, access request, or role assignment. The integration converts a standard SailPoint provisioning plan into a SOAP message that is sent over to an endpoint within ServiceNow, which generates a ticket. When the ticket is generated, ServiceNow returns the ticket number to SailPoint, which stores the ticket number. SailPoint then periodically polls ServiceNow requesting the status of the open ticket and returning the ticket status to SailPoint.
Configuring the integration between ServiceNow and SailPoint consisted of the following steps:
1. Add the following JAVA options to the application server hosting SailPoint IdentityIQ:
1 | <span style="line-height: 1.3em;">--Djavax.xml.soap.SOAPConnectionFactory=org.apache.axis2.saaj.SOAPConnectionFactoryImpl</span> |
1 | --Djavax.xml.soap.MessageFactory=org.apache.axis2.saaj.MessageFactoryImpl |
1 2 3 | <span style="line-height: 1.3em;">--Djavax.xml.soap.SOAPFactory=org.apache.axis2.saaj.SOAPFactoryImpl </span> |
2. Verify the ServiceNow instance is operating and available to the SailPoint server. From the SailPoint server, navigate to the address below. The WSDL of the ServiceNow endpoint should be returned.
1 2 3 | <span style="line-height: 1.3em;">https://<ServiceNowHost>/incident.do?WSDL </span> |
3. Create the IntegrationConfig object within SailPoint. The default configuration for the Integration config object can be found in %IIQ_HOME%/WEB-INF/config/sampleServiceNowIntegration.xml. This file must be customized to work for the specific ServiceNow environment. Some of the fields that must be modified are below. This specifies how SailPoint is to communicate with ServiceNow.
1 |
1 | <entry key="username” value=”admin”/> |
1 | <entry key="password” value=”admin”/> |
4. For any SailPoint applications that should be provisioned using the ServiceNow integration, create a ManagedResource reference in the ServiceNowIntegrationConfig.
1 | <span style="line-height: 1.3em;"><ManagedResources></span> |
1 | <span style="line-height: 1.3em;"> <ManagedResource></span> |
1 | <span style="line-height: 1.3em;"> <ApplicationRef></span> |
1 | <span style="line-height: 1.3em;"> <Reference class="sailpoint.object.Application" id="" name="Application 1"/></span> |
1 | <span style="line-height: 1.3em;"> </ApplicationRef></span> |
1 | <span style="line-height: 1.3em;"> </ManagedResource></span> |
1 | <span style="line-height: 1.3em;"> <ManagedResource></span> |
1 | <span style="line-height: 1.3em;"> <ApplicationRef></span> |
1 | <span style="line-height: 1.3em;"> <Reference class="sailpoint.object.Application" id="" name="Application 2"/></span> |
1 | <span style="line-height: 1.3em;"> </ApplicationRef></span> |
1 | <span style="line-height: 1.3em;"> </ManagedResource></span> |
1 | <span style="line-height: 1.3em;"> </ManagedResources></span> |
1 2 3 | <span style="line-height: 1.3em;"></IntegrationConfig> </span> |
5. Create a plan initializer rule. The OOB integration does not deal with XML reserved characters in application or entitlement names and will throw errors if not accounted for. We included the plan initializer rule to convert these characters into a character string that would be acceptable to SailPoint. For instance, an application name that was “Payroll & Accounting” would throw errors because of an ampersand (&). The plan initializer rule changed the application name to “Payroll & Accounting”. The rule is referenced in the ServiceNowIntegrationConfig with the following tag:
1 | <span style="line-height: 1.3em;"><PlanInitializer></span> |
1 | <span style="line-height: 1.3em;"> <Reference class="sailpoint.object.Rule" id="" name="ServiceNowIntegrationRule"/></span> |
