tools4everbv / helloid-conn-prov-source-adp-workforce Goto Github PK
View Code? Open in Web Editor NEWADP Workforce - Source
ADP Workforce - Source
In the readme now states that the PowerShell needs to be edited whenever using cloud agent.
The same logic can be used as in the part of the AccessToken.
Use the variable $certificateBase64 to determine what you need to do.
Possible solution could be:
if (-not[string]::IsNullOrEmpty($certificateBase64)) {
$dataset = $datasetJson.content | ConvertFrom-Json
}
elseif (-not [string]::IsNullOrEmpty($certificatePathertificatePath)) {
$datasetCorrected = [Text.Encoding]::UTF8.GetString([Text.Encoding]::GetEncoding(28591).GetBytes($datasetJson.content))
$dataset = $datasetCorrected | ConvertFrom-Json
}
else {
Throw "No certificate configured"
}
please test and verify
At line 291 in persons.ps1 it says:
Actually there is a way in some implementations, because there is an extra possibility to specify who is the actual manager. After the "Must be:" I have added the break when the RelationShipCode equals (in this case) "HOOFD2". The key is to find out per implementation what that value is for the primary manager.
Also the iteration in the for loop is hardcoded to values instead of $i:
for ($i = 0; $i -lt $assignment.reportsTo.Length; $i++) { $manager = @{ FormattedName = $assignment.reportsTo[2].reportsToWorkerName.formattedName WorkerID = $assignment.reportsTo[1].workerID.idValue AssociateOID = $assignment.reportsTo[3].associateOID RelationShipCode = $assignment.reportsTo[0].reportsToRelationshipCode.longName } }
Must be:
for ($i = 0; $i -lt $assignment.reportsTo.Length; $i++) { $manager = @{ FormattedName = $assignment.reportsTo[$i].reportsToWorkerName.formattedName WorkerID = $assignment.reportsTo[$i].workerID.idValue AssociateOID = $assignment.reportsTo[$i].associateOID RelationShipCode = $assignment.reportsTo[$i].reportsToRelationshipCode.longName } if($assignment.reportsTo[$i].reportsToRelationshipCode.longName -eq "HOOFD2"){ break } }
We experience an error when creating the certificate using $certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($certificatePath, $certificatePassword)
.
The error is as follows: "The specified network password is not correct. "
I don't know the exact cause of the error, but this prevents using the on-prem agent and certificate PFX.
A solution would be to use the cloud agent. To support this we need a base64 string of the certificate instead of a PFX.
EDIT:
It turns out that OpenSSL 3.0.0 uses AES256 as a default to encrypt the private key when exporting a .pfx file.
AES256 is apparently not supported on older versions of Windows according to this forum post.
The current mapping example contains a custom person field "Custom.AssociateOID".
Currently HelloID fails the import fo the connector when a custom field is in the mapping.
Please remove this field until HelloID supports this.
line 308
should be: elseif (-not [string]::IsNullOrEmpty($certificatePath)) {
Please replace line 82 from department.ps1 to:
[Text.Encoding]::UTF8.GetString([Text.Encoding]::GetEncoding(28591).GetBytes((Invoke-ADPRestMethod @splatADPRestMethodParams | ConvertTo-RawDataDepartmentObject | ConvertTo-Json -Depth 100)))
Otherwise, departments will not be in the UTF8 format.
At line 378, the part of PowerShell code needs to be changed from: $_.customFields to $assignment.customFields.
Please verify and test
With the new release it is possible to run the connector in the cloud.
However, when running onthe cloud agent the diacritical characters are not imported correctly (they are shown as a question mark: Ang�lique).
A solution for this is to remove the data conversion in the function Invoke-ADPRestMethod
.
