BMC Remedy Action Request System Integration
SailPoint provides a default Remedy integration configuration. This configuration implements the integration between IdentityIQ and the Remedy Change Management Application to fulfill creation of tickets based on IdentityIQ access certification remediation events.
The default configuration is located in iiq/Home/WEB-INF/config/remedy-integration.xml
directory, where iiq/Home is the location where IdentityIQ was installed.
This section explains the various entries that are specific for this integration. For more information of the entries in the IntegrationConfig
file, see Creating the IntegrationConfig Object.
The integration configuration must include the following entries:
-
endpoint: URL to the web service
-
namespace: namespace of the XML returned by the web service
-
prefix: prefix associated with the namespace
The integration configuration includes the following entries if the web service side of the integration is configured for authentication using the SOAP authentication specifications:
-
username
-
password
-
authentication
-
locale
-
timeZone
-
statusMap
The integration configuration includes the following entries if the http authentication is configured:
-
basicAuthType: if http authentication is configured the value of
basicAuthType
is true. -
httpUserName
-
httpUserPass
User must modify the Remedy integration configuration file with the following entries to create incident in BMC Remedy Action Request System:
-
endpoint
-
responseElement key
-
SOAP envelop and body details
-
status mapping
The web services and authentication entries are consumed by configuration entries for each web service. They can be positioned either within the configuration entries themselves or as children of the Attributes element. Entries that are children of the Attributes element can be thought of as global values, while entries within the configuration entities can be thought of as local.
For example, if both entries share the same authentication credentials, those credentials might be placed in the Attributes element as peers of the configuration entries and the integration code searches the parent entry for the credentials if they are not found in the configuration entries. Conversely, if the configuration entries have different endpoints (are handled by separate web services), each configuration entry specifies the endpoint of the web service to call and any value outside of the configuration entry is ignored.
There are two supported configuration entries for integration with Remedy. These entries are children of the integration Attributes element:
-
getRequestStatus
-
provision
The values of each are Map elements containing key/value pairings of the configuration data. They contain the specific data needed by the getRequestStatus() and provision() methods of the IdentityIQ integration executor and correspond to Remedy Web Service methods.
The getRequestStatus and provision entries contain the following entries:
-
soapMessage (required): full XML template of the entire SOAP envelope that is sent to the web service. The integration code first runs this template through Apache's Velocity template engine to provide the data needed by the web service.
-
responseElement (required): name of the element containing the results of the web service call (for example, the element containing the ticket number opened by the web service in response to the call from IdentityIQ).
-
statusMap (optional, for an example, see Sample getRequestStatus entry)
-
username (optional)
-
password (optional)
-
authentication (optional)
-
locale (optional)
-
timeZone (optional)
-
endpoint (optional)
-
namespace (optional)
-
prefix (optional)
Before a template is sent to the web service, it is processed by the Velocity template engine. The integration code provides different data objects to Velocity for evaluation based on the integration method.
The provision call passes the following objects to Velocity:
-
config: the integration configuration for provision, represented as a Map
-
provisioningPlan: the data model of the provision request
The getRequestStatus call passes the following objects to Velocity:
-
config: the integration configuration for getRequestStatus, represented as a Map
-
requestID: the string ID of the request whose status is being queried
Both calls have access to a timestamp
variable containing a current Date object and a dateFormatter object. The dateFormatter
is built using an optional dateFormat attribute from the config object. If the dateFormat
attribute does not exist, the formatter defaults to the pattern EEE, d MMM yyyy HH:mm:ss z
.
Sample getRequestStatus entry
The entries contained in the Map are the only required entries. Any authentication information required by this integration is inherited from the parent Attributes element.
<entry key="getRequestStatus"> <value>
<Map>
<entry key="responseElement" value="Status"/>
<entry key="soapMessage">
<!-- XML template – DO NOT add line breaks before the CDATA! -->
<value><String><![CDATA[<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
#if ($config.username)
<soapenv:Header>
<ns1:AuthenticationInfo xmlns:ns1="urn:AuthenticationInfo">
<ns1:userName>$config.username</ns1:userName>
<ns1:password>$config.password</ns1:password>
#if ($config.authentication)
<ns1:authorization>$config.authentication</ns1:password>
#end
#if ($config.locale)
<ns1:locale>$config.locale</ns1:password>
#end
#if ($config.timeZone)
<ns1:timeZone>$config.timeZone</ns1:password>
#end
</ns1:AuthenticationInfo>
</soapenv:Header>
#end
<soapenv:Body>
<:Get xmlns:="urn:GetAgreementWebService">
<:Issue_ID>$requestID</:Issue_ID>
</:Get>
</soapenv:Body>
</soapenv:Envelope>
]]>
</value>
</entry>
</Map>
</value>
</entry>
Sample provision entry
This Map contains its own web services information. Any authentication information required by this integration is inherited from the parent Attributes element.
<entry key="provision">
<value>
<Map>
<entry key="endpoint" value="http://my.server.com:8080/path/to/WS"/>
<entry key="namespace" value="urn:openTicketWebService"/>
<entry key="prefix" value="xyz"/>
<entry key="responseElement" value="Issue_ID"/>
<entry key="soapMessage">
<!-- XML template – DO NOT add line breaks before the CDATA! -->
<value><String><![CDATA[<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
#if ($config.username)
<soapenv:Header>
<ns1:AuthenticationInfo xmlns:ns1="urn:AuthenticationInfo">
<ns1:userName>$config.username</ns1:userName>
<ns1:password>$config.password</ns1:password>
#if ($config.authentication)
<ns1:authorization>$config.authentication</ns1:password>
#end
#if ($config.locale)
<ns1:locale>$config.locale</ns1:password>
#end
#if ($config.timeZone)
<ns1:timeZone>$config.timeZone</ns1:password>
#end
</ns1:AuthenticationInfo>
</soapenv:Header>
#end
<soapenv:Body>
<:Get xmlns:="urn:openTicketWebService">
<:Submitter>
#foreach ($req in $provisionPlan.requesters)
$req.name
#end
</:Submitter>
</:SubmitDate>$timestamp</:SubmitDate>
<:Summary>
Remediation request from
</:Summary>
<:Description>
Remove Active Directory for $provisionPlan.identity.fullname
</:Description>
<:Issue_ID>$requestID</:Issue_ID>
</:Get>
</soapenv:Body>
</soapenv:Envelope>
]]>
</value>
</entry>
</Map>
</value>
</entry>
Sample statusMap entry
The noMappingFromWS entries are placeholders as there are no results from the web service corresponding to those IdentityIQ result codes.
<entry key="statusMap">
<value>
<Map>
<entry key="Closed" value="committed" />
<entry key="Rejected" value="failure" />
<entry key="Draft" value="inProcess" />
<entry key="Pending" value="inProcess" />
<entry key="noMappingFromWS" value="retry" />
<entry key="noMappingFromWS" value="warning" />
</Map>
</value>
</entry>