and more in a single search tool across platforms. Read the announcement here. |
05/20/2022 09:14 AM
Hello ,
We configured OOTB Azure AD Connection to perform reconciliation with required details like clientID , Client Secrete and tenant ID.
However connection is failing with below error :
azure.AzureProvisioningService - microSoft token API statusCode: 400
Looking for the advise for above error .
05/24/2022 02:05 AM
Hello,
Could you please provide full logs for the same? 400 would mean a bad request which does not really tell a lot.
05/24/2022 04:39 AM - last edited on 06/08/2022 08:24 AM by Miguel
Hi Sahai,
Giving below logs details.
DEBUG services.ImportUtilityService - Endpoint 'AzureADRecon' found for the Security System 'AzureADRecon' with Endpointkey: 8\n","stream":"stdout","time":"2022-05-20T10:51:18.811534248Z"}"
"ecm","2022-05-20T10:51:18.939+0000","{"log":"2022-05-20 10:51:18,815 [http-nio-8080-exec-10] DEBUG integration.ExternalConnectionCallService - in testExternalConnection for External Connection : AzureADRecon\n","stream":"stdout","time":"2022-05-20T10:51:18.815553177Z"}"
"ecm","2022-05-20T10:51:18.939+0000","{"log":"2022-05-20 10:51:18,824 [http-nio-8080-exec-10] DEBUG azure.AzureProvisioningService - validating microSoft API call\n","stream":"stdout","time":"2022-05-20T10:51:18.825064374Z"}"
"ecm","2022-05-20T10:51:18.939+0000","{"log":"2022-05-20 10:51:18,825 [http-nio-8080-exec-10] DEBUG services.HttpClientUtilityService - isFipsEnabled = false\n","stream":"stdout","time":"2022-05-20T10:51:18.825086243Z"}"
"ecm","2022-05-20T10:51:18.939+0000","{"log":"2022-05-20 10:51:18,825 [http-nio-8080-exec-10] DEBUG services.HttpClientUtilityService - getHttpClient - sslParams : null\n","stream":"stdout","time":"2022-05-20T10:51:18.825095416Z"}"
"ecm","2022-05-20T10:51:18.939+0000","{"log":"2022-05-20 10:51:18,825 [http-nio-8080-exec-10] DEBUG services.HttpClientUtilityService - getHttpClient - proxyParams : null\n","stream":"stdout","time":"2022-05-20T10:51:18.825122817Z"}"
"ecm","2022-05-20T10:51:18.939+0000","{"log":"2022-05-20 10:51:18,825 [http-nio-8080-exec-10] DEBUG services.HttpClientUtilityService - getHttpClient - sslSocketFactory : null\n","stream":"stdout","time":"2022-05-20T10:51:18.825137337Z"}"
"ecm","2022-05-20T10:51:18.939+0000","{"log":"2022-05-20 10:51:18,842 [http-nio-8080-exec-10] DEBUG services.HttpClientUtilityService - getHttpClient - HttpClientBuilder.create().build() called.\n","stream":"stdout","time":"2022-05-20T10:51:18.842921624Z"}"
"ingress-nginx","2022-05-20T10:51:18.521+0000","{"log":"168.149.166.16 - - [20/May/2022:10:51:17 +0000] \"GET /ECM/ecmConfig/checkConnectionName?connectionname=AzureADRecon\u0026connectionId=11\u0026_=1653043010408 HTTP/1.1\" 200 11 \"https://dgp-dev.saviyntcloud.com/\ " \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36\" 2325 0.025 [default-ecm-8080] [] 100.66.140.205:8080 11 0.024 200 97078ca5d11162822260a7c51490265a\n","stream":"stdout","time":"2022-05-20T10:51:17.59120444Z"}"
"gateway","2022-05-20T10:51:20.524+0000","{"log":"2022-05-20 10:51:20.136 INFO [TENANT_ID=DEFAULT] 7 --- [reactor-http-epoll-1] c.s.s.g.gateway.ReactiveTenantFilter : ReactiveTenantFilter tenantId : DEFAULT\n","stream":"stdout","time":"2022-05-20T10:51:20.13662658Z"}"
"ecm","2022-05-20T10:51:19.940+0000","{"log":"2022-05-20 10:51:19,123 [http-nio-8080-exec-10] DEBUG azure.AzureProvisioningService - microSoft token API statusCode: 400\n","stream":"stdout","time":"2022-05-20T10:51:19.123854067Z"}"
"ecm","2022-05-20T10:51:19.940+0000","{"log":"2022-05-20 10:51:19,126 [http-nio-8080-exec-10] DEBUG integration.ExternalConnectionCallService - EXIT invokeExternalMethod\n","stream":"stdout","time":"2022-05-20T10:51:19.126200281Z"}"
unable to attach complete log file here.
