Click HERE to see how Saviynt Intelligence is transforming the industry. |
09/16/2024 06:36 AM
ConnectionJSON
{
"authentications": {
"AuthProv": {
"authType": "oauth2",
"httpHeaders": {
"contentType": "application/json"
},
"authError": [
"PASWS013E"
],
"url": "https://pam.XXXXX.com/PasswordVault/API/Auth/CyberArk/Logon",
"httpMethod": "POST",
"httpContentType": "application/json",
"errorPath": "ErrorCode",
"maxRefreshTryCount": 2,
"tokenResponsePath": "",
"accessToken": "XXXXXXXXXXXX",
"httpParams": "{ \"username\": \"Account-Provisioning_Saviynt\", \"password\": \"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\", \"concurrentSession\": true }",
"retryFailureStatusCode": [
401
],
"timeOutError": "Read timed out",
"baseUrl": "https://pam.XXXXX.com",
"domain": "XXXXX.com"
}
}
}
CreateAccountJSON (I have to make 5 calls in this)
{
"accountIdPath": "call1.message.safeName",
"call": [
{
"name": "call1",
"connection": "AuthProv",
"url": "${connection.baseUrl}/PasswordVault/API/Safes/",
"httpMethod": "POST",
"httpHeaders": {
"Authorization": "${access_token}",
"contentType": "application/json"
},
"httpParams": "{\"safeName\":\"Personal-${user.username}\",\"oLACEnabled\":false,\"autoPurgeEnabled\":false,\"managingCPM\":\"PasswordManager\",\"description\":\"\",\"location\":\"\",\"numberOfDaysRetention\":\"0\"}",
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
201,
409
]
},
"unsuccessResponses": {
"statusCode": [
401
]
}
},
{
"name": "call2",
"connection": "AuthProv",
"url": "${connection.baseUrl}/PasswordVault/API/Safes/Personal-${user.username}/Members/",
"httpMethod": "POST",
"httpHeaders": {
"Authorization": "${access_token}",
"contentType": "application/json"
},
"httpParams": "{\"memberName\":\"${user.username}@${connection.domain}\",\"searchIn\":\"${connection.domain}\",\"permissions\":{\"useAccounts\":true,\"listAccounts\":true}}",
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
201,
409
]
},
"unsuccessResponses": {
"statusCode": [
401
]
}
},
{
"name": "call3",
"connection": "AuthProv",
"url": "${connection.baseUrl}/PasswordVault/API/Safes/Personal-${user.username}/Members/",
"httpMethod": "POST",
"httpHeaders": {
"Authorization": "${access_token}",
"contentType": "application/json"
},
"httpParams": "{\"memberName\":\"Account-Management_Saviynt\",\"permissions\":{\"useAccounts\":false,\"retrieveAccounts\":false,\"listAccounts\":true,\"addAccounts\":true,\"updateAccountContent\":true,\"updateAccountProperties\":true,\"initiateCPMAccountManagementOperations\":true,\"specifyNextAccountContent\":false,\"renameAccounts\":true,\"deleteAccounts\":true,\"unlockAccounts\":true,\"manageSafe\":true,\"manageSafeMembers\":true,\"backupSafe\":false,\"viewAuditLog\":false,\"viewSafeMembers\":true,\"accessWithoutConfirmation\":false,\"createFolders\":false,\"deleteFolders\":false,\"moveAccountsAndFolders\":false,\"requestsAuthorizationLevel1\":false,\"requestsAuthorizationLevel2\":false}}",
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
201,
409
]
},
"unsuccessResponses": {
"statusCode": [
401
]
}
},
{
"name": "call4",
"connection": "AuthProv",
"url": "${connection.baseUrl}/PasswordVault/API/Safes/Personal-${user.username}/Members/",
"httpMethod": "POST",
"httpHeaders": {
"Authorization": "${access_token}",
"contentType": "application/json"
},
"httpParams": "{\"memberName\":\"Vault Admins\",\"permissions\":{\"listAccounts\":true,\"addAccounts\":true,\"updateAccountContent\":true,\"updateAccountProperties\":true,\"initiateCPMAccountManagementOperations\":true,\"renameAccounts\":true,\"deleteAccounts\":true,\"unlockAccounts\":true,\"manageSafe\":true,\"manageSafeMembers\":true,\"viewSafeMembers\":true}}",
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
201,
409
]
},
"unsuccessResponses": {
"statusCode": [
401
]
}
},
{
"name": "call5",
"connection": "AuthProv",
"url": "${connection.baseUrl}/PasswordVault/API/Safes/Personal-${user.username}/Members/",
"httpMethod": "POST",
"httpHeaders": {
"Authorization": "${access_token}",
"contentType": "application/json"
},
"httpParams": "{\"memberName\":\"Creator-Connect-Acc\",\"permissions\":{\"useAccounts\":true,\"listAccounts\":true,\"manageSafeMembers\":true,\"viewSafeMembers\":true}}",
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
201,
409
]
},
"unsuccessResponses": {
"statusCode": [
401
]
}
}
]
}
However when I run wsretry on a task only one call is made at a time, so I have to run wsretry 5 times to make all the five calls. And thus the task is completed after WSRETRY has run five times or more on it.