1 | <span style="line-height: 1.3em;"> </PlanInitializer></span> |
1 | <span style="line-height: 1.3em;">The rule that was used is as follows:</span> |
1 | <span style="line-height: 1.3em;"> import java.util.ArrayList;</span> |
1 | <span style="line-height: 1.3em;"> import java.util.List;</span> |
1 | <span style="line-height: 1.3em;"> import sailpoint.object.Identity;</span> |
1 |
1 | <span style="line-height: 1.3em;"> private String escapeXml(s){</span> |
1 | <span style="line-height: 1.3em;"> String str = s;</span> |
1 | <span style="line-height: 1.3em;"> if (str!=null)</span> |
1 | <span style="line-height: 1.3em;"> {</span> |
1 | <span style="line-height: 1.3em;"> System.out.println("escapeXML start: "+str);</span> |
1 | <span style="line-height: 1.3em;"> str = str.replace("&","&amp;");</span> |
1 | <span style="line-height: 1.3em;"> str = str.replace(">","&gt;");</span> |
1 | <span style="line-height: 1.3em;"> str = str.replace("<","&lt;");</span> |
1 | <span style="line-height: 1.3em;"> str = str.replace("\"","&quot;");</span> |
1 | <span style="line-height: 1.3em;"> str = str.replace("'","&apos;");</span> |
1 | <span style="line-height: 1.3em;"> System.out.println("escapeXML end: "+str);</span> |
1 | <span style="line-height: 1.3em;"> }</span> |
1 | <span style="line-height: 1.3em;"> return str;</span> |
1 | <span style="line-height: 1.3em;"> }</span> |
1 | <span style="line-height: 1.3em;"> </span><span style="line-height: 1.3em;"> Map map = (Map)plan.getIntegrationData();</span> |
1 | <span style="line-height: 1.3em;"> map.put("identityName", escapeXml(identity.getName()));</span> |
1 | <span style="line-height: 1.3em;"> if (identity.getFirstname() != null) {</span> |
1 | <span style="line-height: 1.3em;"> map.put("identityFirstname", escapeXml(identity.getFirstname()));</span> |
1 | <span style="line-height: 1.3em;"> }</span> |
1 | <span style="line-height: 1.3em;"> if (identity.getLastname() != null) {</span> |
1 | <span style="line-height: 1.3em;"> map.put("identityLastname", escapeXml(identity.getLastname()));</span> |
1 | <span style="line-height: 1.3em;"> }</span> |
1 | <span style="line-height: 1.3em;"> List requesters = new ArrayList();</span> |
1 | <span style="line-height: 1.3em;"> List planRequesters = plan.getRequesters();</span> |
1 | <span style="line-height: 1.3em;"> if (planRequesters != null) {</span> |
1 | <span style="line-height: 1.3em;"> for (int i = 0 ; i < planRequesters.size() ; i++) {</span> |
1 | <span style="line-height: 1.3em;"> Identity req = (Identity)planRequesters.get(i);</span> |
1 | <span style="line-height: 1.3em;"> requesters.add(escapeXml(req.getDisplayableName()));</span> |
1 | <span style="line-height: 1.3em;"> }</span> |
1 | <span style="line-height: 1.3em;"> } else</span> |
1 | <span style="line-height: 1.3em;"> requesters.add("IIQRequestor");</span> |
1 | <span style="line-height: 1.3em;"> map.put("requesters", requesters);</span> |
1 | <span style="line-height: 1.3em;"> map.put("sourceId", escapeXml(plan.getSourceId()));</span> |
1 | <span style="line-height: 1.3em;"> map.put("sourceName", escapeXml(plan.getSourceName()));</span> |
1 2 3 | <span style="line-height: 1.3em;"> map.put("sourceType", escapeXml(plan.getSourceType())); </span> |
6. Test the integration with either an access request, role assignment, or access review revocation.
Once the integration is working and creating tickets in ServiceNow, the SOAP message for provisioning can be modified. The out-of-the-box integration relies mostly on static values for assignment group, and priority levels. These can be customized as needed within the IntegrationConfig.