An example of the full function without the data conversion is shown below:
function Invoke-ADPRestMethod {
<#
.SYNOPSIS
Retrieves data from the ADP API's
.DESCRIPTION
Retrieves data from the ADP API's using the standard <Invoke-RestMethod> cmdlet
.PARAMETER Url
The BaseUrl to the ADP Workforce environment. For example: https://test-api.adp.com
.PARAMETER Method
The CRUD operation for the request. Valid HttpMethods inlcude: GET and POST. Note that the ADP API's needed for the connector will only support 'GET'
.PARAMETER AccessToken
The AccessToken retrieved by the <Get-ADPAccessToken> function
.PARAMETER ProxyServer
The URL (or IP Address) to the ProxyServer in the network. Leave empty if no ProxyServer is being used
.PARAMETER Certificate
The [X509Certificate] object containing the *.pfx
.EXAMPLE
$certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new("the path to the *.pfx file", "Password for the *.pfx certificate")
Invoke-ADPRestMethod -Uri 'https://test-api.adp.com/hr/v2/worker-demographics' -Method 'GET' -AccessToken '0000-0000-0000-0000' -Certifcate $certificate
Returns the raw JSON data containing all workers from ADP Workforce
#>
[CmdletBinding()]
param(
[Parameter(Mandatory)]
[String]
$Url,
[Parameter(Mandatory)]
[String]
$Method,
[Parameter(Mandatory)]
[String]
$AccessToken,
[AllowNull()]
[AllowEmptyString()]
[String]
$ProxyServer,
[Parameter(Mandatory)]
[X509Certificate]
$Certificate,
[parameter(Mandatory = $true)]
[ref]
$data
)
$headers = @{
"Authorization" = "Bearer $AccessToken"
}
if ([string]::IsNullOrEmpty($ProxyServer)) {
$proxy = $null
}
else {
$proxy = $ProxyServer
}
# Speficy the variables specific to certain endpoints
# $contentField = The field in the response content that contains the actual data
# $paging = A boolean specifying to user paging or not
switch ($Url) {
"https://api.eu.adp.com/hr/v2/worker-demographics" {
$contentField = "workers"
$paging = $true
}
"https://api.eu.adp.com/core/v1/organization-departments" {
$contentField = "organizationDepartments"
$paging = $false
}
}
try {
# Currently only supported for the worker-demographics endpoint
if ($true -eq $paging) {
# Fetch the data in smaller chunks, otherwise the API of ADP will return an error 500 Internal Server Error or an error 503 Server / Service unavailable
$take = 100
$skip = 0
do {
$result = $null
$urlOffset = $Url + "?$" + "skip=$skip&$" + "top=$take"
$skip += $take
$splatRestMethodParameters = @{
Uri = $urlOffset
Method = $Method
Headers = $headers
Proxy = $proxy
UseBasicParsing = $true
Certificate = $Certificate
}
$datasetJson = Invoke-WebRequest @splatRestMethodParameters -verbose:$false
$dataset = $datasetJson.content | ConvertFrom-Json
$result = $dataset.$contentField
if (-not [string]::IsNullOrEmpty($result)) {
$data.value.AddRange($result)
}
}until( [string]::IsNullOrEmpty($result))
}
else {
$result = $null
$splatRestMethodParameters = @{
Uri = $Url
Method = $Method
Headers = $headers
Proxy = $proxy
UseBasicParsing = $true
Certificate = $Certificate
}
$datasetJson = Invoke-WebRequest @splatRestMethodParameters -verbose:$false
$dataset = $datasetJson.content | ConvertFrom-Json
$result = $dataset.$contentField
if (-not [string]::IsNullOrEmpty($result)) {
$data.value.AddRange($result)
}
}
}
catch {
$data.Value = $null
$ex = $PSItem
$errorMessage = Get-ErrorMessage -ErrorObject $ex
Write-Verbose "Error at Line '$($ex.InvocationInfo.ScriptLineNumber)': $($ex.InvocationInfo.Line). Error: $($($errorMessage.VerboseErrorMessage))"
throw "Could not query data from ADP. URI: $($splatRestMethodParameters.Uri). Error Message: $($errorMessage.AuditErrorMessage)"
}
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.