Saviynt Forums

vmudagal1 · ‎11/16/2023

Hi Team,

Integrating CyberArk Application as target system with Saviynt. Initially with less data we didnt face issue with with job failure. Since moving to next environment we are facing issue with getting the AccessToken Refreshed successfull.

Connector type: REST

Please find the connectionJSON and ImportActEntJSON below used below:

{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"httpHeaders": {
"Accept": "application/xml",
"contentType": "application/json"
},
"authError": ["ITATS366E","PASWS006E"],
"url": "https://url/PasswordVault/API/Auth/CyberArk/Logon ",
"httpMethod": "POST",
"httpContentType": "application/json",
"errorPath": "ErrorCode",
"maxRefreshTryCount": 80,
"tokenResponsePath": "string.content",
"authHeaderName": "Authorization",
"accessToken": "Basic ZZZZZZ",
"httpParams": "{\"username\":\"XXXXX\",\"password\":\"YYYYYY\"}",
"retryFailureStatusCode": [
401,
403
]
}
}
}

We can get the AccessToken refresh happening without any issue in Postman.

We are facing issue with Access Import Job failing always with error as

"NullResponseFromTarget"

"Connection has been closed".

The job is taking very long time to complete the import approx. 7 hours to do Access Import and with the status as failure.

Job Name: WW_CyberArk_Access_Reconciliation

Job Start Time: 10-Nov-2023 16:06:25

Job End Time: 10-Nov-2023 23:06:33

Total Time Taken: 7hours

Please find the logs attached for your refrences.

Please provide your input to overcome this issue access token refresh issue.

Thank you,

Vidya D Mudagal

[This message has been edited by moderator to mask url]

SB · ‎11/17/2023

Do you run a separate call to generate refresh token or is it the same call auth call. You can refer to below REST Documentation on different ways to refresh the token and create your Connection JSON accordingly. Search for (OAuth2:) available under Authentication Types section.

https://docs.saviyntcloud.com/bundle/REST-v23x/page/Content/Developers-Handbook.htm

Regards,
Sahil

vmudagal1 · ‎11/19/2023

Hi @SB

We don't have any separate call to generate a refresh token and the connection JSON is followed as the documentation provided.

https://docs.saviyntcloud.com/bundle/CyberArk-REST-v23x/page/Content/Introduction.htm

the above JSON is the only code used in connection. Please find the postman response:

Please provide your valuable input

Thank you,

Vidya D Mudagal

Sampritha_r · ‎11/24/2023

Hello @vmudagal1

Import Account and Access job is failing with error 'Failed to import one or more object types.' When we checked the logs it was failing to get the token intermittently with error message '{"ErrorCode":"PASWS006E","ErrorMessage":"The session token is missing, invalid or expired."}

As we discussed, the issue lies in a load balancer. The issue is resolved when we directly hit PVWA server URL.

{

"authentications": {

"acctAuth": {

"authType": "oauth2",

"httpHeaders": {

"Accept": "application/xml",

"contentType": "application/json"

},

"authError": ["ITATS366E","PASWS006E"],

"url": "https://<<PVWAserverURL>>/PasswordVault/API/Auth/CyberArk/Logon",

"httpMethod": "POST",

"httpContentType": "application/json",

"errorPath": "ErrorCode",

"maxRefreshTryCount": 5,

"tokenResponsePath": "string.content",

"authHeaderName": "Authorization",

"accessToken": "Basic XXX",

"httpParams": "{\"username\":\"XXX\",\"password\":\"XXX\", \"concurrentSession\":\"True\"}",

"retryFailureStatusCode": [

401,

403

]
}
}
}

SB · ‎11/20/2023

Can you share the import JSON you are using.

Also, the value for maxRefreshTryCount should not be more than 5.

Regards,
Sahil

Saviynt Forums

Access Token Refresh Failure Issue - CyberArk(Target)