Here is the provisioning comments after all the runs:
{
"call1": {
"headers": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"message": {
"ErrorCode": "SFWS0002",
"ErrorMessage": "Safe Name Personal-XXXXXXX has already been defined."
},
"statusCode": 409,
"description": null,
"status": "Success"
},
"call2": {
"headers": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"message": {
"ErrorCode": "SFWS0012",
"ErrorMessage": "XXXXXXX@XXXXX.com is already a member of safe Personal-XXXXXXX."
},
"statusCode": 409,
"description": null,
"status": "Success"
},
"call3": {
"headers": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"message": {
"ErrorCode": "SFWS0012",
"ErrorMessage": "Account-Management_Saviynt is already a member of safe Personal-XXXXXXX."
},
"statusCode": 409,
"description": null,
"status": "Success"
},
"call4": {
"headers": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"message": {
"ErrorCode": "SFWS0012",
"ErrorMessage": "Vault Admins is already a member of safe Personal-XXXXXXX."
},
"statusCode": 409,
"description": null,
"status": "Success"
},
"auditDetails": {
"call2": [
{
"headers": null,
"message": "",
"statusCode": null,
"description": null,
"status": "Failed"
},
{
"headers": null,
"message": "",
"statusCode": null,
"description": null,
"status": "Failed"
}
],
"call3": [
{
"headers": null,
"message": "",
"statusCode": null,
"description": null,
"status": "Failed"
}
],
"call4": [
{
"headers": null,
"message": "",
"statusCode": null,
"description": null,
"status": "Failed"
}
],
"call5": [
{
"headers": null,
"message": "",
"statusCode": null,
"description": null,
"status": "Failed"
}
]
},
"call5": {
"headers": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"message": {
"ErrorCode": "SFWS0012",
"ErrorMessage": "Creator-Connect-Acc is already a member of safe Personal-XXXXXXX."
},
"statusCode": 409,
"description": null,
"status": "Success"
}
}
It makes no sense 😭, when only one call works at a time?
Each call fails once with below error:
"call5": [
{
"headers": null,
"message": "",
"statusCode": null,
"description": null,
"status": "Failed"
}
09/16/2024 08:54 AM
09/16/2024 10:11 PM
09/17/2024 10:07 AM
is there any delay needed between 2 apis ?
09/17/2024 09:44 PM
Nope, I can automate the same thing in Postman and postman can make all calls within a second successfully.
09/17/2024 09:55 PM
Postman can make all calls in 3.6 seconds with no rate limiting whatsoever.
I have tried adding delay to connection JSON too but still same issue:
09/18/2024 12:26 AM
So it seems the issue is related to load balancing, we have two servers handling the requests. When we turned one of the servers off the issue stopped happening.
Apparently we have to pass the "ApplicationGatewayAffinity" cookie to make sure we use the same server for the session.
Now I have to figure out a way to pass the cookies from the auth call to the next calls.
I did not have this issue in postman because it manages the cookies automatically.
09/18/2024 05:29 AM
You can capture from API response