[This post has been edited by a moderator to remove personally identifiable information (Client Information) to abide by the Saviynt Community Terms of Use and Participation Guidelines.]
05/30/2022 11:50 PM - last edited on 06/08/2022 08:24 AM by Dave
Hi Sahaj,
Sharing log details.
DEBUG integration.ExternalConnectionCallService - in testExternalConnection for External Connection : AzureADRecon\n","stream":"stdout","time":"2022-05-20T07:00:05.358410034Z"}"
"ecm","2022-05-20T07:00:05.524+0000","{"log":"2022-05-20 07:00:05,362 [http-nio-8080-exec-16] DEBUG azure.AzureProvisioningService - validating microSoft API call\n","stream":"stdout","time":"2022-05-20T07:00:05.362459544Z"}"
"ingress-nginx","2022-05-20T07:00:04.521+0000","{"log":"168.149.166.67 - - [20/May/2022:07:00:03 +0000] \"GET /ECM/ecmConfig/getVaultConfigDefaultJSON?connectionId=9\u0026connectionName=AzureADRecon\u0026connectionKey=11\u0026path=\u0026_=1653029786335 HTTP/1.1\" 200 301 \"https://dgp-dev.saviyntcloud.com/\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36\" 2559 0.010 [default-ecm-8080] [] 100.66.140.66:8080 301 0.012 200 40a7fb65534cc8d5e75e10d1e31f7fbd\n","stream":"stdout","time":"2022-05-20T07:00:03.717703286Z"}"
"ingress-nginx","2022-05-20T07:00:04.521+0000","{"log":"168.149.166.67 - - [20/May/2022:07:00:04 +0000] \"GET /ECM/ecmConfig/checkConnectionName?connectionname=AzureADRecon\u0026connectionId=11\u0026_=1653029786336 HTTP/1.1\" 200 11 \"https://XXX.saviyntcloud.com/\ " \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36\" 2531 0.015 [default-ecm-8080] [] 100.66.140.66:8080 11 0.016 200 b24d8798590381d9bf812ea68c328b1c\n","stream":"stdout","time":"2022-05-20T07:00:04.249061489Z"}"
"ecm","2022-05-20T06:59:03.523+0000","{"log":"2022-05-20 06:59:02,641 [http-nio-8080-exec-21] DEBUG domain.EcmConfigController - Saving attribute::: AZURE_MGMT_ACCESS_TOKEN\n","stream":"stdout","time":"2022-05-20T06:59:02.641420627Z"}"
"ecm","2022-05-20T06:59:03.523+0000","{"log":"2022-05-20 06:59:02,642 [http-nio-8080-exec-21] DEBUG domain.EcmConfigController - Saving attribute::: AZURE_MGMT_ACCESS_TOKEN done \n","stream":"stdout","time":"2022-05-20T06:59:02.64224123Z"}"
"ecm","2022-05-20T06:59:03.523+0000","{"log":"2022-05-20 06:59:02,643 [http-nio-8080-exec-21] DEBUG domain.EcmConfigController - Saving attribute::: AZURE_MANAGEMENT_ENDPOINT\n","stream":"stdout","time":"2022-05-20T06:59:02.643970366Z"}"
"ecm","2022-05-20T06:59:03.523+0000","{"log":"2022-05-20 06:59:02,644 [http-nio-8080-exec-21] DEBUG domain.EcmConfigController - Saving attribute::: AZURE_MANAGEMENT_ENDPOINT done \n","stream":"stdout","time":"2022-05-20T06:59:02.645024575Z"}"
"ecm","2022-05-20T06:59:03.523+0000","{"log":"2022-05-20 06:59:03,170 [http-nio-8080-exec-3] DEBUG services.ImportUtilityService - Endpoint 'AzureADRecon' found for the Security System 'AzureADRecon' with Endpointkey: 8\n","stream":"stdout","time":"2022-05-20T06:59:03.171427558Z"}"
"ecm","2022-05-20T06:59:03.523+0000","{"log":"2022-05-20 06:59:03,174 [http-nio-8080-exec-3] DEBUG integration.ExternalConnectionCallService - in testExternalConnection for External Connection : AzureADRecon\n","stream":"stdout","time":"2022-05-20T06:59:03.174994362Z"}"
