Before and After Provisioning Action for Solaris Connector

For the Solaris Connector, you can configure the before and after provisioning rule to support Before/After Actions. In the Before/After provision rule you can carry out any operation before/after the provisioning operation. This document describes the different steps required to perform the same.

Prerequisite

The Solaris Connector application must be configured in IdentityIQ.

Creating the Before and After Provisioning Action

Perform the following procedure to use the Before and After Action functionality for UNIX Connectors:

  1. Go to where the UNIX application is configured.

  2. Open the UNIX application Rules tab, and select the following option as required:

    • Before Provisioning Rule

    • After Provisioning Rule

  3. Write java code in the Rule Editor section. Specify the Rule Name and Save it.

    Select the rule name you saved in the earlier step by using Select Rule option.

    Perform any provisioning tasks and check to see if the before/after provisioning rule gets executed.

    For example, the following is the java code for the After provisioning action that creates the directory for the user after the Unix account is created:

    Copy 
    import java.io.IOException;
    import java.util.List;
    import net.schmizz.sshj.SSHClient;
    import net.schmizz.sshj.connection.channel.direct.Session;
    import net.schmizz.sshj.connection.channel.direct.Session.Command;
    import net.schmizz.sshj.transport.verification.PromiscuousVerifier;
    import sailpoint.object.ProvisioningPlan;
    import sailpoint.object.ProvisioningPlan.AccountRequest;

    // Here I have hard coded host-name, user, password,
    // we can take this from Application config
    String hostname = "127.0.0.1";
    String username = "joe";
    String password = "joespass";
    int portNumber = 22;
    try {
        String userId = null;
        boolean operationCreate = false;
        SSHClient sshjClient = null;
        Session session = null;
        // Get the request
        List accountRequests = plan.getAccountRequests();
        if (accountRequests != null) {
            for (AccountRequest acctReq : accountRequests) {
                // Get the opertion
                AccountRequest.Operation op = acctReq.getOperation();
                if (op == AccountRequest.Operation.Create) {
                    userId = acctReq.getNativeIdentity();
                    operationCreate = true;
                }
            }
        }
        if (operationCreate) {
            // Create a connection instance
            sshjClient = new SSHClient();
            sshjClient.addHostKeyVerifier(new PromiscuousVerifier());
            sshjClient.connect(hostname, portNumber);
            // Authenticate. Here we have used password authentication,
            // you can use public key authentication as well.
            try {
               sshjClient.authPassword(username, password);
            } catch(IOException e) {
                throw new IOException("Authentication failed.", e);
            }
            // Create a session
            session = sshjClient.startSession();
            Command cmd = null;
            // To customize implementation,
            // you can execute any command/shell script here
            if (userId != null) {
                String command = "mkdir /tmp/" + userId;
                cmd = session.exec(command);
            }

           if (session != null) {       
              session.close();
           }
         
          // Disconnect the client
          if (sshjClient != null) {
              sshjClient.disconnect();
          }    
        }
    } catch (IOException e) {
        e.printStackTrace(System.err);
    }

Note
This is an example of After Provisioning Rule for the Create operation. The user can configure the rule for the Create/Delete/Update operation as required. The java code that is executed in the Rule should be modified accordingly.