NetIQ REST Driver how get header value of a Query (Http get)?

NetIQ REST driver

IDM 4.7.2 AE


We have very strange API (SAP C4S, Cloud for service) which requires special header "X-CSRF-Token" and value with subsequent Post and Patch operations after http Get.


This special header and its value  is returned with any http "Get" operation to API, 

I am able to do Query http GET from the driver, but how to capture "header" value returned by REST shim in the driver policy?




  • I think Headers are supposed to be returned in the <driver-operation-data> right?  I recall on a SOAP shim I needed the returned headers and the shim did not return it.  But I thought they fixed that in the REST Shim.

    Any trace examples to show it happening?

  • Hello  geoffc


    This is how the trace looks like from shim: Query and Response.

    DirXML: [08/12/19 16:56:35.35]: TRACE: Remote Loader: Received command: SUBSCRIBER EXECUTE(4).
    DirXML: [08/12/19 16:56:35.35]: TRACE: Remote Loader: Calling SubscriptionShim.execute()
    DirXML: [08/12/19 16:56:35.36]: TRACE:
    <product edition="Advanced" version="">DirXML</product>
    <contact>NetIQ Corporation</contact>
    <driver-operation-data class-name="EmployeeCollection" command="query" event-id="0">

    DirXML: [08/12/19 16:56:35.36]: TRACE: C4S-Employee-Dev: sub-execute
    DirXML: [08/12/19 16:56:35.36]: TRACE: C4S-Employee-Dev: queryHandler
    DirXML: [08/12/19 16:56:35.36]: TRACE: C4S-Employee-Dev: queryHandler: class-name == 'EmployeeCollection'
    DirXML: [08/12/19 16:56:35.36]: TRACE: C4S-Employee-Dev: Query: preparing GET to$filter=EmployeeID
    DirXML: [08/12/19 16:56:35.36]: TRACE: C4S-Employee-Dev: Resetting headers
    DirXML: [08/12/19 16:56:35.36]: TRACE: C4S-Employee-Dev: Setting the following HTTP request properties:
    DirXML: [08/12/19 16:56:35.36]: TRACE: C4S-Employee-Dev: content-type:application/json
    DirXML: [08/12/19 16:56:35.36]: TRACE: C4S-Employee-Dev: accept:application/json
    DirXML: [08/12/19 16:56:35.36]: TRACE: C4S-Employee-Dev: X-CSRF-Token:fetch
    DirXML: [08/12/19 16:56:36.62]: TRACE: C4S-Employee-Dev: Did a HTTP GET with 0 bytes of data to$filter=EmployeeID
    DirXML: [08/12/19 16:56:37.96]: TRACE: C4S-Employee-Dev: Response code and message: 200 OK
    DirXML: [08/12/19 16:56:37.96]: TRACE: Remote Loader: SubscriptionShim.execute() returned:
    DirXML: [08/12/19 16:56:37.96]: TRACE:
    <product build="20180222_0635" version="">Identity Manager REST Driver</product>
    <contact>NetIQ Corporation.</contact>
    <status event-id="0" level="success" type="driver-general">
    <driver-operation-data class-name="EmployeeCollection" command="query" dest-dn="" event-id="0">



    Looks like shim strips away the received headers from the responses from API.




  • Well that is not helpful. I wonder if you could do a Java extension to catch those...


  • Do you know can i use SOAP driver without writing java extensions to get htttp headers in the policy?

  • We have recently tried to solve this with Java extension but it seems that REST driver only uses DocumentModifiers-interface and not the other interfaces described in the JavaDoc.
    We expected to use ByteArrayModifiers-interface but it only exists for the SOAP-driver. Any other ideas how to get headers with REST-driver?
  • Hello


    We did not make it work with standard NetIQ REST driver, this is how i have solved.

    The scenario was to get a cookie token  from "header"  from a token endpoint for subsequent http calls by the driver:

    On driver startup i start a JOB on driver

    JOB handler on driver uses  a ECMA Script

    ECMA Script does  http calls to token endpoint and reads the http headers and sets the "value" in the driver scoped variable used by NETIQ rest driver for normal operations.






  • Hi Maqsood,

    It looks like you will need custom extensions for SOAP driver.

    Unlike most other drivers, the SOAP driver synchronizes protocols instead of objects. It synchronizes the SPML 1.0 and DSML 2.0 protocols. The driver contains the following features:

    HTTP transport of data between the Identity Vault and a Web service
    Example configurations for SPML and DSML
    Customization of HTTP Request-Header fields
    By default, a basic authorization request header with an ID and password is provided for the Subscriber channel.
    SSL connections using the HTTPS protocol
    Subscriber HTTP and HTTPS proxy servers
    Definition and selection of multiple Subscriber connections in the policy at runtime
    Potential to act as an HTTP or HTTPS listener for incoming connections on the publisher channel
    Potential extensibility through customized Java code
    For more information, see Section B.0, Using Java Extensions.

  • Interesting way arround...

    Thank you for sharing your solution, Maqsood!