Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Azure AD Recon Connection Failed

sbidarkote
New Contributor II
New Contributor II

‎05/20/2022 09:14 AM

Hello ,

We configured OOTB Azure AD Connection to perform reconciliation with required details like clientID , Client Secrete and tenant ID.

However connection is failing with below error : 

azure.AzureProvisioningService - microSoft token API statusCode: 400

 Looking for the advise for above error .

 

 

0 Kudos
9 REPLIES 9

sahajranajee
Saviynt Employee
Saviynt Employee

‎05/24/2022 02:05 AM

Hello,

Could you please provide full logs for the same? 400 would mean a bad request which does not really tell a lot.

 


Regards,
Sahaj Ranajee
Sr. Product Specialist
0 Kudos

sbidarkote
New Contributor II
New Contributor II
In response to sahajranajee

‎05/24/2022 04:39 AM - last edited on ‎06/08/2022 08:24 AM by Saviynt Employee

Hi Sahai,

Giving below logs details.

DEBUG services.ImportUtilityService - Endpoint 'AzureADRecon' found for the Security System 'AzureADRecon' with Endpointkey: 8\n","stream":"stdout","time":"2022-05-20T10:51:18.811534248Z"}"
"ecm","2022-05-20T10:51:18.939+0000","{"log":"2022-05-20 10:51:18,815 [http-nio-8080-exec-10] DEBUG integration.ExternalConnectionCallService - in testExternalConnection for External Connection : AzureADRecon\n","stream":"stdout","time":"2022-05-20T10:51:18.815553177Z"}"
"ecm","2022-05-20T10:51:18.939+0000","{"log":"2022-05-20 10:51:18,824 [http-nio-8080-exec-10] DEBUG azure.AzureProvisioningService - validating microSoft API call\n","stream":"stdout","time":"2022-05-20T10:51:18.825064374Z"}"
"ecm","2022-05-20T10:51:18.939+0000","{"log":"2022-05-20 10:51:18,825 [http-nio-8080-exec-10] DEBUG services.HttpClientUtilityService - isFipsEnabled = false\n","stream":"stdout","time":"2022-05-20T10:51:18.825086243Z"}"
"ecm","2022-05-20T10:51:18.939+0000","{"log":"2022-05-20 10:51:18,825 [http-nio-8080-exec-10] DEBUG services.HttpClientUtilityService - getHttpClient - sslParams : null\n","stream":"stdout","time":"2022-05-20T10:51:18.825095416Z"}"
"ecm","2022-05-20T10:51:18.939+0000","{"log":"2022-05-20 10:51:18,825 [http-nio-8080-exec-10] DEBUG services.HttpClientUtilityService - getHttpClient - proxyParams : null\n","stream":"stdout","time":"2022-05-20T10:51:18.825122817Z"}"
"ecm","2022-05-20T10:51:18.939+0000","{"log":"2022-05-20 10:51:18,825 [http-nio-8080-exec-10] DEBUG services.HttpClientUtilityService - getHttpClient - sslSocketFactory : null\n","stream":"stdout","time":"2022-05-20T10:51:18.825137337Z"}"
"ecm","2022-05-20T10:51:18.939+0000","{"log":"2022-05-20 10:51:18,842 [http-nio-8080-exec-10] DEBUG services.HttpClientUtilityService - getHttpClient - HttpClientBuilder.create().build() called.\n","stream":"stdout","time":"2022-05-20T10:51:18.842921624Z"}"
"ingress-nginx","2022-05-20T10:51:18.521+0000","{"log":"168.149.166.16 - - [20/May/2022:10:51:17 +0000] \"GET /ECM/ecmConfig/checkConnectionName?connectionname=AzureADRecon\u0026connectionId=11\u0026_=1653043010408 HTTP/1.1\" 200 11 \"https://dgp-dev.saviyntcloud.com/\ " \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36\" 2325 0.025 [default-ecm-8080] [] 100.66.140.205:8080 11 0.024 200 97078ca5d11162822260a7c51490265a\n","stream":"stdout","time":"2022-05-20T10:51:17.59120444Z"}"
"gateway","2022-05-20T10:51:20.524+0000","{"log":"2022-05-20 10:51:20.136 INFO [TENANT_ID=DEFAULT] 7 --- [reactor-http-epoll-1] c.s.s.g.gateway.ReactiveTenantFilter : ReactiveTenantFilter tenantId : DEFAULT\n","stream":"stdout","time":"2022-05-20T10:51:20.13662658Z"}"
"ecm","2022-05-20T10:51:19.940+0000","{"log":"2022-05-20 10:51:19,123 [http-nio-8080-exec-10] DEBUG azure.AzureProvisioningService - microSoft token API statusCode: 400\n","stream":"stdout","time":"2022-05-20T10:51:19.123854067Z"}"
"ecm","2022-05-20T10:51:19.940+0000","{"log":"2022-05-20 10:51:19,126 [http-nio-8080-exec-10] DEBUG integration.ExternalConnectionCallService - EXIT invokeExternalMethod\n","stream":"stdout","time":"2022-05-20T10:51:19.126200281Z"}"

 

unable to attach complete log file here.

