Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Azure AD Connector (classic) failing

Go to solution
BarCar
Regular Contributor
Regular Contributor

‎06/13/2023 04:51 AM - last edited on ‎06/13/2023 07:21 AM by Community Manager

I'm trying to set up the classic connector for Azure AD and have followed the documentation to the best of my ability.

When I click "Save and Test Connection" I get the generic "Error while Test Connection: Connection Failed".

I have tried the following:

  1. validated that the credentials I am using are working (via Postman),
  2. validated that the ACCOUNT_IMPORT_FIELDS is ok (also via Postman).
  3. validated that the ACCOUNT_ATTRIBUTES property is valid JSON
  4. updated the STATUS_THRESHOLD_CONFIG to make the documentation
  5. enabled showlogs in the ConfigJSON
  6. searched the logs and not found anything of note
  7. contacted support who also tested and did not find anything of note

"Support" suggested that I post here since this is setting up a new connector. Can anybody help me get this working?

Do I need to provide a certificate for this connection? I didn't see that mentioned in the documentation at Configuring the Integration for Account and Group Import (saviyntcloud.com)

Thanks.

2 people had this problem.
Labels:
0 Kudos
17 REPLIES 17

Go to solution
khalidakhter
Saviynt Employee
Saviynt Employee

‎06/13/2023 11:18 PM

Hi @BarCar 

Please share the debug log for Save & Test action to see if I can get any pointers about the issue.

0 Kudos

Go to solution
BarCar
Regular Contributor
Regular Contributor

‎06/14/2023 02:26 AM

So, I solved this with the help of our Professional Services team. Support were really no help.

The documentation at Configuring the Integration for Account and Group Import (saviyntcloud.com) is pretty misleading.

It provides default values for the Authentication, Graph and Azure Endpoints. If you specify these in your connector it fails with an HTTP 400 error.

Professional Services advised me to clear these values and re-test. Bingo - it connected immediately.

I have no idea why specifying the recommended values failed and why the error message was worse than useless but it's working now. Maybe this will help somebody else in future.

Go to solution
khalidakhter
Saviynt Employee
Saviynt Employee
In response to BarCar

‎06/14/2023 03:16 AM

@BarCar 

Can you please share the Endpoint URL configured earlier in the Azure AD connection?

0 Kudos

Go to solution
BarCar
Regular Contributor
Regular Contributor
In response to khalidakhter

‎06/14/2023 04:47 AM

Per the documentation link above, the endpoint URLs that I used were:

Note that the Azure endpoint is listed in the documentation as HTTP, not HTTPS - I assume this is a documentation error - so I tried HTTPS - it failed with both.

0 Kudos

Go to solution
khalidakhter
Saviynt Employee
Saviynt Employee

‎06/14/2023 08:28 AM

Hi @BarCar 

Seems like a documentation error clearly. It must work with below endpoint URLs:

0 Kudos

Go to solution
BarCar
Regular Contributor
Regular Contributor

‎06/14/2023 10:35 AM

Yes, It should. But it didn't. Only specifying null values allowed it to connect.

0 Kudos

Go to solution
SB
Saviynt Employee
Saviynt Employee
In response to BarCar

‎06/15/2023 08:19 AM

@BarCar  There is an extra forward slash (/) at the end of the url's which should not be there. We are working on getting this updated in the Doc as well.


Regards,
Sahil
0 Kudos

Go to solution
shibinvpkvr
Regular Contributor II
Regular Contributor II

‎06/14/2023 12:42 PM

@BarCar This is helpful as I had the same problem today and after clearing out those URLs it started working. 

Go to solution
sampath18
Regular Contributor II
Regular Contributor II

‎06/16/2023 06:45 AM

Hi Guys, 

can anyone share working connection json for Azure AD connection. we are following the document and getting http status code as 400 error. But in postman we are able to connect successfully. below is the connection we are using. so please correct me where i am doing wrong

{
"authentications": {
"userAuth": {
"authType": "oauth2",
"url": "https://login.chinacloudapi.cn/********/oauth2/token",
"httpMethod": "POST",
"httpParams": {
"grant_type": "client_credentials",
"client_id": "********"
"client_secret": "******"
},
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded"
},
"httpContentType": "application/x-www-form-urlencoded",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken"
],
"retryFailureStatusCode": [
401
],
"timeOutError": "Read timed out",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer abcd "
}
}
}

