tools4everbv / helloid-conn-prov-source-adp-workforce Goto Github PK
View Code? Open in Web Editor NEWADP Workforce - Source
helloid-conn-prov-source-adp-workforce's Issues
custom fields for assignments does not work correctly
At line 378, the part of PowerShell code needs to be changed from: $_.customFields to $assignment.customFields.
Please verify and test
Choosing the manager
At line 291 in persons.ps1 it says:
Assignments may contain multiple managers (per assignment). There's no way to specify which manager is primary
Actually there is a way in some implementations, because there is an extra possibility to specify who is the actual manager. After the "Must be:" I have added the break when the RelationShipCode equals (in this case) "HOOFD2". The key is to find out per implementation what that value is for the primary manager.
Also the iteration in the for loop is hardcoded to values instead of $i:
for ($i = 0; $i -lt $assignment.reportsTo.Length; $i++) { $manager = @{ FormattedName = $assignment.reportsTo[2].reportsToWorkerName.formattedName WorkerID = $assignment.reportsTo[1].workerID.idValue AssociateOID = $assignment.reportsTo[3].associateOID RelationShipCode = $assignment.reportsTo[0].reportsToRelationshipCode.longName } }
Must be:
for ($i = 0; $i -lt $assignment.reportsTo.Length; $i++) { $manager = @{ FormattedName = $assignment.reportsTo[$i].reportsToWorkerName.formattedName WorkerID = $assignment.reportsTo[$i].workerID.idValue AssociateOID = $assignment.reportsTo[$i].associateOID RelationShipCode = $assignment.reportsTo[$i].reportsToRelationshipCode.longName } if($assignment.reportsTo[$i].reportsToRelationshipCode.longName -eq "HOOFD2"){ break } }
Import doesn't work with Custom fields in mapping
The current mapping example contains a custom person field "Custom.AssociateOID".
Currently HelloID fails the import fo the connector when a custom field is in the mapping.
Please remove this field until HelloID supports this.
UTF8 for departments
Please replace line 82 from department.ps1 to:
[Text.Encoding]::UTF8.GetString([Text.Encoding]::GetEncoding(28591).GetBytes((Invoke-ADPRestMethod @splatADPRestMethodParams | ConvertTo-RawDataDepartmentObject | ConvertTo-Json -Depth 100)))
Otherwise, departments will not be in the UTF8 format.
Enhancement: Calculate Manager Based on Department and /organization-roles Endpoint
We’ve noticed that the ReportsTo on assignment is only available when the employee’s start date has been reached. The current code snippet uses the ReportsTo to calculate the manager:
# Assignments may contain multiple managers (per assignment). There's no way to specify which manager is primary
# We always select the first one in the array
if (($assignment.reportsTo | Measure-Object).Count -ge 1) {
$manager = ($assignment.reportsTo | Sort-Object -Descending)[0]
$assignment | Add-Member -MemberType NoteProperty -Name "manager" -Value $manager -Force
}
To tackle this, we could calculate the manager based on the department and the organization-roles endpoint. However, please note that this may result in multiple managers for a department. It needs to be discussed what logic to use to calculate the primary manager.
Error in departments script
There is an error in the departments.ps1. There is a variable in the script that does not exist. https://github.com/Tools4everBV/HelloID-Conn-Prov-Source-ADP-Workforce/blob/main/departments.ps1#L264
on line 264 and 294
the variable $certificatePath should be replaced by $certificatePath.
Typo departments script line 308
line 308
should be: elseif (-not [string]::IsNullOrEmpty($certificatePath)) {
Diacritical characters not imported correctly when running in cloud
With the new release it is possible to run the connector in the cloud.
However, when running onthe cloud agent the diacritical characters are not imported correctly (they are shown as a question mark: Ang�lique).
A solution for this is to remove the data conversion in the function Invoke-ADPRestMethod.