[This post has been edited by a moderator to remove personally identifiable information (Client Information) to abide by the Saviynt Community Terms of Use and Participation Guidelines.]

0 Kudos

sbidarkote
New Contributor II
New Contributor II
In response to sahajranajee

‎05/30/2022 11:50 PM - last edited on ‎06/08/2022 08:24 AM by Community Manager

Hi Sahaj,

Sharing log details.

 

DEBUG integration.ExternalConnectionCallService - in testExternalConnection for External Connection : AzureADRecon\n","stream":"stdout","time":"2022-05-20T07:00:05.358410034Z"}"
"ecm","2022-05-20T07:00:05.524+0000","{"log":"2022-05-20 07:00:05,362 [http-nio-8080-exec-16] DEBUG azure.AzureProvisioningService - validating microSoft API call\n","stream":"stdout","time":"2022-05-20T07:00:05.362459544Z"}"
"ingress-nginx","2022-05-20T07:00:04.521+0000","{"log":"168.149.166.67 - - [20/May/2022:07:00:03 +0000] \"GET /ECM/ecmConfig/getVaultConfigDefaultJSON?connectionId=9\u0026connectionName=AzureADRecon\u0026connectionKey=11\u0026path=\u0026_=1653029786335 HTTP/1.1\" 200 301 \"https://dgp-dev.saviyntcloud.com/\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36\" 2559 0.010 [default-ecm-8080] [] 100.66.140.66:8080 301 0.012 200 40a7fb65534cc8d5e75e10d1e31f7fbd\n","stream":"stdout","time":"2022-05-20T07:00:03.717703286Z"}"
"ingress-nginx","2022-05-20T07:00:04.521+0000","{"log":"168.149.166.67 - - [20/May/2022:07:00:04 +0000] \"GET /ECM/ecmConfig/checkConnectionName?connectionname=AzureADRecon\u0026connectionId=11\u0026_=1653029786336 HTTP/1.1\" 200 11 \"https://XXX.saviyntcloud.com/\ " \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36\" 2531 0.015 [default-ecm-8080] [] 100.66.140.66:8080 11 0.016 200 b24d8798590381d9bf812ea68c328b1c\n","stream":"stdout","time":"2022-05-20T07:00:04.249061489Z"}"
"ecm","2022-05-20T06:59:03.523+0000","{"log":"2022-05-20 06:59:02,641 [http-nio-8080-exec-21] DEBUG domain.EcmConfigController - Saving attribute::: AZURE_MGMT_ACCESS_TOKEN\n","stream":"stdout","time":"2022-05-20T06:59:02.641420627Z"}"
"ecm","2022-05-20T06:59:03.523+0000","{"log":"2022-05-20 06:59:02,642 [http-nio-8080-exec-21] DEBUG domain.EcmConfigController - Saving attribute::: AZURE_MGMT_ACCESS_TOKEN done \n","stream":"stdout","time":"2022-05-20T06:59:02.64224123Z"}"
"ecm","2022-05-20T06:59:03.523+0000","{"log":"2022-05-20 06:59:02,643 [http-nio-8080-exec-21] DEBUG domain.EcmConfigController - Saving attribute::: AZURE_MANAGEMENT_ENDPOINT\n","stream":"stdout","time":"2022-05-20T06:59:02.643970366Z"}"
"ecm","2022-05-20T06:59:03.523+0000","{"log":"2022-05-20 06:59:02,644 [http-nio-8080-exec-21] DEBUG domain.EcmConfigController - Saving attribute::: AZURE_MANAGEMENT_ENDPOINT done \n","stream":"stdout","time":"2022-05-20T06:59:02.645024575Z"}"
"ecm","2022-05-20T06:59:03.523+0000","{"log":"2022-05-20 06:59:03,170 [http-nio-8080-exec-3] DEBUG services.ImportUtilityService - Endpoint 'AzureADRecon' found for the Security System 'AzureADRecon' with Endpointkey: 8\n","stream":"stdout","time":"2022-05-20T06:59:03.171427558Z"}"
"ecm","2022-05-20T06:59:03.523+0000","{"log":"2022-05-20 06:59:03,174 [http-nio-8080-exec-3] DEBUG integration.ExternalConnectionCallService - in testExternalConnection for External Connection : AzureADRecon\n","stream":"stdout","time":"2022-05-20T06:59:03.174994362Z"}"
"ecm","2022-05-20T06:59:03.523+0000","{"log":"2022-05-20 06:59:03,179 [http-nio-8080-exec-3] DEBUG azure.AzureProvisioningService - validating microSoft API call\n","stream":"stdout","time":"2022-05-20T06:59:03.179795064Z"}"
"ecm","2022-05-20T06:59:03.523+0000","{"log":"2022-05-20 06:59:03,451 [http-nio-8080-exec-3] DEBUG azure.AzureProvisioningService - microSoft token API statusCode: 401\n","stream":"stdout","time":"2022-05-20T06:59:03.451477076Z"}"
"ingress-nginx","2022-05-20T06:59:02.523+0000","{"log":"168.149.166.67 - - [20/May/2022:06:59:01 +0000] \"GET /ECM/ecmConfig/getVaultConfigDefaultJSON?connectionId=9\u0026connectionName=AzureADRecon\u0026connectionKey=11\u0026path=\u0026_=1653029786333 HTTP/1.1\" 200 301 \"https://dgp-dev.saviyntcloud.com/\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36\" 2559 0.010 [default-ecm-8080] [] 100.66.140.66:8080 301 0.008 200 0b6b06672e8d1239bd2d8d6cbdaffc8c\n","stream":"stdout","time":"2022-05-20T06:59:01.543920019Z"}"

