Before and After Provisioning Rules

You can configure a before and after provisioning rule to support Before and After Actions. In the before or after provisioning rule you can carry out any operation before or after the provisioning operation. This section describes the steps required to configure these rules.

Prerequisite

The Linux Connector application must be configured in IdentityIQ.

Creating Before and After Provisioning Rule

Perform the following procedure to use the before and after rule functionality:

  1. Go to where the UNIX application is configured.

    Open UNIX application's Rules tab. Select either of the following options as required:

    • Before Provisioning Rule

    • After Provisioning Rule

  2. Write the java code in the Rule Editor section. Specify the Rule Name and save it.

  3. Select the rule you created earlier by using Select Rule option.

  4. Perform any provisioning task and check if the before or after provisioning rule you created is executed.

For example, the java code for an after provisioning rule which creates a directory for after a UNIX account is created is as follows:

Copy 
import java.io.IOException;
import java.util.List;
import net.schmizz.sshj.SSHClient;
import net.schmizz.sshj.connection.channel.direct.Session;
import net.schmizz.sshj.connection.channel.direct.Session.Command;
import net.schmizz.sshj.transport.verification.PromiscuousVerifier;
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;

// Here I have hard coded host-name, user, password,
// we can take this from Application config
String hostname = "127.0.0.1";
String username = "joe";
String password = "joespass";
int portNumber = 22;
try {
    String userId = null;
    boolean operationCreate = false;
    SSHClient sshjClient = null;
    Session session = null;
    // Get the request
    List accountRequests = plan.getAccountRequests();
    if (accountRequests != null) {
        for (AccountRequest acctReq : accountRequests) {
            // Get the opertion
            AccountRequest.Operation op = acctReq.getOperation();
            if (op == AccountRequest.Operation.Create) {
                userId = acctReq.getNativeIdentity();
                operationCreate = true;
            }
        }
    }
    if (operationCreate) {
        // Create a connection instance
        sshjClient = new SSHClient();
        sshjClient.addHostKeyVerifier(new PromiscuousVerifier());
        sshjClient.connect(hostname, portNumber);
        // Authenticate. Here we have used password authentication,
        // you can use public key authentication as well.
        try {
           sshjClient.authPassword(username, password);
        } catch(IOException e) {
            throw new IOException("Authentication failed.", e);
        }
        // Create a session
        session = sshjClient.startSession();
        Command cmd = null;
        // To customize implementation,
        // you can execute any command/shell script here
        if (userId != null) {
            String command = "mkdir /tmp/" + userId;
            cmd = session.exec(command);
        }

       if (session != null) {       
          session.close();
       }
     
      // Disconnect the client
      if (sshjClient != null) {
          sshjClient.disconnect();
      }    
    }
} catch (IOException e) {
    e.printStackTrace(System.err);
}

Note
This is an example of an after provisioning rule for a create operation. You can configure a rule for create, delete, or update operations as required. The java code executed in the rule should be modified accordingly.