sma2006 Outstanding Contributor.
Outstanding Contributor.
909 views

Begining with REST driver


Hello,

I'm just starting my REST driver to make call to a cloud service.

This is my first time with REST driver subscriber channel (I already ran
a REST driver as REST endpoint on edir) and I'm a bit confused with the
documentation.

1) The driver starts properly and there is no error message but I don't
know if the driver try to connect right at the startup ?

2) Then when I make a change on a user I get this error message :

[06/23/16 13:21:42.468]:Saba Rest Driver ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<driver-operation-data class-name="User" command="query"
event-id="0">
<request>
<url-token
filter="?search-attr=CN+eq+%27JOHNDOE%27&read-attr="/>
<header content-type="application/json"/>

<value>{"scope":"subtree","event-id":"0","class-name":"User","search-class":["User"],"search-attr":[{"CN":"JOHNDOE"}],"read-attr":[""]}</value>
</request>
</driver-operation-data>
</input>
</nds>
[06/23/16 13:21:42.468]:Saba Rest Driver ST: Saba Rest Driver:
sub-execute
[06/23/16 13:21:42.468]:Saba Rest Driver ST: Saba Rest Driver:
queryHandler
[06/23/16 13:21:42.468]:Saba Rest Driver ST: Saba Rest Driver:
queryHandler: class-name == 'User'
[06/23/16 13:21:42.468]:Saba Rest Driver ST:
SubscriptionShim.execute() returned:
[06/23/16 13:21:42.484]:Saba Rest Driver ST:
<nds dtdversion="3.0">
<source>
<product build="20150722_0750" version="1.0.0.0">Identity Manager
REST Driver</product>
<contact>NetIQ Corporation.</contact>
</source>
<output>
<status event-id="0" level="error" type="driver-general">Exception:
Resource could not be found for class-name User.Make sure the class-name
supplied to the driver exactly matches the schema name in the driver
parameter.</status>
</output>
</nds>
[06/23/16 13:21:42.484]:Saba Rest Driver ST: Applying input
transformation policies.

I guess I must set a kind of mapping table to configure the REST schema,
but I don't know where ?

Any help ?

thanks

Sylvain


--
sma
------------------------------------------------------------------------
sma's Profile: https://forums.netiq.com/member.php?userid=174
View this thread: https://forums.netiq.com/showthread.php?t=56096

Labels (1)
0 Likes
10 Replies
Knowledge Partner
Knowledge Partner

Re: Begining with REST driver

sma wrote:

>
> Hello,
>
> I'm just starting my REST driver to make call to a cloud service.
>
> This is my first time with REST driver subscriber channel (I already
> ran a REST driver as REST endpoint on edir) and I'm a bit confused
> with the documentation.
>
> 1) The driver starts properly and there is no error message but I
> don't know if the driver try to connect right at the startup ?
>
> 2) Then when I make a change on a user I get this error message :
>
> [06/23/16 13:21:42.468]:Saba Rest Driver ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.5.3.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <driver-operation-data class-name="User" command="query"
> event-id="0">
> <request>
> <url-token
> filter="?search-attr=CN+eq+%27JOHNDOE%27&read-attr="/>
> <header content-type="application/json"/>
>
> <value>{"scope":"subtree","event-id":"0","class-name":"User","search-c
> lass":["User"],"search-attr":[{"CN":"JOHNDOE"}],"read-attr":[""]}</val
> ue> </request> </driver-operation-data>
> </input>
> </nds>
> [06/23/16 13:21:42.468]:Saba Rest Driver ST: Saba Rest Driver:
> sub-execute
> [06/23/16 13:21:42.468]:Saba Rest Driver ST: Saba Rest Driver:
> queryHandler
> [06/23/16 13:21:42.468]:Saba Rest Driver ST: Saba Rest Driver:
> queryHandler: class-name == 'User'
> [06/23/16 13:21:42.468]:Saba Rest Driver ST:
> SubscriptionShim.execute() returned:
> [06/23/16 13:21:42.484]:Saba Rest Driver ST:
> <nds dtdversion="3.0">
> <source>
> <product build="20150722_0750" version="1.0.0.0">Identity Manager
> REST Driver</product>
> <contact>NetIQ Corporation.</contact>
> </source>
> <output>
> <status event-id="0" level="error" type="driver-general">Exception:
> Resource could not be found for class-name User.Make sure the
> class-name supplied to the driver exactly matches the schema name in
> the driver parameter.</status>
> </output>
> </nds>
> [06/23/16 13:21:42.484]:Saba Rest Driver ST: Applying input
> transformation policies.
>
> I guess I must set a kind of mapping table to configure the REST
> schema, but I don't know where ?


There are some driver params for this.