1 | <span style="line-height: 1.3em;"><assignment_group>Service Desk</assignment_group></span> |
1 | <span style="line-height: 1.3em;"><category>request</category> </span> |
1 | <span style="line-height: 1.3em;"><contact_type>email</contact_type></span> |
1 | <span style="line-height: 1.3em;"><impact>3</impact></span> |
1 | <span style="line-height: 1.3em;"><incident_state>1</incident_state></span> |
1 | <span style="line-height: 1.3em;"><caller_id>$provisioningPlan.integrationData.requester</caller_id></span> |
1 | <span style="line-height: 1.3em;"><opened_by>$config.username</opened_by></span> |
1 | <span style="line-height: 1.3em;"><urgency>3</urgency></span> |
1 | <span style="line-height: 1.3em;"><short_description>IdentityIQ provisioning request for: $provisioningPlan.integrationData.identityName $!</span> |
1 2 3 | <span style="line-height: 1.3em;">provisioningPlan.integrationData.identityRequestId</short_description> </span><span style="line-height: 1.3em; color: #333333; font-family: Tahoma, Helvetica, Arial, sans-serif; font-size: 12px;"> </span> |
Overall, the integration was relatively easy to setup, though it required a little customization to get it to function the way the customer wanted. The integration is not without its faults. While it returns back a ticket number, it lacks the true bidirectional communication the SailPoint direct connectors support. Also, comments and notes added to the ServiceNow ticket that is created do not flow back into SailPoint. SailPoint only tracks the status of the ticket.
Views
Replies
Total Likes
What exactly do you like to achieve?
You can achieve the workflow related tasks in AEM by using OOTB workflows or create a custom workflow:- Adobe Experience Manager Help | Creating custom AEM workflow steps that send email messages
Views
Replies
Total Likes
hai mahamood.
yes there is there documentation available for AEM integration with SailPoint user certification. you learn sailpoint here
Views
Replies
Total Likes
hello Mahmood ,
The integration itself is relatively simple: the integration consists of an IntegrationConfig object as well as a plan initializer rule. Tickets can be initiated through any SailPoint provisioning action such as an access review revocation, access request, or role assignment. The integration converts a standard SailPoint provisioning plan into a SOAP message that is sent over to an endpoint within ServiceNow, which generates a ticket. When the ticket is generated, ServiceNow returns the ticket number to SailPoint, which stores the ticket number. SailPoint then periodically polls ServiceNow requesting the status of the open ticket and returning the ticket status to SailPoint.
Configuring the integration between ServiceNow and SailPoint consisted of the following steps:
1. Add the following JAVA options to the application server hosting SailPoint IdentityIQ:
1 | <span style="line-height: 1.3em;">--Djavax.xml.soap.SOAPConnectionFactory=org.apache.axis2.saaj.SOAPConnectionFactoryImpl</span> |
1 | --Djavax.xml.soap.MessageFactory=org.apache.axis2.saaj.MessageFactoryImpl |
1 2 3 | <span style="line-height: 1.3em;">--Djavax.xml.soap.SOAPFactory=org.apache.axis2.saaj.SOAPFactoryImpl </span> |
2. Verify the ServiceNow instance is operating and available to the SailPoint server. From the SailPoint server, navigate to the address below. The WSDL of the ServiceNow endpoint should be returned.
1 2 3 | <span style="line-height: 1.3em;">https://<ServiceNowHost>/incident.do?WSDL </span> |
3. Create the IntegrationConfig object within SailPoint. The default configuration for the Integration config object can be found in %IIQ_HOME%/WEB-INF/config/sampleServiceNowIntegration.xml. This file must be customized to work for the specific ServiceNow environment. Some of the fields that must be modified are below. This specifies how SailPoint is to communicate with ServiceNow.
1 |
1 | <entry key="username” value=”admin”/> |
1 | <entry key="password” value=”admin”/> |
4. For any SailPoint applications that should be provisioned using the ServiceNow integration, create a ManagedResource reference in the ServiceNowIntegrationConfig.
