This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Azure AD / Entra ID - REST Connector - New Account not created in Application

Go to solution
Murmur
New Contributor III
New Contributor III

‎09/25/2023 07:47 AM - edited ‎09/26/2023 02:02 AM

Hi everyone, 

We currently see a weird behaviour, when we try to provision / create a new account in Entra ID. 

When I try to provision a new account for a User, the Account is created in Saviynt, but not in Entra ID. 

I don't really get valuable insights from the logs. 

Settings: 

- The Security System was set up via the "Design" tab
- I have two Connectors running (Import - which works fine, Provisioning (REST) - which fails). 

The Provisioning Connection details looked like this (IDs redacted and secrets removed) - Update below: 

 
Spoiler
{
   "authentications": {
      "AzureADProvisioning": {
         "authType": "oauth2",
         "httpMethod": "POST",
         "httpParams": {
            "grant_type": "client_credentials",
            "client_secret": "",
            "client_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
            "resource": "https://graph.microsoft.com/"
         },
         "httpHeaders": {
            "contentType": "application/x-www-form-urlencoded"
         },
         "httpContentType": "application/x-www-form-urlencoded",
         "expiryError": "ExpiredAuthenticationToken",
         "timeOutError": "Read timed out",
         "errorPath": "odata~dot#error.code",
         "maxRefreshTryCount": 3,
         "tokenResponsePath": "access_token",
         "tokenType": "Bearer",
         "accessToken": "",
         "authError": [
            "InvalidAuthenticationToken",
            "Authentication_MissingOrMalformed"
         ],
         "retryFailureStatusCode": [
            401
         ]
      }
   }
}
 
 
The CreateAccountJSON looks like this: 
Spoiler
{"accountIdPath":"call1.message.id","dateFormat":"yyyy-MM-dd'T'HH:mm:ssXXX","responseColsToPropsMap":{"displayName":"call1.message.displayName~#~char","name":"call1.message.userPrincipalName~#~char"},"call":[{"name":"call1","connection":"AzureADProvisioning","url":"https://graph.microsoft.com/v1.0/users","httpMethod":"POST","httpParams":"{\"accountEnabled\":true,\"displayName\":\"${user.firstname}\",\"mailNickname\":\"${user.firstname}\",\"userPrincipalName\":\"${user.username}_savi@mylab.de\",\"passwordProfile\":{\"forceChangePasswordNextSignIn\":true,\"password\":\"${password}\"}}","httpHeaders":{"Authorization":"${access_token}"},"httpContentType":"application/json","successResponses":{"statusCode":[200,201,204,205]}}]}
 
Do you have any idea where I've been wrong? 
Would be grateful for all hints that help me to debug this.
 

UPDATE:

I just changed the Connector Type (which was created automatically) to Azure AD Provisioning REST. 

The ConnectionJSON now looks like this (TenantID, ClientID and Secret redacted):

 
Spoiler
{
   "authentications": {
     "userAuth": {
       "authType": "oauth2",
       "httpMethod": "POST",
       "httpParams": {
         "grant_type": "client_credentials",
         "client_secret": "@CLIENT_SECRET@",
         "client_id": "@CLIENT_ID@",
         "resource": "https://graph.microsoft.com/"
       },
       "httpHeaders": {
         "contentType": "application/x-www-form-urlencoded"
       },
       "httpContentType": "application/x-www-form-urlencoded",
       "expiryError": "ExpiredAuthenticationToken",
      "authError": ["InvalidAuthenticationToken"],
       "timeOutError": "Read timed out",
       "errorPath": "error.code",
       "maxRefreshTryCount": 5,
       "tokenResponsePath": "access_token",
       "tokenType": "Bearer",
       "accessToken": "Bearer abc"
     },
     "entAuth": {
       "authType": "oauth2",
       "httpMethod": "POST",
       "httpParams": {
         "grant_type": "client_credentials",
         "client_secret": "@CLIENT_SECRET@",
         "client_id": "@CLIENT_ID@",
         "resource": "https://graph.windows.net/"
       },
       "httpHeaders": {
         "contentType": "application/x-www-form-urlencoded"
       },
       "httpContentType": "application/x-www-form-urlencoded",
       "expiryError": "ExpiredAuthenticationToken",
       "authError": ["InvalidAuthenticationToken","Authentication_MissingOrMalformed"],
       "timeOutError": "Read timed out",
      "errorPath": "odata~dot#error.code",
      "maxRefreshTryCount": 3,
       "tokenResponsePath": "access_token",
       "tokenType": "Bearer",
      "accessToken": "Bearer abcde"
     }
   }
 }
 

When I now try to test my connection, I receive the following error message (Log attached): 

