Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

REST connection - WSRETRY only makes one call in each run

yogesh2
Regular Contributor II
Regular Contributor II

ConnectionJSON 

 

{
  "authentications": {
    "AuthProv": {
      "authType": "oauth2",
      "httpHeaders": {
        "contentType": "application/json"
      },
      "authError": [
        "PASWS013E"
      ],
      "url": "https://pam.XXXXX.com/PasswordVault/API/Auth/CyberArk/Logon",
      "httpMethod": "POST",
      "httpContentType": "application/json",
      "errorPath": "ErrorCode",
      "maxRefreshTryCount": 2,
      "tokenResponsePath": "",
      "accessToken": "XXXXXXXXXXXX",
      "httpParams": "{ \"username\": \"Account-Provisioning_Saviynt\", \"password\": \"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\", \"concurrentSession\": true }",
      "retryFailureStatusCode": [
        401
      ],
      "timeOutError": "Read timed out",
      "baseUrl": "https://pam.XXXXX.com",
      "domain": "XXXXX.com"
    }
  }
}

 

CreateAccountJSON (I have to make 5 calls in this)

 

{
  "accountIdPath": "call1.message.safeName",
  "call": [
    {
      "name": "call1",
      "connection": "AuthProv",
      "url": "${connection.baseUrl}/PasswordVault/API/Safes/",
      "httpMethod": "POST",
      "httpHeaders": {
        "Authorization": "${access_token}",
        "contentType": "application/json"
      },
      "httpParams": "{\"safeName\":\"Personal-${user.username}\",\"oLACEnabled\":false,\"autoPurgeEnabled\":false,\"managingCPM\":\"PasswordManager\",\"description\":\"\",\"location\":\"\",\"numberOfDaysRetention\":\"0\"}",
      "httpContentType": "application/json",
      "successResponses": {
        "statusCode": [
          201,
          409
        ]
      },
      "unsuccessResponses": {
        "statusCode": [
          401
        ]
      }
    },
    {
      "name": "call2",
      "connection": "AuthProv",
      "url": "${connection.baseUrl}/PasswordVault/API/Safes/Personal-${user.username}/Members/",
      "httpMethod": "POST",
      "httpHeaders": {
        "Authorization": "${access_token}",
        "contentType": "application/json"
      },
      "httpParams": "{\"memberName\":\"${user.username}@${connection.domain}\",\"searchIn\":\"${connection.domain}\",\"permissions\":{\"useAccounts\":true,\"listAccounts\":true}}",
      "httpContentType": "application/json",
      "successResponses": {
        "statusCode": [
          201,
          409
        ]
      },
      "unsuccessResponses": {
        "statusCode": [
          401
        ]
      }
    },
    {
      "name": "call3",
      "connection": "AuthProv",
      "url": "${connection.baseUrl}/PasswordVault/API/Safes/Personal-${user.username}/Members/",
      "httpMethod": "POST",
      "httpHeaders": {
        "Authorization": "${access_token}",
        "contentType": "application/json"
      },
      "httpParams": "{\"memberName\":\"Account-Management_Saviynt\",\"permissions\":{\"useAccounts\":false,\"retrieveAccounts\":false,\"listAccounts\":true,\"addAccounts\":true,\"updateAccountContent\":true,\"updateAccountProperties\":true,\"initiateCPMAccountManagementOperations\":true,\"specifyNextAccountContent\":false,\"renameAccounts\":true,\"deleteAccounts\":true,\"unlockAccounts\":true,\"manageSafe\":true,\"manageSafeMembers\":true,\"backupSafe\":false,\"viewAuditLog\":false,\"viewSafeMembers\":true,\"accessWithoutConfirmation\":false,\"createFolders\":false,\"deleteFolders\":false,\"moveAccountsAndFolders\":false,\"requestsAuthorizationLevel1\":false,\"requestsAuthorizationLevel2\":false}}",
      "httpContentType": "application/json",
      "successResponses": {
        "statusCode": [
          201,
          409
        ]
      },
      "unsuccessResponses": {
        "statusCode": [
          401
        ]
      }
    },
    {
      "name": "call4",
      "connection": "AuthProv",
      "url": "${connection.baseUrl}/PasswordVault/API/Safes/Personal-${user.username}/Members/",
      "httpMethod": "POST",
      "httpHeaders": {
        "Authorization": "${access_token}",
        "contentType": "application/json"
      },
      "httpParams": "{\"memberName\":\"Vault Admins\",\"permissions\":{\"listAccounts\":true,\"addAccounts\":true,\"updateAccountContent\":true,\"updateAccountProperties\":true,\"initiateCPMAccountManagementOperations\":true,\"renameAccounts\":true,\"deleteAccounts\":true,\"unlockAccounts\":true,\"manageSafe\":true,\"manageSafeMembers\":true,\"viewSafeMembers\":true}}",
      "httpContentType": "application/json",
      "successResponses": {
        "statusCode": [
          201,
          409
        ]
      },
      "unsuccessResponses": {
        "statusCode": [
          401
        ]
      }
    },
    {
      "name": "call5",
      "connection": "AuthProv",
      "url": "${connection.baseUrl}/PasswordVault/API/Safes/Personal-${user.username}/Members/",
      "httpMethod": "POST",
      "httpHeaders": {
        "Authorization": "${access_token}",
        "contentType": "application/json"
      },
      "httpParams": "{\"memberName\":\"Creator-Connect-Acc\",\"permissions\":{\"useAccounts\":true,\"listAccounts\":true,\"manageSafeMembers\":true,\"viewSafeMembers\":true}}",
      "httpContentType": "application/json",
      "successResponses": {
        "statusCode": [
          201,
          409
        ]
      },
      "unsuccessResponses": {
        "statusCode": [
          401
        ]
      }
    }
  ]
}