"ecm","2022-05-20T06:59:03.523+0000","{"log":"2022-05-20 06:59:03,179 [http-nio-8080-exec-3] DEBUG azure.AzureProvisioningService - validating microSoft API call\n","stream":"stdout","time":"2022-05-20T06:59:03.179795064Z"}"
"ecm","2022-05-20T06:59:03.523+0000","{"log":"2022-05-20 06:59:03,451 [http-nio-8080-exec-3] DEBUG azure.AzureProvisioningService - microSoft token API statusCode: 401\n","stream":"stdout","time":"2022-05-20T06:59:03.451477076Z"}"
"ingress-nginx","2022-05-20T06:59:02.523+0000","{"log":"168.149.166.67 - - [20/May/2022:06:59:01 +0000] \"GET /ECM/ecmConfig/getVaultConfigDefaultJSON?connectionId=9\u0026connectionName=AzureADRecon\u0026connectionKey=11\u0026path=\u0026_=1653029786333 HTTP/1.1\" 200 301 \"https://dgp-dev.saviyntcloud.com/\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36\" 2559 0.010 [default-ecm-8080] [] 100.66.140.66:8080 301 0.008 200 0b6b06672e8d1239bd2d8d6cbdaffc8c\n","stream":"stdout","time":"2022-05-20T06:59:01.543920019Z"}"
[This post has been edited by a moderator to remove personally identifiable information (client information) to abide by the Saviynt Community Terms of Use and Participation Guidelines.]
06/01/2022 11:07 PM
Hello,
Can see a 401 to indicate bad credentials :
"ecm","2022-05-20T06:59:03.523+0000","{"log":"2022-05-20 06:59:03,451 [http-nio-8080-exec-3] DEBUG azure.AzureProvisioningService - microSoft token API statusCode: 401\n","stream":"stdout","time":"2022-05-20T06:59:03.451477076Z"}"
Could you try regenerating the secret and try?
06/08/2022 12:49 AM
Hi,
You can try adding below parameter in your connection JSON and test:
"retryFailureStatusCode": [ 401 ]
"maxRefreshTryCount": 5,
Please make sure above parameters are added in your JSON. You can take a reference where to put these parameter from REST Connector Guide. - https://saviynt.freshdesk.com/support/solutions/articles/43000521736-rest-connector-guide
Thanks
Rohit
06/08/2022 12:51 AM
Also, Please re-validate your connection details.
07/21/2022 09:38 AM
Hi ,
We have configured the same Azure AD connector and do see the same connection issue. One thing we realized the below connector attributes were missing in our version, which is 5.5SP3.9.
Could you please confirm if you see these attributes at your end.
AUTHENTICATION_ENDPOINT, MICROSOFT_GRAPH_ENDPOINT, and AZURE_MANAGEMENT_ENDPOINT
@Saviynt Team: Could you please confirm due to the missing above attribute values we are unable to do the successful connection.
Thanks
Sonali.
07/21/2022 02:02 PM
You can add missing attributes from connection - connection types indeed that should be supported for your version
07/27/2022 07:17 AM
The Microsoft Graph API 2.0 related parameters were released later in 5.5 SP3.10 . If you need this in your version, i would request to raise an upgrade request with your Saviynt Customer Team (CSM, Ops Managers)
Release Notes : https://saviynt.freshdesk.com/en/support/solutions/articles/43000646802-release-notes-v5-5-sp3-10