Can you post a driver startup level 3 trace?
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
sma2006 Outstanding Contributor.
Outstanding Contributor.

Re: Begining with REST driver


Here it is, thx.

[06/23/16 13:19:52.151]:Saba Rest Driver ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<init-params src-dn="\EBU-UER\SYSTEMS\SERVICES\Driver Set\Saba Rest
Driver">
<driver-options>
<viewJavaGroup display-name="Custom Java
Extensions">show</viewJavaGroup>
<documentJavaGroup display-name="Document
Handling">no</documentJavaGroup>
<documentClass display-name="Class"></documentClass>
<documentParam display-name="Init Parameter"></documentParam>
<schemaJavaGroup display-name="Schema">no</schemaJavaGroup>
<schemaClass display-name="Class"></schemaClass>
<schemaParam display-name="Init Parameter"></schemaParam>
</driver-options>
<subscriber-options>
<subAuthMethod display-name="Authentication
Method">Basic</subAuthMethod>
<subAuthBasicID display-name="Authentication
ID">useradmin</subAuthBasicID>
<subAuthBasicPwd display-name="Authentication Password"
is-sensitive="true" type="password-ref"><!-- content suppressed
--></subAuthBasicPwd>
<subOAuthURL display-name="Access Token URL"></subOAuthURL>
<subOAuthID display-name="User Name"></subOAuthID>
<subOAuthPwd display-name="User Password" is-sensitive="true"
type="password-ref"><!-- content suppressed --></subOAuthPwd>
<query-name display-name="Query Name">grant_type</query-name>
<query-value display-name="Query Value"></query-value>
<query-name display-name="Query Name">client_id</query-name>
<query-value display-name="Query Value"></query-value>
<query-name display-name="Query
Name">client_secret</query-name>
<query-value display-name="Query Value"></query-value>
<header-name display-name="Header Name"></header-name>
<header-value display-name="Header Value"></header-value>
<subTrustStoreFile display-name="Truststore
file">C:\NetIQ\NDS\jre\lib\security\cacerts</subTrustStoreFile>
<mutualFields display-name="Set mutual authentication
parameters">show</mutualFields>
<subKeystoreFile display-name="Keystore
file">C:\NetIQ\NDS\jre\lib\security\cacerts</subKeystoreFile>
<subKeystorePassword display-name="Keystore password"
is-sensitive="true" type="password-ref"><!-- content suppressed
--></subKeystorePassword>
<connTimeOut display-name="Http Connection
Timeout">1</connTimeOut>
<proxy display-name="Proxy host and port"></proxy>
<subHttpErrorsToRetry display-name="HTTP errors to retry">307
408 503 504</subHttpErrorsToRetry>
<subHttpRESTBASEURL display-name="Base URL for REST
Resources">https://test.cloud.com/v1</subHttpRESTBASEURL>
</subscriber-options>
<publisher-options>
<pubSetting display-name="Publisher Setting">Poll</pubSetting>
<pollingInterval display-name="Polling interval in
minutes">1</pollingInterval>
<pubHostPort display-name="Listening IP address and
port"></pubHostPort>
<pubAuthMethod display-name="Authentication
Method">Basic</pubAuthMethod>
<pubAuthBasicID display-name="Authentication
ID"></pubAuthBasicID>
<pubAuthBasicPwd display-name="Authentication Password"
is-sensitive="true" type="password-ref"><!-- content suppressed
--></pubAuthBasicPwd>
<KMOName display-name="KMO name"></KMOName>
<pubKeystoreFile display-name="Keystore
file"></pubKeystoreFile>
<pubKeystorePassword display-name="Keystore password"
is-sensitive="true" type="password-ref"><!-- content suppressed
--></pubKeystorePassword>
<pubServerKeyAlias display-name="Server key
alias"></pubServerKeyAlias>
<pubServerKeyPassword display-name="Server key password"
is-sensitive="true" type="password-ref"><!-- content suppressed
--></pubServerKeyPassword>
<pubRequireMutualAuth display-name="Require mutual
authentication">false</pubRequireMutualAuth>
<heartbeat display-name="Heartbeat interval in
minutes">1</heartbeat>
</publisher-options>
<publisher-state/>
</init-params>
</input>
</nds>
[06/23/16 13:19:52.159]:Saba Rest Driver ST:Saba Rest Driver:
RESTDriver.getSchema() - initParameters follow:


--
sma
------------------------------------------------------------------------
sma's Profile: https://forums.netiq.com/member.php?userid=174
View this thread: https://forums.netiq.com/showthread.php?t=56096

0 Likes
Knowledge Partner
Knowledge Partner

Re: Begining with REST driver

sma wrote:

> From: "sma" <sma@no-mx.forums.microfocus.com>
> Subject: Re: Begining with REST driver
> Date: Thu, 23 Jun 2016 12:24:01 GMT
> Message-ID: <sma.7hrnhz@no-mx.forums.microfocus.com>
> Lines: 104
>
>
> Here it is, thx.
>



Under driver properties/driver configuration/subscriber options.

