Before and After Provisioning Action for AIX Connector
You can configure Before and After provisioning rules to support Before and After actions. Before and After provisioning enable you to carry out any operation before or after a provisioning operation. This document describes the different steps required to perform the same.
Prerequisites
The AIX connector application must be configured in IdentityIQ.
Perform the following procedure to use the Before and After Action functionality for UNIX Connectors:
-
Go to where the UNIX application is configured.
Open the UNIX application's Rules tab. Select the following option as required:
-
Before Provisioning Rule
-
After Provisioning Rule
-
-
Write java code in the Rule Editor section and do the following:
-
Enter a Rule Name and save it.
-
Select the rule name you created earlier by using the Select Rule option.
-
Perform any provisioning task and check if the Before or After provisioning rule is executed.
For example, the following example of java code for an After provisioning action which creates a directory for a user after a Unix account is created:
Note
This is an example of After Provisioning Rule for a Create operation. You can configure a rule for Create, Delete, or Update operations as required. The java code executed in the rule should be modified as needed.Copyimport java.io.IOException;
import java.util.List;
import net.schmizz.sshj.SSHClient;
import net.schmizz.sshj.connection.channel.direct.Session;
import net.schmizz.sshj.connection.channel.direct.Session.Command;
import net.schmizz.sshj.transport.verification.PromiscuousVerifier;
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
// Here I have hard coded host-name, user, password,
// we can take this from Application config
String hostname = "127.0.0.1";
String username = "joe";
String password = "joespass";
int portNumber = 22;
try {
String userId = null;
boolean operationCreate = false;
SSHClient sshjClient = null;
Session session = null;
// Get the request
List accountRequests = plan.getAccountRequests();
if (accountRequests != null) {
for (AccountRequest acctReq : accountRequests) {
// Get the opertion
AccountRequest.Operation op = acctReq.getOperation();
if (op == AccountRequest.Operation.Create) {
userId = acctReq.getNativeIdentity();
operationCreate = true;
}
}
}
if (operationCreate) {
// Create a connection instance
sshjClient = new SSHClient();
sshjClient.addHostKeyVerifier(new PromiscuousVerifier());
sshjClient.connect(hostname, portNumber);
// Authenticate. Here we have used password authentication,
// you can use public key authentication as well.
try {
sshjClient.authPassword(username, password);
} catch(IOException e) {
throw new IOException("Authentication failed.", e);
}
// Create a session
session = sshjClient.startSession();
Command cmd = null;
// To customize implementation,
// you can execute any command/shell script here
if (userId != null) {
String command = "mkdir /tmp/" + userId;
cmd = session.exec(command);
}
if (session != null) {
session.close();
}
// Disconnect the client
if (sshjClient != null) {
sshjClient.disconnect();
}
}
} catch (IOException e) {
e.printStackTrace(System.err);
}
-