I am building a REST driver with user and userrole endpoints. I have everything working with entitlements (account and role) except the case when a user is granted a role entitlement before they are given the account entitlement. In this case I haven't been able to add the roles because the user isn't created yet.

I have been trying to copy how the AD driver does it in NOVLADENTEX-itp-EntitlementsImpl which is talked about here: https://www.netiq.com/documentation/...a/bfpqcdb.html

The issue I am running into with this approach is that when we do "add source attribute value" in the input transform it does not go out the output transform. It appears to send the xml directly to the shim. Is this expected?

What would be the correct way to approach this problem?

Here is a driver startup and trace of giving a user the account entitlement: https://pastebin.com/2R1hk6u0