 

 However when I run wsretry on a task only one call is made at a time, so I have to run wsretry 5 times to make all the five calls. And thus the task is completed after WSRETRY has run five times or more on it.

Here is the provisioning comments after all the runs:

 

{
  "call1": {
    "headers": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "message": {
      "ErrorCode": "SFWS0002",
      "ErrorMessage": "Safe Name Personal-XXXXXXX has already been defined."
    },
    "statusCode": 409,
    "description": null,
    "status": "Success"
  },
  "call2": {
    "headers": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "message": {
      "ErrorCode": "SFWS0012",
      "ErrorMessage": "XXXXXXX@XXXXX.com is already a member of safe Personal-XXXXXXX."
    },
    "statusCode": 409,
    "description": null,
    "status": "Success"
  },
  "call3": {
    "headers": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "message": {
      "ErrorCode": "SFWS0012",
      "ErrorMessage": "Account-Management_Saviynt is already a member of safe Personal-XXXXXXX."
    },
    "statusCode": 409,
    "description": null,
    "status": "Success"
  },
  "call4": {
    "headers": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "message": {
      "ErrorCode": "SFWS0012",
      "ErrorMessage": "Vault Admins is already a member of safe Personal-XXXXXXX."
    },
    "statusCode": 409,
    "description": null,
    "status": "Success"
  },
  "auditDetails": {
    "call2": [
      {
        "headers": null,
        "message": "",
        "statusCode": null,
        "description": null,
        "status": "Failed"
      },
      {
        "headers": null,
        "message": "",
        "statusCode": null,
        "description": null,
        "status": "Failed"
      }
    ],
    "call3": [
      {
        "headers": null,
        "message": "",
        "statusCode": null,
        "description": null,
        "status": "Failed"
      }
    ],
    "call4": [
      {
        "headers": null,
        "message": "",
        "statusCode": null,
        "description": null,
        "status": "Failed"
      }
    ],
    "call5": [
      {
        "headers": null,
        "message": "",
        "statusCode": null,
        "description": null,
        "status": "Failed"
      }
    ]
  },
  "call5": {
    "headers": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "message": {
      "ErrorCode": "SFWS0012",
      "ErrorMessage": "Creator-Connect-Acc is already a member of safe Personal-XXXXXXX."
    },
    "statusCode": 409,
    "description": null,
    "status": "Success"
  }
}

 

 

It makes no sense 😭, when only one call works at a time? 

Each call fails once with below error:

 

"call5": [
      {
        "headers": null,
        "message": "",
        "statusCode": null,
        "description": null,
        "status": "Failed"
      }

 

 

7 REPLIES 7

rushikeshvartak
All-Star
All-Star
  • I dont see any issue in configuration.
  • Please share logs to check why only 1 calls is executed 

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

yogesh2
Regular Contributor II
Regular Contributor II

Here are the logs

is there any delay needed between 2 apis ?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

yogesh2
Regular Contributor II
Regular Contributor II

Nope, I can automate the same thing in Postman and postman can make all calls within a second successfully.

yogesh2
Regular Contributor II
Regular Contributor II

Postman can make all calls in 3.6 seconds with no rate limiting whatsoever.

yogesh2_0-1726634990382.png

I have tried adding delay to connection JSON too but still same issue:

yogesh2_1-1726635225992.png

 

yogesh2
Regular Contributor II
Regular Contributor II

So it seems the issue is related to load balancing, we have two servers handling the requests. When we turned one of the servers off the issue stopped happening.

Apparently we have to pass the "ApplicationGatewayAffinity" cookie to make sure we use the same server for the session.

Now I have to figure out a way to pass the cookies from the auth call to the next calls.

I did not have this issue in postman because it manages the cookies automatically.

You can capture from API response


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.