Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/01/2023 07:35 PM
AzureAD was integrated using Application Onboarding. Accounts/accesses import works successfully through Azure connector. Add Access is giving off a 401 exception when attempting to add a known access to an existing account:
"ecm-worker","2023-06-02T02:15:29.426+00:00","2023-06-02T02:15:28.544430287Z stdout F 2023-06-02 02:15:28,544 [quartzScheduler_Worker-4] DEBUG rest.RestProvisioningService - Got Webservice API Response: [headers:[Transfer-Encoding: chunked, Content-Type: application/json, Vary: Accept-Encoding, Strict-Transport-Security: max-age=31536000, request-id: 37d7adbb-d011-4a64-b866-09a4ae900247, client-request-id: 37d7adbb-d011-4a64-b866-09a4ae900247, x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"East US","Slice":"E","Ring":"5","ScaleUnit":"004","RoleInstance":"BL02EPF0000ACBC"}}, WWW-Authenticate: Bearer realm="", authorization_uri="https://login.microsoftonline.com/common/oauth2/authorize", client_id="00000003-0000-0000-c000-000000000000", Date: Fri, 02 Jun 2023 02:15:27 GMT], responseText:{"error":{"code":"InvalidAuthenticationToken","message":"CompactToken parsing failed with error code: 80049217","innerError":{"date":"2023-06-02T02:15:28","request-id":"37d7adbb-d011-4a64-b866-09a4ae900247","client-request-id":"37d7adbb-d011-4a64-b866-09a4ae900247"}}}, cookies:[], statusCode:401]"
It appears the connector is not able to get a valid token back from the service. Is this something that possibly has any other solution aside from rebuilding the connectionjson from scratch?
FWIW, I was able to add the account to a group through graph api call from Postman...
Solved! Go to Solution.
06/01/2023 11:55 PM
Hi @flegare
I hope you are aware that AzureAD uses the REST Connector for the Provisioning operations and has configured the same for your security system.
Are you trying to add a Group Entitlement to your User Account?
Please share the ConnectionJson and the AddAccess Json that is being used.
Also, refer to below documentation for configuring the Integration for AzureAD Provisioning/Deprovisioning-
06/02/2023 05:53 AM
The client used AOB to integrate the application and as such, we have no visibility over the connectionjson that was used.
I tried replacing the connectionjson entirely but that was not terribly efficient as wsretry actions did not get registered at all. I will attempt this later again today.
06/02/2023 07:43 AM
This part is resolved. Rebuilding the connectionjson did the trick