An example of the full function without the data conversion is shown below:
function Invoke-ADPRestMethod {
<#
.SYNOPSIS
Retrieves data from the ADP API's
.DESCRIPTION
Retrieves data from the ADP API's using the standard <Invoke-RestMethod> cmdlet
.PARAMETER Url
The BaseUrl to the ADP Workforce environment. For example: https://test-api.adp.com
.PARAMETER Method
The CRUD operation for the request. Valid HttpMethods inlcude: GET and POST. Note that the ADP API's needed for the connector will only support 'GET'
.PARAMETER AccessToken
The AccessToken retrieved by the <Get-ADPAccessToken> function
.PARAMETER ProxyServer
The URL (or IP Address) to the ProxyServer in the network. Leave empty if no ProxyServer is being used
.PARAMETER Certificate
The [X509Certificate] object containing the *.pfx
.EXAMPLE
$certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new("the path to the *.pfx file", "Password for the *.pfx certificate")
Invoke-ADPRestMethod -Uri 'https://test-api.adp.com/hr/v2/worker-demographics' -Method 'GET' -AccessToken '0000-0000-0000-0000' -Certifcate $certificate
Returns the raw JSON data containing all workers from ADP Workforce
#>
[CmdletBinding()]
param(
[Parameter(Mandatory)]
[String]
$Url,
[Parameter(Mandatory)]
[String]
$Method,
[Parameter(Mandatory)]
[String]
$AccessToken,
[AllowNull()]
[AllowEmptyString()]
[String]
$ProxyServer,
[Parameter(Mandatory)]
[X509Certificate]
$Certificate,
[parameter(Mandatory = $true)]
[ref]
$data
)
$headers = @{
"Authorization" = "Bearer $AccessToken"
}
if ([string]::IsNullOrEmpty($ProxyServer)) {
$proxy = $null
}
else {
$proxy = $ProxyServer
}
# Speficy the variables specific to certain endpoints
# $contentField = The field in the response content that contains the actual data
# $paging = A boolean specifying to user paging or not
switch ($Url) {
"https://api.eu.adp.com/hr/v2/worker-demographics" {
$contentField = "workers"
$paging = $true
}
"https://api.eu.adp.com/core/v1/organization-departments" {
$contentField = "organizationDepartments"
$paging = $false
}
}
try {
# Currently only supported for the worker-demographics endpoint
if ($true -eq $paging) {
# Fetch the data in smaller chunks, otherwise the API of ADP will return an error 500 Internal Server Error or an error 503 Server / Service unavailable
$take = 100
$skip = 0
do {
$result = $null
$urlOffset = $Url + "?$" + "skip=$skip&$" + "top=$take"
$skip += $take
$splatRestMethodParameters = @{
Uri = $urlOffset
Method = $Method
Headers = $headers
Proxy = $proxy
UseBasicParsing = $true
Certificate = $Certificate
}
$datasetJson = Invoke-WebRequest @splatRestMethodParameters -verbose:$false
$dataset = $datasetJson.content | ConvertFrom-Json
$result = $dataset.$contentField
if (-not [string]::IsNullOrEmpty($result)) {
$data.value.AddRange($result)
}
}until( [string]::IsNullOrEmpty($result))
}
else {
$result = $null
$splatRestMethodParameters = @{
Uri = $Url
Method = $Method
Headers = $headers
Proxy = $proxy
UseBasicParsing = $true
Certificate = $Certificate
}
$datasetJson = Invoke-WebRequest @splatRestMethodParameters -verbose:$false
$dataset = $datasetJson.content | ConvertFrom-Json
$result = $dataset.$contentField
if (-not [string]::IsNullOrEmpty($result)) {
$data.value.AddRange($result)
}
}
}
catch {
$data.Value = $null
$ex = $PSItem
$errorMessage = Get-ErrorMessage -ErrorObject $ex
Write-Verbose "Error at Line '$($ex.InvocationInfo.ScriptLineNumber)': $($ex.InvocationInfo.Line). Error: $($($errorMessage.VerboseErrorMessage))"
throw "Could not query data from ADP. URI: $($splatRestMethodParameters.Uri). Error Message: $($errorMessage.AuditErrorMessage)"
}
}
Error "network password incorrect" on-prem agent
We experience an error when creating the certificate using $certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($certificatePath, $certificatePassword).
The error is as follows: "The specified network password is not correct. "
I don't know the exact cause of the error, but this prevents using the on-prem agent and certificate PFX.
A solution would be to use the cloud agent. To support this we need a base64 string of the certificate instead of a PFX.
EDIT:
It turns out that OpenSSL 3.0.0 uses AES256 as a default to encrypt the private key when exporting a .pfx file.
AES256 is apparently not supported on older versions of Windows according to this forum post.
support base64 string for certificate
In the readme now states that the PowerShell needs to be edited whenever using cloud agent.
The same logic can be used as in the part of the AccessToken.
Use the variable $certificateBase64 to determine what you need to do.
Possible solution could be:
if (-not[string]::IsNullOrEmpty($certificateBase64)) {
$dataset = $datasetJson.content | ConvertFrom-Json
}
elseif (-not [string]::IsNullOrEmpty($certificatePathertificatePath)) {
$datasetCorrected = [Text.Encoding]::UTF8.GetString([Text.Encoding]::GetEncoding(28591).GetBytes($datasetJson.content))
$dataset = $datasetCorrected | ConvertFrom-Json
}
else {
Throw "No certificate configured"
}
please test and verify
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.