Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Adding user to app role is getting rejected though in postman it is successful

Harsha
Regular Contributor II
Regular Contributor II

Hi Team,

We are trying to add application role to user via postman it says success. But in the ARS we can see request is rejected on the UI. And in the view details it says auto approved but it doesnt add the user to role.Please refer the below screenshot:

Harsha_0-1709017992037.pngHarsha_1-1709018076583.png

Harsha_2-1709018354688.png

 

Thank you,

Harsha

13 REPLIES 13

pmahalle
All-Star
All-Star

Hi @Harsha ,

Can you try payload like below:

{
"accesstype":"ROLES",
"username":"dbailey",
"roletype":"ENTERPRISE",
"requesttype":1,
"roles":[
{
"rolename" : "Network Administrator",
"startdate" : "10-11-2018",
"enddate" : "10-18-2018",
"businessJustification" : "test justification"
} ],
"requestcomments":"commemnt",
"requestor":"ahinton"
}

Refer: https://documenter.getpostman.com/view/1797923/RWaLwo21#0ff342ce-8422-4aab-b37f-dbab940f3221


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂

Harsha
Regular Contributor II
Regular Contributor II

Hi @pmahalle ,

Thank you for replying tried that payload too it didnt work same issue.

@CR you mean WF attached to Security system.Please find that below. Other than that we dont have any other WF attached for roles specifically.

Harsha_0-1709024039693.png

Thank you,

Harsha

Hi @Harsha  do you see any error in the logs? Can you please share the log snippet for this?

 

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Harsha
Regular Contributor II
Regular Contributor II

Hi @naveenss ,

I dont see any errors as such regarding this.

Thanks,

Harsha

Share results of below query

select * from request_Access where requestkey=1017


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Harsha
Regular Contributor II
Regular Contributor II

Hi @rushikeshvartak 

Thank you for response. Please find the attached screenshot:

Harsha_0-1709100333876.png

In the above request status says 3 means its auto approved but we dont see the user added to role. Please help us what could be the reason for this.

I found the error in logs as below:

Exception in clearCachedV6Requestmap: org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'com.saviynt.saml.SpringSamlUserDetailsService@4df50a30' with class 'com.saviynt.saml.SpringSamlUserDetailsService' to class 'com.saviynt.gorm.security.GormUserDetailsService'

Thank you,

Harsha

Validate 

  • Does role have entitlements ?
  • Does entitlement part of role - user already assigned to ?
  • check database table entry in role_user_Accounts 

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Harsha
Regular Contributor II
Regular Contributor II

Hi @rushikeshvartak,

  • Does role have entitlements ? Yes
  • Does entitlement part of role - user already assigned to ? No its new role and new entitlement we are testing for. So currently  user is not role or entitlement
  • check database table entry in role_user_Accounts  Checked no the accounts we are trying do not have role yet

Harsha
Regular Contributor II
Regular Contributor II

Hi @rushikeshvartak ,

What we found is, only for particular accounttype it is adding user to role. But for other accounttype it just outright rejecting. what could be the reason if this? Do you have any clue which is causing this.

Thanks,

Harsha 

Are you trying to add servuce account ?

service account cant be added to app roles


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Harsha
Regular Contributor II
Regular Contributor II

Hi @rushikeshvartak , thank you for the help. No we were not adding role for service account.

Found the issue in the endpoints primary accounttype was set to particular accounttypes which went unnoticed by us. So it was outright rejecting rest of the accounttypes.

Thank you,

Harsha

As for workflow based on task request going , but tasktype included 2 and 7  , add access task type  wont be process it going , need to include in workflow

can you try exiting account remove access flow and confirm it work i believe


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

Raghu
All-Star
All-Star

can you share workflow ?


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.