1 | <span style="line-height: 1.3em;"><ManagedResources></span> |
1 | <span style="line-height: 1.3em;"> <ManagedResource></span> |
1 | <span style="line-height: 1.3em;"> <ApplicationRef></span> |
1 | <span style="line-height: 1.3em;"> <Reference class="sailpoint.object.Application" id="" name="Application 1"/></span> |
1 | <span style="line-height: 1.3em;"> </ApplicationRef></span> |
1 | <span style="line-height: 1.3em;"> </ManagedResource></span> |
1 | <span style="line-height: 1.3em;"> <ManagedResource></span> |
1 | <span style="line-height: 1.3em;"> <ApplicationRef></span> |
1 | <span style="line-height: 1.3em;"> <Reference class="sailpoint.object.Application" id="" name="Application 2"/></span> |
1 | <span style="line-height: 1.3em;"> </ApplicationRef></span> |
1 | <span style="line-height: 1.3em;"> </ManagedResource></span> |
1 | <span style="line-height: 1.3em;"> </ManagedResources></span> |
1 2 3 | <span style="line-height: 1.3em;"></IntegrationConfig> </span> |
5. Create a plan initializer rule. The OOB integration does not deal with XML reserved characters in application or entitlement names and will throw errors if not accounted for. We included the plan initializer rule to convert these characters into a character string that would be acceptable to SailPoint. For instance, an application name that was “Payroll & Accounting” would throw errors because of an ampersand (&). The plan initializer rule changed the application name to “Payroll & Accounting”. The rule is referenced in the ServiceNowIntegrationConfig with the following tag:
1 | <span style="line-height: 1.3em;"><PlanInitializer></span> |
1 | <span style="line-height: 1.3em;"> <Reference class="sailpoint.object.Rule" id="" name="ServiceNowIntegrationRule"/></span> |
1 | <span style="line-height: 1.3em;"> </PlanInitializer></span> |
1 | <span style="line-height: 1.3em;">The rule that was used is as follows:</span> |
1 | <span style="line-height: 1.3em;"> import java.util.ArrayList;</span> |
1 | <span style="line-height: 1.3em;"> import java.util.List;</span> |
1 | <span style="line-height: 1.3em;"> import sailpoint.object.Identity;</span> |
1 |
1 | <span style="line-height: 1.3em;"> private String escapeXml(s){</span> |
1 | <span style="line-height: 1.3em;"> String str = s;</span> |
1 | <span style="line-height: 1.3em;"> if (str!=null)</span> |
1 | <span style="line-height: 1.3em;"> {</span> |
1 | <span style="line-height: 1.3em;"> System.out.println("escapeXML start: "+str);</span> |
1 | <span style="line-height: 1.3em;"> str = str.replace("&","&amp;");</span> |
1 | <span style="line-height: 1.3em;"> str = str.replace(">","&gt;");</span> |
1 | <span style="line-height: 1.3em;"> str = str.replace("<","&lt;");</span> |
1 | <span style="line-height: 1.3em;"> str = str.replace("\"","&quot;");</span> |
1 | <span style="line-height: 1.3em;"> str = str.replace("'","&apos;");</span> |
1 | <span style="line-height: 1.3em;"> System.out.println("escapeXML end: "+str);</span> |
1 | <span style="line-height: 1.3em;"> }</span> |
1 | <span style="line-height: 1.3em;"> return str;</span> |
1 | <span style="line-height: 1.3em;"> }</span> |
1 | <span style="line-height: 1.3em;"> </span><span style="line-height: 1.3em;"> Map map = (Map)plan.getIntegrationData();</span> |
1 | <span style="line-height: 1.3em;"> map.put("identityName", escapeXml(identity.getName()));</span> |
1 | <span style="line-height: 1.3em;"> if (identity.getFirstname() != null) {</span> |
1 | <span style="line-height: 1.3em;"> map.put("identityFirstname", escapeXml(identity.getFirstname()));</span> |
1 | <span style="line-height: 1.3em;"> }</span> |
1 | <span style="line-height: 1.3em;"> if (identity.getLastname() != null) {</span> |