0 Kudos

Go to solution
naveenss
All-Star
All-Star
In response to sampath18

‎06/16/2023 06:51 AM

Please try the below JSON

{
    "authentications": {
        "userAuth": {
            "authType": "oauth2",
            "url": "https://login.microsoftonline.com/<tenant_id>/oauth2/token",
            "httpMethod": "POST",
            "httpParams": {
                "grant_type": "client_credentials",
                "client_id": "<client_id>",
                "client_secret": "<client_secret>",
                "resource": "https://graph.microsoft.com/"
            },
            "httpHeaders": {
                "Content-Type": "application/x-www-form-urlencoded"
            },
            "httpContentType": "application/x-www-form-urlencoded",
            "authError": [
                "Unable to authenticate the client",
                "Invalid OAuth token Bearer"
            ],
            "retryFailureStatusCode": [
                401,
                403
            ],
            "errorPath": "",
            "maxRefreshTryCount": 5,
            "tokenResponsePath": "access_token",
            "refreshType": "RefreshToken",
            "tokenType": "Bearer",
            "accessToken": "Bearer abcd"
        }
    }
}

. Please replace <tenant_id>, <client_id> and <client_secret> as per your instance. 

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.
0 Kudos

Go to solution
sampath18
Regular Contributor II
Regular Contributor II
In response to naveenss

‎06/16/2023 06:57 AM

Hi @naveenss Thanks for quick response.

 I believe above connection json is working in your environment. Because it looks same as saviynt documentation https://docs.saviyntcloud.com/bundle/AzureAD-v23x/page/Content/Configuring-the-Integration-for-Provi...

I tried with above json and it is still failing.

 

Thanks,
Sampath

0 Kudos

Go to solution
naveenss
All-Star
All-Star
In response to sampath18

‎06/16/2023 07:02 AM

do you see any error in logs? if yes, can you pls share it here?

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.
0 Kudos

Go to solution
sampath18
Regular Contributor II
Regular Contributor II

‎06/16/2023 07:20 AM

Hi @naveenss i have attached the logs for reference. However, below is one error code i could find in logs.

Also, i have question that whether we should use REST connection or Azure AD connection type while with azure provisioning operations. document says user REST connection. but i was using AzureAD connection type. is that not supported?

azure.AzureProvisioningService - microSoft token API statusCode: 400\n","stream":"stdout","time":"2023-06-16T14:06:26.238223543Z"}"

Thanks
Sampath

Preview file
96 KB
0 Kudos

Go to solution
naveenss
All-Star
All-Star
In response to sampath18

‎06/16/2023 09:23 AM

Hi @sampath18 ,

If it's for provisioning use REST. For imports use standard AzureAD connector.

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.
0 Kudos

Go to solution
sampath18
Regular Contributor II
Regular Contributor II

‎06/21/2023 03:30 AM

Hi @naveenss  we are able to connect azure AD tenant using rest connector. But as per document if we want to import accounts we need to use azure AD connection type. When we are trying to connect with Azure AD connection type then we are getting connection failed message.  Do we need to provide connection json for azureAD type connector as well.? I tried using connection json which is working in REST based connector but still the connection is failing.

Thanks,
Sampath

 

 

0 Kudos

Go to solution
naveenss
All-Star
All-Star
In response to sampath18

‎06/21/2023 03:38 AM

Hi @sampath18 ,

For AzureAD connection Type connection JSON is not required. You just need to provide client_id, client_secret, AAD_TENANT_ID. 

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Go to solution
sampath18
Regular Contributor II
Regular Contributor II

‎06/21/2023 03:52 AM

Hi @naveenss  Thank you so much for confirming that. I was able to fix issue after providing valid endpoint url for my use case.

I have provided above details along with following azure endpoint urls. Here we are connecting to azure china tenant

AUTHENTICATION_ENDPOINT: https://login.chinacloudapi.cn

MICROSOFT_GRAPH_ENDPOINT: https://microsoftgraph.chinacloudapi.cn

AZURE_MANAGEMENT_ENDPOINT: https://management.chinacloudapi.cn

Thanks
Sampath

0 Kudos
Copyright © 2024 Khoros, LLC