There is a header "Resources" where you need to configure resources to
synchronize. It doesn't look like you have configured anything here.
Fix that and try again.
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
sma2006 Outstanding Contributor.
Outstanding Contributor.

Re: Begining with REST driver


Ok, I just see that I missed the "resources" option in the subscriber
channel configuration. ( I thought it was related to nrfresources 🙂
).

But do you have any suggestion for example for the IDM query :

If the method is :

/people/username=:name(:searchField)?type=:internal


I would set :

URL Extension : /people
But how could I fill in the variable for the username search field ?

Thanks

Sylvain


--
sma
------------------------------------------------------------------------
sma's Profile: https://forums.netiq.com/member.php?userid=174
View this thread: https://forums.netiq.com/showthread.php?t=56096

0 Likes
Knowledge Partner
Knowledge Partner

Re: Begining with REST driver

sma wrote:

> Ok, I just see that I missed the "resources" option in the subscriber
> channel configuration. ( I thought it was related to nrfresources 🙂
> ).
>
> But do you have any suggestion for example for the IDM query :
>
> If the method is :
>
> /people/username=:name(:searchField)?type=:internal
>
>
> I would set :
>
> URL Extension : /people


No it would be something like
if your endpoint was

/people/alex

URL extension would be:
/people/<username>

essentially this is the entire URL, but for dynamic portions, you
enclose the dynamic source value in angle brackets.

Relevant documentation is here:

https://www.netiq.com/documentation/idm45drivers/generic_rest/data/bgm5w0x.html

If you don't choose custom the default for the query is explained here:
https://www.netiq.com/documentation/idm45drivers/generic_rest/data/bv5xsg5.html#b1fh3fcy
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
sma2006 Outstanding Contributor.
Outstanding Contributor.

Re: Begining with REST driver


Ok, it helps me but I don't understand how to passe XDS attributes into
the REST Method.

For the query I set : /people/username=<cn>:(username)?type=internal

But the effective query is : (The CN is missing in the query)

[06/23/16 15:58:01.805]:Saba Rest Driver ST: Saba Rest Driver:
sub-execute
[06/23/16 15:58:01.805]:Saba Rest Driver ST: Saba Rest Driver:
queryHandler
[06/23/16 15:58:01.805]:Saba Rest Driver ST: Saba Rest Driver:
queryHandler: class-name == 'User'
[06/23/16 15:58:01.806]:Saba Rest Driver ST: Saba Rest Driver:
Query: preparing GET to http://tinyurl.com/jtrpad8
[06/23/16 15:58:01.806]:Saba Rest Driver ST: Saba Rest Driver:
Setting the following HTTP request properties:
Authorization: <content suppressed>
[06/23/16 15:58:01.806]:Saba Rest Driver ST: Saba Rest Driver:
content-type:application/json
[06/23/16 15:58:02.014]:Saba Rest Driver ST: Saba Rest Driver:
Did a HTTP GET with 0 bytes of data to http://tinyurl.com/jtrpad8
[06/23/16 15:58:02.047]:Saba Rest Driver ST: Saba Rest Driver:
Response code and message: 200 OK
[06/23/16 15:58:02.047]:Saba Rest Driver ST:
SubscriptionShim.execute() returned:


Thanks

Sylvain


--
sma
------------------------------------------------------------------------
sma's Profile: https://forums.netiq.com/member.php?userid=174
View this thread: https://forums.netiq.com/showthread.php?t=56096

0 Likes
sma2006 Outstanding Contributor.
Outstanding Contributor.

Re: Begining with REST driver


I'm still trying to understand and found that I can use the url-token to
get the <filter> placeholder :
<url-token filter="?search-attr=CN+eq+%27JOHNDOE%27&read-attr="/>

But by default the <filter> is : ?search-attr=CN eq JOHNDOE;read-attr=

Ok, but I just need to get the CN in the filter placeholder or create
any other placeholder.

The policy "Translate XDS to JSON" contains the rules to create the
filter but it's not easy to modify.

Who know what must be changed to create new placeholder ?

