Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

REST Connector - How to renew Bearer access token in ConnectionJSON

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on June 12 2020 at 15:06 UTC

I'm unable to retrieve token in SSM. It looks the URL configured in the ConnectionJSON is not even invoked.


Apart from this, there is no other issue with the configuration as when I provide the access token manually, accounts are being imported successfully.

"accessToken": "Bearer the_actual_token_provided_manually"


Note - I have tested the API independently via SOAPUI REST Client and it works fine.


Please let me know how to get the token from the API automatically, below is my configuration:


ConnectionJSON:


{ "authentications":    {     "acctAuth":      {       "authType": "oauth2",       "url": "https://***/oauth2/token",       "httpMethod": "POST",       "httpHeaders": {"Accept": "application/x-www-form-urlencoded"},   "httpContentType": "application/json",       "httpParams": { "grant_type": "password", "username": "***",         "password": "***" },       "expiryError": "ExpiredAuthenticationToken",       "authError": ["Login failed."],       "timeOutError": "Read timed out",       "errorPath": "error",       "maxRefreshTryCount": 5,   "tokenResponsePath": "access_token",       "tokenType": "Bearer",       "accessToken": "Bearer abcd"     }   } }

ImportAccountEntJSON.json:


{   "accountParams": {     "connection": "acctAuth",     "processingType": "SequentialAndIterative",     "statusAndThresholdConfig": {       "accountsNotInImportAction": "Inactive",       "accountThresholdValue": 1     },     "call": {       "call1": {         "callOrder": 0,         "stageNumber": 0,         "http": {           "url": "https://***/api/v1/users",           "httpContentType": "application/json",   "httpHeaders": {             "Authorization": "${access_token}"           },           "httpMethod": "GET"         },         "listField": "",         "keyField": "accountID",         "colsToPropsMap": {           "accountID": "id~#~char",           "name": "userName~#~char"         }       }     }   } }

SOAPUI - Authentication API to get token:



image


Raw request to get the token:


image



API to get the user details:


image


Raw request to get the user details:


image





This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
3 REPLIES 3

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on June 15 2020 at 10:50 UTC

By adding "retryFailureStatusCode": [403] in the connection JSON, it does invoke the token service, but still the accounts import doesn't work.

Looks like there is some issue with the response payload field in the REST connector.


As per logs:

DEBUG rest.RestUtilService - fetching result from response.responseText


My configuration in connection JSON:

"tokenResponsePath": "access_token"


Complete logs:


2020-06-15 10:37:48,422 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService  - pullObjectsByRest - responseStatusCode ::403 2020-06-15 10:37:48,422 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService  - Exception in pullObjectsByRest : java.lang.Exception: 403 at com.saviynt.provisoning.rest.RestProvisioningService.pullObjectsByRest(RestProvisioningService.groovy:3725) at com.saviynt.provisoning.rest.RestProvisioningService.processAccountsByPagination(RestProvisioningService.groovy:3483) at com.saviynt.provisoning.rest.RestProvisioningService.processAccounts(RestProvisioningService.groovy:3427) at com.saviynt.provisoning.rest.RestProvisioningService$_processAccountsFinal_closure8.doCall(RestProvisioningService.groovy:1454) at com.saviynt.provisoning.rest.RestProvisioningService.processAccountsFinal(RestProvisioningService.groovy:1450) at com.saviynt.provisoning.rest.RestProvisioningService.processAccountsFullBySequentialAndIterative(RestProvisioningService.groovy:1413) at com.saviynt.provisoning.rest.RestProvisioningService.importAccountsFull(RestProvisioningService.groovy:1252) at com.saviynt.provisoning.rest.RestProvisioningService.doImport(RestProvisioningService.groovy:109) at com.saviynt.ecm.integration.ExternalConnectionCallService.invokeExternalMethod(ExternalConnectionCallService.groovy:168) at SapImportJob.execute(SapImportJob.groovy:93) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546) 2020-06-15 10:37:48,423 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService  - Inside token Expiry Exception block. connectionParamMap.refreshTryCount : 0 2020-06-15 10:37:48,423 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService  - Incrementing connectionParamMap.refreshTryCount : 1 2020-06-15 10:37:48,423 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService  - maxRefreshTryCount : 1 2020-06-15 10:37:48,423 [quartzScheduler_Worker-9] DEBUG rest.RestUtilService  - Calling https://***/oauth2/token 2020-06-15 10:37:48,423 [quartzScheduler_Worker-9] DEBUG services.HttpClientUtilityService  - getHttpClient - sslParams : null 2020-06-15 10:37:48,423 [quartzScheduler_Worker-9] DEBUG services.HttpClientUtilityService  - getHttpClient - proxyParams : null 2020-06-15 10:37:48,423 [quartzScheduler_Worker-9] DEBUG services.HttpClientUtilityService  - getHttpClient - sslSocketFactory : null 2020-06-15 10:37:48,424 [quartzScheduler_Worker-9] DEBUG services.HttpClientUtilityService  - getHttpClient - HttpClientBuilder.create().build() called. 2020-06-15 10:37:48,461 [quartzScheduler_Worker-9] DEBUG rest.RestUtilService  - fetching result from response.responseText 2020-06-15 10:37:48,472 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService  - access token populated for oauth authentication.. 2020-06-15 10:37:48,487 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService  - connectionParamMap.refreshTryCount = 1 2020-06-15 10:37:48,493 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService  - Inside pullObjectsByRest 2020-06-15 10:37:48,494 [quartzScheduler_Worker-9] DEBUG services.HttpClientUtilityService  - getHttpClient - sslParams : null 2020-06-15 10:37:48,494 [quartzScheduler_Worker-9] DEBUG services.HttpClientUtilityService  - getHttpClient - proxyParams : null 2020-06-15 10:37:48,494 [quartzScheduler_Worker-9] DEBUG services.HttpClientUtilityService  - getHttpClient - sslSocketFactory : null 2020-06-15 10:37:48,495 [quartzScheduler_Worker-9] DEBUG services.HttpClientUtilityService  - getHttpClient - HttpClientBuilder.create().build() called. 2020-06-15 10:37:48,644 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService  - pullObjectsByRest - responseStatusCode ::403 2020-06-15 10:37:48,644 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService  - Exception in pullObjectsByRest : java.lang.Exception: 403


.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on June 15 2020 at 12:26 UTC

I'm not sure it is supported to use password as grant_type to fetch new access toke, but if you have verified that the token URL is accessed, then it might be a bug.


Using the "refresh_token" grant type getting the new access_token works, maybe the connector does not support refreshing the access token using password grant type?

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on June 22 2020 at 15:40 UTC

Thanks Mikko,


This was fixed by setting http content type to application/x-www-form-urlencoded

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.