Spoiler
"ecm","2023-09-26T07:21:51.486+00:00","2023-09-26T07:21:51.121552775Z stdout F 2023-09-26 07:21:51,121 [http-nio-8080-exec-20] ERROR rest.RestProvisioningService - Error While Saving the connection: JSON syntax exception found in the following connection parameters - CLIENT_SECRET , AUTHENTICATION_ENDPOINT , MICROSOFT_GRAPH_ENDPOINT , CREATEUSERS , CLIENT_ID , AZURE_MGMT_ACCESS_TOKEN , CREATE_NEW_ENDPOINTS , AAD_TENANT_ID , ACCOUNT_IMPORT_FIELDS , AZURE_MANAGEMENT_ENDPOINT , ACCESS_TOKEN "
"ecm","2023-09-26T07:21:51.486+00:00","2023-09-26T07:21:51.121847577Z stdout F 2023-09-26 07:21:51,121 [http-nio-8080-exec-20] ERROR ws.Restfulv5Controller - Connection Failed when calling testExternalConnection "
"ecm","2023-09-26T07:21:51.486+00:00","2023-09-26T07:21:51.121861477Z stdout F java.lang.Exception: JSON syntax exception found in the following connection parameters - CLIENT_SECRET , AUTHENTICATION_ENDPOINT , MICROSOFT_GRAPH_ENDPOINT , CREATEUSERS , CLIENT_ID , AZURE_MGMT_ACCESS_TOKEN , CREATE_NEW_ENDPOINTS , AAD_TENANT_ID , ACCOUNT_IMPORT_FIELDS , AZURE_MANAGEMENT_ENDPOINT , ACCESS_TOKEN "
"ecm","2023-09-26T07:21:51.486+00:00","2023-09-26T07:21:51.121868577Z stdout F at com.saviynt.provisoning.rest.RestProvisioningService.testConnectionRest(RestProvisioningService.groovy:10809)"
"ecm","2023-09-26T07:21:51.486+00:00","2023-09-26T07:21:51.121874277Z stdout F at com.saviynt.ecm.integration.ExternalConnectionCallService.testExternalConnection(ExternalConnectionCallService.groovy:602)"
"ecm","2023-09-26T07:21:51.486+00:00","2023-09-26T07:21:51.121879377Z stdout F at com.saviynt.ecm.ws.Restfulv5Controller$_closure57.doCall(Restfulv5Controller.groovy:6449)"
"ecm","2023-09-26T07:21:51.486+00:00","2023-09-26T07:21:51.121884377Z stdout F at grails.plugin.springsecurity.rest.RestTokenValidationFilter.processFilterChain(RestTokenValidationFilter.groovy:118)"
"ecm","2023-09-26T07:21:51.486+00:00","2023-09-26T07:21:51.121889277Z stdout F at grails.plugin.springsecurity.rest.RestTokenValidationFilter.doFilter(RestTokenValidationFilter.groovy:84)"
"ecm","2023-09-26T07:21:51.486+00:00","2023-09-26T07:21:51.121891777Z stdout F at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)"
"ecm","2023-09-26T07:21:51.486+00:00","2023-09-26T07:21:51.121902177Z stdout F at com.saviynt.webservice.SaviyntRestAuthenticationFilter.doFilter(SaviyntRestAuthenticationFilter.groovy:155)"
"ecm","2023-09-26T07:21:51.486+00:00","2023-09-26T07:21:51.121904577Z stdout F at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62)"
"ecm","2023-09-26T07:21:51.486+00:00","2023-09-26T07:21:51.121907677Z stdout F at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.java:59)"
"ecm","2023-09-26T07:21:51.486+00:00","2023-09-26T07:21:51.121909977Z stdout F at com.mrhaki.grails.plugin.xframeoptions.web.XFrameOptionsFilter.doFilterInternal(XFrameOptionsFilter.java:69)"
"ecm","2023-09-26T07:21:51.486+00:00","2023-09-26T07:21:51.121912377Z stdout F at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82)"
"ecm","2023-09-26T07:21:51.486+00:00","2023-09-26T07:21:51.121914877Z stdout F at java.lang.Thread.run(Thread.java:750)"

Do you have any clue about this? 

[This message has been edited by moderator to merge reply comment]

Labels:
Preview file
27 KB
0 Kudos
2 REPLIES 2

Go to solution
SB
Saviynt Employee
Saviynt Employee

‎09/26/2023 09:18 AM

The 2nd set of logs show a JSON syntax exception and this could have happened when you changed the Connection Type. Can you change the type back to REST, use the 2nd JSON and then try. 

In case the provisioning is failing, update ConfigJSON param in the REST connection with value {"showLogs":true}.
This will enable additional logging and may help to identify the cause.


Regards,
Sahil

Go to solution
Murmur
New Contributor III
New Contributor III
In response to SB

‎09/27/2023 07:31 AM

Hi Sahil, 

Thank you for looking into that!

The issue arose due to the fact, that the Connector Type from the EXTERNALCONNECTION changed from AzureAD to REST (without changing that manually, I'm still unsure why this happens, but its reproducible). 

I'll close this thread now, as the title and post does not fit the issue anymore. 

0 Kudos
Copyright © 2023 Khoros, LLC