[This post has been edited by a moderator to remove personally identifiable information (client information) to abide by the Saviynt Community Terms of Use and Participation Guidelines.]

0 Kudos

sahajranajee
Saviynt Employee
Saviynt Employee

‎06/01/2022 11:07 PM

Hello,

Can see a 401 to indicate bad credentials : 
"ecm","2022-05-20T06:59:03.523+0000","{"log":"2022-05-20 06:59:03,451 [http-nio-8080-exec-3] DEBUG azure.AzureProvisioningService - microSoft token API statusCode: 401\n","stream":"stdout","time":"2022-05-20T06:59:03.451477076Z"}"

Could you try regenerating the secret and try?


Regards,
Sahaj Ranajee
Sr. Product Specialist
0 Kudos

rohitkumarraj
Regular Contributor
Regular Contributor

‎06/08/2022 12:49 AM

Hi,

You can try adding below parameter in your connection JSON and test:

"retryFailureStatusCode": [
        401
      ]

 

  "maxRefreshTryCount": 5,

Please make sure above parameters are added in your JSON. You can take a reference where to put these parameter from REST Connector Guide. - https://saviynt.freshdesk.com/support/solutions/articles/43000521736-rest-connector-guide

 

Thanks

Rohit

0 Kudos

rohitkumarraj
Regular Contributor
Regular Contributor
In response to rohitkumarraj

‎06/08/2022 12:51 AM

Also, Please re-validate your connection details.

0 Kudos

akondapally
New Contributor
New Contributor

‎07/21/2022 09:38 AM

Hi ,

We have configured the same Azure AD connector and do see the same connection issue. One thing we realized the below connector attributes were missing in our version, which is 5.5SP3.9.

Could you please confirm if you see these attributes at your end.

AUTHENTICATION_ENDPOINT, MICROSOFT_GRAPH_ENDPOINT, and AZURE_MANAGEMENT_ENDPOINT

@Saviynt Team: Could you please confirm due to the missing above attribute values we are unable to do the successful connection.

Thanks
Sonali.

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to akondapally

‎07/21/2022 02:02 PM

You can add missing attributes from connection - connection types indeed that should be supported for your version


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

sahajranajee
Saviynt Employee
Saviynt Employee

‎07/27/2022 07:17 AM

@akondapally 

The Microsoft Graph API 2.0 related parameters were released later in 5.5 SP3.10 . If you need this in your version, i would request to raise an upgrade request with your Saviynt Customer Team (CSM, Ops Managers)

Release Notes : https://saviynt.freshdesk.com/en/support/solutions/articles/43000646802-release-notes-v5-5-sp3-10


Regards,
Sahaj Ranajee
Sr. Product Specialist
Copyright © 2024 Khoros, LLC