Connectors Examples

Attribute mappings examples

Attributes

When you are configuring an agent, depending on the connector type, it will be able to define some attributes. The attributes depend on the object that you are configuring, and the objects depend on the connector type.

Get the value of an attribute (a user attribute in that case)

sAMAccountName <= userName
sAMAccountName => userName
sAMAccountName <=> userName

Get the value of a custom attribute

company <= attributes{"company"}
company => attributes{"company"}
company <=> attributes{"company"}

Get the value of an account metadata attribute

office <= accountAttributes{"office"}
office => accountAttributes{"office"}
office <=> accountAttributes{"office"}

Define a constant on the target system

nameConst <= "valueConst"

Assign the result of a script to the soffid attribute

return <SCRIPT> => attribute

Be in mind, it is allowed to use bean Shell expression only in the source when the mapping is one-way.

Assign the result of a script to the target attribute

attribute <= return <SCRIPT>

Be in mind, it is allowed to use bean Shell expression only in the source when the mapping is one-way.


Be in mind

If the attribute name in the final system is hyphenated, you have to use this expression: THIS{"ATTRIBUTENAME"}, for example THIS{"my-name"}


Outgoing triggers examples

Attribute mapping triggers

When you are configuring an agent and defining the attribute mappings of connectors, depending on the connector type, it will be able to define BeanShell scripts that will be triggered when data is loaded into the target system, outgoing triggers.

Triggers can be used to validate or perform a specific action just before performing an operation or just after performing an operation into target objects. 

The trigger result will be a boolean value, true to continue or false to stop.

Use case examples

Example 1

Update or insert a user only when the user is internal (PreInsert User or PreUpdate User)

name = source{"userName"};
user = serviceLocator.getUserService().findUserByUserName(name);
if (user != null) {
  if (user.userType.equals("I")) {
      return true;
  }
}
return false;

Example 2

Update or insert a user only when the company is Soffid. Be in mind that company attribute is a custom attribute.

name = source{"userName"};
company = source{"attributes"}{"company"};
user = serviceLocator.getUserService().findUserByUserName(name);

if (user != null) {
  if (company != null && company.toUpperCase().equals("SOFFID")) {
  	return true; 
  }
}

return false;

Example 3

Recover a response and process it.

if (response != null) {
  for (o : response.getObjects()) {
  	if (o != null && o{"result"} != null) {
	  //TO-DO     
    }
  }
}
return true;

Example 4

Send a HTML mail with the response info.

.....
to = newObject{"identity"};
subject = "LinOTP QR";
body = o{"result"};
serviceLocator.getMailService().sendHtmlMailToActors(new String[] {to}, subject, body);
.......

Example 5

Update a user with the response info

.......
body = o{"result"};
ac = newObject{"user"};
data = new com.soffid.iam.api.UserData();
data.setAccountName(ac);
data.setSystemName("LinOTP");
data.setAttribute("token");
data.setBlobDataValue(body.getBytes());
serviceLocator.getAccountService().updateAccountAttribute(data);
......

Example 6

Call an API and process the response.

.......
userN = accontList.get(0).name;
result = dispatcherService.invoke(
	"GET",
  	"https://" + DOMINIO + "crmRestApi/resources/....?onlyData=true&q=Username=" + userN,
  	null);
if (result != null && !result.isEmpty()) {
  //TO-DO
} 
.......

Example 7

Pre Update: assign a value to an attribute depending on the value of a group attribute. The user can belong to many groups.

userName = source{"userName"};
attributes = serviceLocator.getUserService().findUserAttributes(userName);
dateChange = attributes.get("dateChange");

if (dateChange == null || dateChange == void ) {
	return true;
}

userGroupList = serviceLocator.getGroupService().findUsersGroupByUserName(userName);
contFalse = 0;
contNull  = 0;
isFound = false;
for (ug : userGroupList) {
  group = serviceLocator.getGroupService().findGroupByGroupName(ug.group);
  att = group.attributes.get("indicator");
  if (att != void) {
     if (att == null) contNull++;
     else if (att.equals("0")) contFalse++;
     else if (att.equals("1")) {
       isFound  = true; 
       break;
     } 
  }  
}

if (isFound) {
  newObject{"id-indicator"} = "1";
} else {
  if (contFalse > 0) {
    newObject{"id-indicator"} = "0"; 
  } else if (contNull > 0) {
    newObject{"id-indicator"} =  null;
  } 
} 
    
return true;

Incoming triggers examples

Load triggers

When you are configuring an agent, depending on the connector type, it will be able to define BeanShell scripts that will be triggered when data is loaded into Soffid, incoming triggers.

Triggers can be used to validate or perform a specific action just before performing an operation or just after performing an operation into Soffid objects. 

The trigger result will be a boolean value, true to continue or false to stop.

