24. One Identity API

22 января 2020 г.

10:41

Api Designer

https://support.oneidentity.com/technical-documents/identity-manager/8.1/api-designer-user-and-development-guide

Примеры

QBM\dvd\AddOn\ApiSamples

Включить Debug App server

В web.config

\<add key="debugmode" value="true"/>

#Run script

\$Param1 = "465e6cb3-7a7d-41ec-9690-21963867a256"

\$Param2 = "d6d14a3a-c8fd-46fe-9daf-9a61a8d4180d"

\$Param3 = "True"

\$Param4 = "OK"

\$body1 = @{parameters = @("465e6cb3-7a7d-41ec-9690-21963867a256", "d6d14a3a-c8fd-46fe-9daf-9a61a8d4180d", "True", "OK") } | ConvertTo-Json

\$newURI = (Invoke-RestMethod -Uri "https://t-oneim-4.domain/AppServer/api/script/CCC_MakeDecision" -WebSession \$wsession -Method Put -Body \$body1 -ContentType "application/json; charset=utf-8").uri

Рабочий вариант (надо указывать все 5 параметров было!)

\$authdata = @{AuthString = "Module=DialogUser;User=[REDACTED_USER];Password=" }

\$authJson = ConvertTo-Json \$authdata -Depth 2

# Login (important, pass the NAME for your session variable in -SessionVariable)

Invoke-RestMethod -Uri "https://t-oneim-4.domain/AppServer/auth/apphost" -Body \$authJson.ToString() -Method Post -UseDefaultCredentials -Headers @{Accept = "application/json" } -SessionVariable wsession

\$body1 = @{parameters = @("d6d14a3a-c8fd-46fe-9daf-9a61a8d4180d", "True", "OK","","") } | ConvertTo-Json

\$newURI = (Invoke-RestMethod -Uri "https://t-oneim-4.domain/AppServer/api/entity/PersonWantsOrg/465e6cb3-7a7d-41ec-9690-21963867a256/method/MakeDecision" -WebSession \$wsession -Method Put -Body \$body1 -ContentType "application/json; charset=utf-8").uri

So the JSON body needs to look like this: "parameters" Object properties General Methods Permissions Change labels Export - Method MakeDecision(String uidPerson, Boolean decision, String v — Parameters uidPerson (System. String) decision (System. Boolean) reason (System. String) (uidJustification (System.String)l (sublevel (System. Int32)l Execute

https://www.oneidentity.com/community/identity-manager/f/forum/30736/personwantsorg-method-makedecision-was-not-found

Вызов метода из скрипта

Postman

https://academy.terrasoft.ru/documents/technic-sdk/7-15/vyzov-servisa-s-pomoshchyu-postman

Не запускается скрипт, через api

  1. Create a new program function ‘Enable script execution’ in Designer.

  2. Assign the script to the program function.

  3. Create a new permission group and assign the group to the newly created program function.

  4. Assign user to the new permission group.

  5. Compile the database.

  6. Execute the script via Identity Manager REST API.

From \<https://support.oneidentity.com/identity-manager/kb/226961/error-you-are-not-allowed-to-run-this-method-when-executing-script-over-identity-manager-rest-api>

Navigation Permissions System user Permissions groups Disabled permissionsgroups 3} tables u"pgram Getting Started One Identity Manager Schema Permissions Process Orchestration Script Library user Interface Mail Templates Documentation Base Data Favorites Designer - viadmin@NL-SD-IDMD801 AO.NLMQOneIM (Main Database) Qatabase Object filter Yiew Help Next • Search Common_StaftScripts a Commit to database CCC Test DefMail ail O Program functions Common_SqIWizardWeb I E script - Common StartCustomizerMethods Common_StartScripts Common TimeTrace Common_TriggerEvents Datalmport_CreateScript Designer_SQLEditor JobQueue_DeIete JobQueue_LogMode JobQueue_Monitor JobQueue_Prionty JobQueue_ShowHiddenParameters JobQueue_StartAt Objectarowser_SQLEditor QER_cancelPwo Soapservice_updatelmmediately SynchronizationEditor_Object8rowser SynchronizationEditor_StartDataStoreMai. SynchronizationEditor_SyncSimuIation SynchronizationEditor_SyncStart Transport_Export Transport_lmport Transport _ Snapshot Transport _ SQL Enable script execution Description Allow use of SQL wizard i.. Allow stating of arbitrar.. Allow the starting of arbi. Option to show the Time... Allow to trigger any even.. Import scripts can be add. Option to call the SQL ed. Option to selectively dele... Option to selectively set t. Option to monitor the Jo.. Option to selectively incr. Option to see the values Option to selectively mo. Option to call the SQL ed. Permission to abort any a.. Allow immediate update Option to use the build i.. Option for manually start.. Option for manually start.. Option for manually start.. Allows transport packag.. Allows transport packag.. Enables Snapshot transp.. Enables integration of S... Description Script Script CCC Test CCC Test CCC Test CCC Test CCC Test Convert _ Delete_DbObject Get JID from Name _ Insert_DbObject mail address CCC TEST SAP o CCC Test UD ADscontainer Properties Permissions group Object event I e Task Scril

You are right that, at least for version 7.0.x, your authenticated user (depending on the authenticator) needs to have the mentioned program function assigned. (Short Name Common_StartScript).

What's new in 7.1 in regards to the scripts, ist that the REST API will block the execution of script if you script does not have a program function assigned, for security reasons. The authenticated user must be entitled to use the same program function.

This is an addition to the requirements, that the authenticated user must be entitled to use the program function "Allow the starting of arbitrary scripts from the frontend" in order to execute a script in general.

Note: To keep things simple, this program function is allowed to be the Common_StartScript program function.

As a reminder and for completeness, two links around the program functions.

How to check which program functions are available to the current user?

http://documents.software.dell.com/identity-manager/7.1.1/user-guide-for-the-user-interface-and-default-functions/error-search/which-program-functions-are-available-to-the-current-user

How to assign the program functions?

http://documents.software.dell.com/identity-manager/7.1.1/configuration-guide/granting-one-identity-manager-schema-permissions/availability-of-certain-functionality

From \<https://www.oneidentity.com/community/identity-manager/f/forum/21567/calling-scripts-via-application-server-restful-api-using-common_startscripts-permission-not-working>

!!!!!

https://coderoad.ru/911859/WCF-REST-%D0%BF%D0%BE%D1%81%D1%82-XML-%D1%83%D0%B4%D0%B0%D0%BB%D0%B5%D0%BD%D0%BD%D1%8B%D0%B9-%D1%81%D0%B5%D1%80%D0%B2%D0%B5%D1%80-%D0%B2%D0%BE%D0%B7%D0%B2%D1%80%D0%B0%D1%82%D0%B8%D0%BB-%D0%BE%D1%88%D0%B8%D0%B1%D0%BA%D1%83-400-%D0%BD%D0%B5%D0%B4%D0%BE%D0%BF%D1%83%D1%81%D1%82%D0%B8%D0%BC%D1%8B%D0%B9-%D0%B7%D0%B0%D0%BF%D1%80%D0%BE%D1%81