Click HERE to see how Saviynt Intelligence is transforming the industry. |
10/04/2023 05:56 AM - last edited on 10/04/2023 07:10 AM by Dave
REST Add Access task not getting provisioned. Failing with 401 error
Token API logic of Collective application - RSA Archer based oauth2 authentication is used. Here in RSA, once the token is generated(say value of token is SOMETOKENVALUE), it continues to make successful API calls. But if the token API is hit again, the working token(SOMETOKENVALUE) seizes to work although the expiration time wasn't met. The newly generated token should be used going forward(say NEWTOKENVALUE).
The JSONs are present below. Logs are attached for Add Access task. Based on logs it is observed that 401 error is coming 5 times and failing post that when ${access_token} binding is used. When the token is hardcoded in connectionJSON, it works.
Another observation is, hardcoding the token in add access json does not work when connection json has binding.
Connection JSON is:
{
"authentications": {
"collectiveAuth": {
"authType": "oauth2",
"url": "https://maskedurl/api/core/security/login",
"httpMethod": "POST",
"httpParams": {
"InstanceName":"QA",
"Username":"TESTUSER",
"UserDomain":"ASIA-PAC",
"Password":"Test123"
},
"httpHeaders": {
"Content-Type": "application/json"
},
"httpContentType": "application/json",
"retryFailureStatusCode": [401],
"successResponse": [200,201],
"expiryError": "Invalid session token",
"timeOutError": "Read timed out",
"errorPath": "",
"maxRefreshTryCount": 5,
"tokenResponsePath": "RequestedObject.SessionToken",
"tokenType": "",
"accessToken": "abcd"
}
}
}
Add Access JSON:
{
"call": [
{
"name": "Roles",
"connection": "collectiveAuth",
"url": "https://maskedurl/api/core/system/userrole",
"httpMethod": "PUT",
"httpParams": "{\"UserId\": ${account.accountID},\"RoleId\": 39,\"IsAdd\": true}",
"httpHeaders": {
"Authorization": "Archer session-id=${access_token}",
"Content-Type": "application/json"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [201, 200, 204]
},
"unsuccessResponses": {
"statusCode": [400, 403, 401, 404, 409, 501, 500]
}
},
{
"name": "Groups",
"connection": "collectiveAuth",
"url": "https://maskedurl/api/core/system/usergroup",
"httpMethod": "PUT",
"httpParams": "{\"UserId\": ${account.accountID},\"GroupId\": 363,\"IsAdd\": true}",
"httpHeaders": {
"Authorization": "Archer session-id=${access_token}",
"Content-Type": "application/json"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [201, 200, 204]
},
"unsuccessResponses": {
"statusCode": [400, 403, 401, 404, 409, 501, 500]
}
}]
}
Logs are attached
Also FYI, the same connection json is working for recon with dynamic bindings. Failing only for provisioning,
[This post has been edited by a Moderator to merge two posts.]
10/10/2023 08:26 AM
Can you try this in postman and see is it behaving the same way, once it is success again call the Token Api and try to call it and see whether its working or not.
Thanks
Darshan
10/10/2023 09:24 AM
@Darshanjain I have already done that via postman. The token gets expired immediately after the token API is hit again.
10/11/2023 06:54 AM
I see you already raised a ticket as well with saviynt and have checked the logs as well as its generating same token for 5times, we are checking and will let you know.
Thanks
Darshan
10/12/2023 12:47 AM
Hi Darshan,
Thanks for the update. Hoping for a resolution soon.