1 | <span style="line-height: 1.3em;"> map.put("identityLastname", escapeXml(identity.getLastname()));</span> |
1 | <span style="line-height: 1.3em;"> }</span> |
1 | <span style="line-height: 1.3em;"> List requesters = new ArrayList();</span> |
1 | <span style="line-height: 1.3em;"> List planRequesters = plan.getRequesters();</span> |
1 | <span style="line-height: 1.3em;"> if (planRequesters != null) {</span> |
1 | <span style="line-height: 1.3em;"> for (int i = 0 ; i < planRequesters.size() ; i++) {</span> |
1 | <span style="line-height: 1.3em;"> Identity req = (Identity)planRequesters.get(i);</span> |
1 | <span style="line-height: 1.3em;"> requesters.add(escapeXml(req.getDisplayableName()));</span> |
1 | <span style="line-height: 1.3em;"> }</span> |
1 | <span style="line-height: 1.3em;"> } else</span> |
1 | <span style="line-height: 1.3em;"> requesters.add("IIQRequestor");</span> |
1 | <span style="line-height: 1.3em;"> map.put("requesters", requesters);</span> |
1 | <span style="line-height: 1.3em;"> map.put("sourceId", escapeXml(plan.getSourceId()));</span> |
1 | <span style="line-height: 1.3em;"> map.put("sourceName", escapeXml(plan.getSourceName()));</span> |
1 2 3 | <span style="line-height: 1.3em;"> map.put("sourceType", escapeXml(plan.getSourceType())); </span> |
6. Test the integration with either an access request, role assignment, or access review revocation.
Once the integration is working and creating tickets in ServiceNow, the SOAP message for provisioning can be modified. The out-of-the-box integration relies mostly on static values for assignment group, and priority levels. These can be customized as needed within the IntegrationConfig.
1 | <span style="line-height: 1.3em;"><assignment_group>Service Desk</assignment_group></span> |
1 | <span style="line-height: 1.3em;"><category>request</category> </span> |
1 | <span style="line-height: 1.3em;"><contact_type>email</contact_type></span> |
1 | <span style="line-height: 1.3em;"><impact>3</impact></span> |
1 | <span style="line-height: 1.3em;"><incident_state>1</incident_state></span> |
1 | <span style="line-height: 1.3em;"><caller_id>$provisioningPlan.integrationData.requester</caller_id></span> |
1 | <span style="line-height: 1.3em;"><opened_by>$config.username</opened_by></span> |
1 | <span style="line-height: 1.3em;"><urgency>3</urgency></span> |
1 | <span style="line-height: 1.3em;"><short_description>IdentityIQ provisioning request for: $provisioningPlan.integrationData.identityName $!</span> |
1 2 3 | <span style="line-height: 1.3em;">provisioningPlan.integrationData.identityRequestId</short_description> </span><span style="line-height: 1.3em; color: #333333; font-family: Tahoma, Helvetica, Arial, sans-serif; font-size: 12px;"> </span> |
Overall, the integration was relatively easy to setup, though it required a little customization to get it to function the way the customer wanted. The integration is not without its faults. While it returns back a ticket number, it lacks the true bidirectional communication the SailPoint direct connectors support. Also, comments and notes added to the ServiceNow ticket that is created do not flow back into SailPoint. SailPoint only tracks the status of the ticket.
Views
Replies
Total Likes
Thanks for the details steps. It helps. I will post more details as we go for actual implementation.
Views
Replies
Total Likes
Certifications in Sailpoint: Access Certification: It means acknowledgment of current users' access. It presents the data in a business-friendly language. It archives the certification history. It has a capability to track reviewer progress & actions.
Views
Replies
Total Likes
Views
Likes
Replies
Views
Like
Replies