Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/12/2022 12:57 PM
I'm unable to retrieve token in SSM. It looks the URL configured in the ConnectionJSON is not even invoked.
Apart from this, there is no other issue with the configuration as when I provide the access token manually, accounts are being imported successfully.
"accessToken": "Bearer the_actual_token_provided_manually"
Note - I have tested the API independently via SOAPUI REST Client and it works fine.
Please let me know how to get the token from the API automatically, below is my configuration:
ConnectionJSON:
{ "authentications": { "acctAuth": { "authType": "oauth2", "url": "https://***/oauth2/token", "httpMethod": "POST", "httpHeaders": {"Accept": "application/x-www-form-urlencoded"}, "httpContentType": "application/json", "httpParams": { "grant_type": "password", "username": "***", "password": "***" }, "expiryError": "ExpiredAuthenticationToken", "authError": ["Login failed."], "timeOutError": "Read timed out", "errorPath": "error", "maxRefreshTryCount": 5, "tokenResponsePath": "access_token", "tokenType": "Bearer", "accessToken": "Bearer abcd" } } }
ImportAccountEntJSON.json:
{ "accountParams": { "connection": "acctAuth", "processingType": "SequentialAndIterative", "statusAndThresholdConfig": { "accountsNotInImportAction": "Inactive", "accountThresholdValue": 1 }, "call": { "call1": { "callOrder": 0, "stageNumber": 0, "http": { "url": "https://***/api/v1/users", "httpContentType": "application/json", "httpHeaders": { "Authorization": "${access_token}" }, "httpMethod": "GET" }, "listField": "", "keyField": "accountID", "colsToPropsMap": { "accountID": "id~#~char", "name": "userName~#~char" } } } } }
SOAPUI - Authentication API to get token:
Raw request to get the token:
API to get the user details:
Raw request to get the user details:
Solved! Go to Solution.
04/12/2022 01:59 PM
By adding "retryFailureStatusCode": [403] in the connection JSON, it does invoke the token service, but still the accounts import doesn't work.
Looks like there is some issue with the response payload field in the REST connector.
As per logs:
DEBUG rest.RestUtilService - fetching result from response.responseText
My configuration in connection JSON:
"tokenResponsePath": "access_token"
Complete logs:
2020-06-15 10:37:48,422 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService - pullObjectsByRest - responseStatusCode ::403 2020-06-15 10:37:48,422 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService - Exception in pullObjectsByRest : java.lang.Exception: 403 at com.saviynt.provisoning.rest.RestProvisioningService.pullObjectsByRest(RestProvisioningService.groovy:3725) at com.saviynt.provisoning.rest.RestProvisioningService.processAccountsByPagination(RestProvisioningService.groovy:3483) at com.saviynt.provisoning.rest.RestProvisioningService.processAccounts(RestProvisioningService.groovy:3427) at com.saviynt.provisoning.rest.RestProvisioningService$_processAccountsFinal_closure8.doCall(RestProvisioningService.groovy:1454) at com.saviynt.provisoning.rest.RestProvisioningService.processAccountsFinal(RestProvisioningService.groovy:1450) at com.saviynt.provisoning.rest.RestProvisioningService.processAccountsFullBySequentialAndIterative(RestProvisioningService.groovy:1413) at com.saviynt.provisoning.rest.RestProvisioningService.importAccountsFull(RestProvisioningService.groovy:1252) at com.saviynt.provisoning.rest.RestProvisioningService.doImport(RestProvisioningService.groovy:109) at com.saviynt.ecm.integration.ExternalConnectionCallService.invokeExternalMethod(ExternalConnectionCallService.groovy:168) at SapImportJob.execute(SapImportJob.groovy:93) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546) 2020-06-15 10:37:48,423 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService - Inside token Expiry Exception block. connectionParamMap.refreshTryCount : 0 2020-06-15 10:37:48,423 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService - Incrementing connectionParamMap.refreshTryCount : 1 2020-06-15 10:37:48,423 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService - maxRefreshTryCount : 1 2020-06-15 10:37:48,423 [quartzScheduler_Worker-9] DEBUG rest.RestUtilService - Calling https://***/oauth2/token 2020-06-15 10:37:48,423 [quartzScheduler_Worker-9] DEBUG services.HttpClientUtilityService - getHttpClient - sslParams : null 2020-06-15 10:37:48,423 [quartzScheduler_Worker-9] DEBUG services.HttpClientUtilityService - getHttpClient - proxyParams : null 2020-06-15 10:37:48,423 [quartzScheduler_Worker-9] DEBUG services.HttpClientUtilityService - getHttpClient - sslSocketFactory : null 2020-06-15 10:37:48,424 [quartzScheduler_Worker-9] DEBUG services.HttpClientUtilityService - getHttpClient - HttpClientBuilder.create().build() called. 2020-06-15 10:37:48,461 [quartzScheduler_Worker-9] DEBUG rest.RestUtilService - fetching result from response.responseText 2020-06-15 10:37:48,472 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService - access token populated for oauth authentication.. 2020-06-15 10:37:48,487 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService - connectionParamMap.refreshTryCount = 1 2020-06-15 10:37:48,493 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService - Inside pullObjectsByRest 2020-06-15 10:37:48,494 [quartzScheduler_Worker-9] DEBUG services.HttpClientUtilityService - getHttpClient - sslParams : null 2020-06-15 10:37:48,494 [quartzScheduler_Worker-9] DEBUG services.HttpClientUtilityService - getHttpClient - proxyParams : null 2020-06-15 10:37:48,494 [quartzScheduler_Worker-9] DEBUG services.HttpClientUtilityService - getHttpClient - sslSocketFactory : null 2020-06-15 10:37:48,495 [quartzScheduler_Worker-9] DEBUG services.HttpClientUtilityService - getHttpClient - HttpClientBuilder.create().build() called. 2020-06-15 10:37:48,644 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService - pullObjectsByRest - responseStatusCode ::403 2020-06-15 10:37:48,644 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService - Exception in pullObjectsByRest : java.lang.Exception: 403
.
04/12/2022 01:59 PM
I'm not sure it is supported to use password as grant_type to fetch new access toke, but if you have verified that the token URL is accessed, then it might be a bug.
Using the "refresh_token" grant type getting the new access_token works, maybe the connector does not support refreshing the access token using password grant type?
04/12/2022 01:59 PM
Thanks Mikko,
This was fixed by setting http content type to application/x-www-form-urlencoded