Thanks

Sylvain


--
sma
------------------------------------------------------------------------
sma's Profile: https://forums.netiq.com/member.php?userid=174
View this thread: https://forums.netiq.com/showthread.php?t=56096

0 Likes
sma2006 Outstanding Contributor.
Outstanding Contributor.

Re: Begining with REST driver


Ok, I have modified the "Translate XDS to JSON" policy to get the
<filter> placeholder with only the required attribute:

[06/23/16 18:25:36.321]:Saba Rest Driver ST: Submitting document
to subscriber shim:
[06/23/16 18:25:36.321]:Saba Rest Driver ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<driver-operation-data class-name="User" command="query"
event-id="0">
<request>
<url-token filter="JOHNDOE"/>
<header content-type="application/json"/>

<value>{"scope":"subtree","event-id":"0","class-name":"User","search-class":["User"],"search-attr":[{"CN":"JOHNDOE"}],"read-attr":[""]}</value>
</request>
</driver-operation-data>
</input>
</nds>
[06/23/16 18:25:36.322]:Saba Rest Driver ST: Saba Rest Driver:
sub-execute
[06/23/16 18:25:36.323]:Saba Rest Driver ST: Saba Rest Driver:
queryHandler
[06/23/16 18:25:36.323]:Saba Rest Driver ST: Saba Rest Driver:
queryHandler: class-name == 'User'
[06/23/16 18:25:36.323]:Saba Rest Driver ST: Saba Rest Driver:
Query: preparing GET to http://tinyurl.com/z2j6x9d
[06/23/16 18:25:36.323]:Saba Rest Driver ST: Saba Rest Driver:
Setting the following HTTP request properties:
Authorization: <content suppressed>
[06/23/16 18:25:36.324]:Saba Rest Driver ST: Saba Rest Driver:
content-type:application/json
[06/23/16 18:25:36.516]:Saba Rest Driver ST: Saba Rest Driver:
Did a HTTP GET with 0 bytes of data to http://tinyurl.com/z2j6x9d
[06/23/16 18:25:36.546]:Saba Rest Driver ST: Saba Rest Driver:
Response code and message: 200 OK
[06/23/16 18:25:36.547]:Saba Rest Driver ST:
SubscriptionShim.execute() returned:
[06/23/16 18:25:36.547]:Saba Rest Driver ST:
<nds dtdversion="3.0">
<source>
<product build="20150722_0750" version="1.0.0.0">Identity Manager
REST Driver</product>
<contact>NetIQ Corporation.</contact>
</source>
<output>
<status event-id="0" level="success" type="driver-general">
<driver-operation-data class-name="User" command="query"
dest-dn="" event-id="0">
<response>
<url-token filter="JOHNDOE"/>
<header content-type="application/json"/>
<value>{"errorCode":99999,"errorMessage":"Internal Server
Error"}</value>
</response>
</driver-operation-data>
</status>
</output>
</nds>
[06/23/16 18:25:36.548]:Saba Rest Driver ST: Applying input
transformation policies.
[06/23/16 18:25:36.548]:Saba Rest Driver ST: Applying policy:
%+C%14CNETQRESTJSON-itp-CheckRetries%-C.


And now I have just an error after the request, but this is probably an
authentication problem.

I will try to find out and update the threads.

Thx

Sylvain


--
sma
------------------------------------------------------------------------
sma's Profile: https://forums.netiq.com/member.php?userid=174
View this thread: https://forums.netiq.com/showthread.php?t=56096

0 Likes
sma2006 Outstanding Contributor.
Outstanding Contributor.

Re: Begining with REST driver


The REST server as many other REST system is stateless and require a
authentication token, each time you want to send a request.

So the NetIQ REST driver must:
1) Send a /login request to get the token :
/login with username and password in the header
Then you receive a certificate.

2) Then send the request (a query for example) with the certificate
included:
test-api.cloud.com/v1/people/username=rose:(username)?type=internal&Certificate=455532544E42303032372D3331...

This is not trivial, does anyone has any suggestion how to do it with
the REST driver ???

Thanks

Sylvain


--
sma
------------------------------------------------------------------------
sma's Profile: https://forums.netiq.com/member.php?userid=174
View this thread: https://forums.netiq.com/showthread.php?t=56096

0 Likes
Knowledge Partner
Knowledge Partner

Re: Begining with REST driver

sma wrote:

>
> The REST server as many other REST system is stateless and require a
> authentication token, each time you want to send a request.
>
> So the NetIQ REST driver must:
> 1) Send a /login request to get the token :
> /login with username and password in the header
> Then you receive a certificate.
>
> 2) Then send the request (a query for example) with the certificate
> included:
> test-api.cloud.com/v1/people/username=rose:(username)?type=internal&Ce
> rtificate=455532544E42303032372D3331...
>
> This is not trivial, does anyone has any suggestion how to do it with
> the REST driver ???


This is a new question (your prior one was solved)

Rather than clutter up this thread with two issues, please start a new
thread. This is considered polite forum etiquette.

That said, if you refer to the documentation, the authentication models
that are supported are clearly spelled out. I am not sure if your model
is one of those that is officially supported.
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.