So I was browsing over the Micro Focus/NetIQ forums for a way to make a web service call to IDM 4.5 provisioning service. I found instructions in the documentation at https://www.netiq.com/documentation/identity-manager-developer/rest-api-documentation/agpropartwebservices.html and also a few forums have some interesting ways like https://www.netiq.com/communities/cool-solutions/using-soap-terminate-running-workflow-part-1.

However, for small tasks like fetching requestID etc., I feel writing java code or creating PRD with integration task is rather an overhead. The maintenance of additional PRD and java class is not trivial. So came the thought that if we could leverage ECMAScript under the driver advanced setting and use it simply under the policy by calling the function using xpath and es:Function() and make call. Was this possible. The answer is yes.

To give a brief background about our use case, we had a requirement where we needed to fetch the approval workID. This is so we can generate a link and send it in an email, so the users can login and directly see their form. In the approval step of the PRD, we can use the email notification and use the $TASK_DETAILS$ token to generate such links. But as we found the email notifications sent from the PRD were not reliably sent in our case. So began our work journey into ecmascript for soap calls. The result was that we uncovered a very powerful feature of ECMAScript, which though everyone feels exists, is not very properly documented. Below is the javascript that took shape to satisfy our use case. But as you can see, this can be potentially tweaked to do almost any call to the provisioning web service.

//ECMA script

importPackage(Packages.java.lang);
importPackage(Packages.javax.naming);
importPackage(Packages.com.novell.soa);
importPackage(Packages.javax.xml);

function GetWorkID()
{
var USERNAME = "cn=uaadmin,ou=sa,o=data";
var PASSWORD = "P@ssword01";
var url= "http://192.168.111.128:8180/IDMProv/provisioning/service";
try {
//Get Stub
var ctx = new Packages.javax.naming.InitialContext();
var service = Packages.com.novell.soa.af.impl.soap.ProvisioningService(ctx.lookup("xmlrpc:soap:com.novell.soa.af.impl.soap.ProvisioningService"));
var prov = Packages.com.novell.soa.af.impl.soap.Provisioning(service.getProvisioningPort());
var stub = Packages.com.novell.soa.ws.portable.Stub(prov);
stub._setProperty(Packages.com.novell.soa.ws.portable.Stub.USERNAME_PROPERTY, USERNAME);
stub._setProperty(Packages.com.novell.soa.ws.portable.Stub.PASSWORD_PROPERTY, PASSWORD);
stub._setProperty(Packages.com.novell.soa.ws.portable.Stub.ENDPOINT_ADDRESS_PROPERTY, url);
//Get workitem ID
var logic = Packages.com.novell.soa.af.impl.soap.T_Logic.AND;
var workEntryOrder = Packages.com.novell.soa.af.impl.soap.T_WorkEntryOrder.REQUEST_ID;
var workEntryqueryChoice = [3];
workEntryqueryChoice[0] = new Packages.com.novell.soa.af.impl.soap.T_WorkEntryQueryChoice();
workEntryqueryChoice[0].setRecipient("cn=testu2,ou=users,o=data");
workEntryqueryChoice[1] = new Packages.com.novell.soa.af.impl.soap.T_WorkEntryQueryChoice();
workEntryqueryChoice[1].setAddressee("cn=testuser4,ou=users,o=data");
workEntryqueryChoice[2] = new Packages.com.novell.soa.af.impl.soap.T_WorkEntryQueryChoice();
workEntryqueryChoice[2].setProcessId("CN=TestApprovalWorkflowAJ,CN=RequestDefs,CN=AppConfig,CN=User Application Driver,CN=driverset1,O=system");
var query = new Packages.com.novell.soa.af.impl.soap.T_WorkEntryQuery(logic,workEntryOrder,workEntryqueryChoice);
var WorkEntryArray = Packages.com.novell.soa.af.impl.soap.Provisioning(stub.getWorkEntries(query, 10));
var workEntry = [];
workEntry = WorkEntryArray.getWorkentry();
return workEntry[0].getId();
}
catch (err) {
return "Error is: "   err;
}
}

Our policy simply calls the above ECMAScript using the xpath token es:GetWorkID()

From the results of it, we are extremely happy with this ECMAScript capability and posting this so that it assists any lone wanderer who is thinking about the same things which came to our mind.