Use case examples

Example 1

A user can have more than one account on a target system. We want to reconcile only those accounts which have the same name on Soffid and on target system.

name = newObject{"accountName"};
uaList = serviceLocator.getAccountService().findUsersAccounts(name,"agentName");

for(userAccount: uaList) {
  if (userAccount.name.equals(name)) {
    return true;
  } else  {
    return false;
  }
}

return false;

Example 2

Update only users who belong to Soffid company.

name = newObject{"accountName"};
user = serviceLocator.getUserService().findUserByUserName(name);

if (user != null) {
  attributes = serviceLocator.getUserService().findUserAttributes(name);
  company = attributes.get("company");
  if (company != null && company.equals("Soffid")) {
  	return true;
}
return false;
  

Example 3

Discard to create some accounts (PreInsert account).

System.out.println("************** Pre Insert Account");
cuentas = new java.util.HashMap();
cuentas.put("admin",null);
account = newObject{"accountName"};

if (cuentas.containsKey(account)) {
  System.out.println("TRIGGER ACCOUNT PREINSERT - Discarded to create the account " + account);
  return false;
}

System.out.println("TRIGGER ACCOUNT PREINSERT - Correct account " + account);
return true;

Example 4

If does not exist a mail domain, it wil be created.

mailDomain = newObject{"mailDomain"};
if (mailDomain != void && mailDomain != null) {
  existMD = serviceLocator.getMailListsService().findMailDomainByName(mailDomain);
  if (existMD == null) {
    newMailDomain = new com.soffid.iam.api.MailDomain();
    newMailDomain.setName(mailDomain);
    newMailDomain.setDescription(mailDomain);
    serviceLocator.getMailListsService().create(newMailDomain);
  }
}
return true;

Example 5

Avoid deleting users (PreDelete user).

return false;

Example 6

If throw the exception, the return will be is false. True in other cases.

if (....) 
  throw new Exception("Exception message....");
return true;

Example 7

The new group on the target system will have the same id that the old group.

newObject{"idGroup"} = oldObject{"idGroup"};
.....

Example 8

Get the attribute company option 1:

company = source{"attributes"}{"company"};

Get the attribute company option 2

userName = source{"userName"};
attributes = serviceLocator.getUserService().findUserAttributes(userName);
company = attributes.get("company");

Example 9

Update the company attribute:

userName = newObject{"userName"};
// Check if the user exists 
user = serviceLocator.getUserService().findUserByUserName(userName);
if (user == null) {
	return false;
} 
System.out.println("***************** USER Object: " + user);

attributes = serviceLocator.getUserService().findUserAttributes(userName);
if (attributes == null) {
	attributes = new HashMap();
} 

attributes.put("company", "<COMPANY_NAME>");
serviceLocator.getUserService().updateUserAttributes(userName, attributes);

return true;

Example 10

Check user type

userName = newObject{"userName"};
user = serviceLocator.getUserService().findUserByUserName(userName);

if (user.userType.equals("I")){
  .....
  //TODO
} else {
    .....
  //TODO
}
return true;


Triggers: Script Tips

Triggers: Script Tips

Here we will show you some tips about how to use scripts.

For more information you can visit the official documentation of Soffid

Write into a sync-server log

System.out.println("what you want......");

Recover data from a Soffid object when synchronizing

* source only can be used in outgoing triggers. That object will be Soffid format.

* newObject and oldObject can be used in outgoing and incoming triggers. Those objects will be target system format in outgoing triggers and will be Soffid format in incoming triggers.

Recover data from Soffid object to synchronize

Recover user name

name = source{"userName"};
Recover a custom attribute

Recover company (company could be a user custom attribute defined on metadata page)

comp = source{"attributes"}{"company"};
Recover the attribute value that will be sent
no = newObject{"userName"};
gn = newObject{"givenName"};
....
Recover the attribute value from the select

That info comes from the target system. In a synchronization process, the first thing that Soffid does, is to query if the account exists on the target system.

no = oldObject{"userName"};
gn = oldObject{"givenName"};
....

Use  existing services

serviceLocator.getUserService().....
serviceLocator.getAccountService().....
serviceLocator.......

Create a new Soffid object

mailDomain = new com.soffid.iam.api.MailDomain();
newUser = new com.soffid.iam.api.User();
newRol = new com.soffid.iam.api.Role();
............

Loop an object list

for(role : roleList){
  //TO-DO
  out.print(" Role: " + role.roleName + "\n");
}

Recover response

if (response!=null) {
  for (o : response.getObjects()) {
    if (o!=null && o{"result"}!=null) {
      //TO-DO
    }
  }
}

Send a text email 

serviceLocator.getMailService().sendTextMail("mail@soffid.com", "Subject", "Mail message");

Send a HTML mail 

serviceLocator.getMailService().sendHtmlMailToActors(<to>, <subject>, <html-body>);