We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Access Token Refresh Failure Issue - CyberArk(Target)

vmudagal1
New Contributor III
New Contributor III

Hi Team, 

Integrating CyberArk Application as target system with Saviynt.  Initially with less data we didnt face issue with with job failure. Since moving to next environment we are facing issue with getting the AccessToken Refreshed successfull. 

Connector type: REST 

Please find the connectionJSON and ImportActEntJSON below used below:

{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"httpHeaders": {
"Accept": "application/xml",
"contentType": "application/json"
},
"authError": ["ITATS366E","PASWS006E"],
"url": "https://url/PasswordVault/API/Auth/CyberArk/Logon ",
"httpMethod": "POST",
"httpContentType": "application/json",
"errorPath": "ErrorCode",
"maxRefreshTryCount": 80,
"tokenResponsePath": "string.content",
"authHeaderName": "Authorization",
"accessToken": "Basic ZZZZZZ",
"httpParams": "{\"username\":\"XXXXX\",\"password\":\"YYYYYY\"}",
"retryFailureStatusCode": [
401,
403
]
}
}
}

We can get the AccessToken refresh happening without any issue in Postman.

We are facing issue with Access Import Job failing always with error as 
"NullResponseFromTarget"
"Connection has been closed". 
The job is taking very long time to complete the import approx. 7 hours to do Access Import and with the status as failure. 
Job Name: WW_CyberArk_Access_Reconciliation 
Job Start Time: 10-Nov-2023 16:06:25 
Job End Time: 10-Nov-2023 23:06:33 
Total Time Taken: 7hours

Please find the logs attached for your refrences.

Please provide your input to overcome this issue access token refresh issue. 

 

Thank you, 

Vidya D Mudagal

[This message has been edited by moderator to mask url]

4 REPLIES 4

SB
Saviynt Employee
Saviynt Employee

Do you run a separate call to generate refresh token or is it the same call auth call. You can refer to below REST Documentation on different ways to refresh the token and create your Connection JSON accordingly. Search for (OAuth2:) available under Authentication Types section.

https://docs.saviyntcloud.com/bundle/REST-v23x/page/Content/Developers-Handbook.htm


Regards,
Sahil

vmudagal1
New Contributor III
New Contributor III

Hi @SB  

We don't have any separate call to generate a refresh token and the connection JSON is followed as the documentation provided.

https://docs.saviyntcloud.com/bundle/CyberArk-REST-v23x/page/Content/Introduction.htm

the above JSON is the only code used in connection. Please find the postman response:

vmudagal1_0-1700465351426.png

Please provide your valuable input

 

Thank you, 

Vidya D Mudagal

 

 

Hello @vmudagal1 

Import Account and Access job is failing with error 'Failed to import one or more object types.' When we checked the logs it was failing to get the token intermittently with error message '{"ErrorCode":"PASWS006E","ErrorMessage":"The session token is missing, invalid or expired."}

As we discussed, the issue lies in a load balancer. The issue is resolved when we directly hit PVWA server URL. 

{

"authentications": {

"acctAuth": {

"authType": "oauth2",

"httpHeaders": {

"Accept": "application/xml",

"contentType": "application/json"

},

"authError": ["ITATS366E","PASWS006E"],

"url": "https://<<PVWAserverURL>>/PasswordVault/API/Auth/CyberArk/Logon",

"httpMethod": "POST",

"httpContentType": "application/json",

"errorPath": "ErrorCode",

"maxRefreshTryCount": 5,

"tokenResponsePath": "string.content",

"authHeaderName": "Authorization",

"accessToken": "Basic XXX",

"httpParams": "{\"username\":\"XXX\",\"password\":\"XXX\", \"concurrentSession\":\"True\"}",

"retryFailureStatusCode": [

401,

403

]
}
}
}

SB
Saviynt Employee
Saviynt Employee

Can you share the import JSON you are using. 

Also, the value for maxRefreshTryCount should not be more than 5.


Regards,
Sahil