and more in a single search tool across platforms. Read the announcement here. |
05/25/2023 08:25 PM
Hi,
I am calling the Saviynt REST APIs (v23.4) from Postman. The API service account user has ROLE_ADMIN SAV role. The authentication API is working successfully as shown in the screenshot below:
But when I save the access_token and call any other Saviynt API, I get the below message:
I had set localAuthEnabled = 1 for this user before setting the password and passwordexpired = false. Yet, it is somehow returning an HTML response with something like a SAML token.
If anyone has come across this before, then kindly let me know if I am missing some config.
Thanks & Regards,
Akshar
05/25/2023 08:59 PM
Are you calling SSO URL or direct Saviynt URL?
05/25/2023 09:03 PM
I think it is the SSO URL (https://*.saviyntcloud.com). Non-SSO URL is disabled for us but not sure if that makes a difference. The same URL works when I use another user whose config is the same as the one in the screenshot.
05/27/2023 10:36 AM
Are your user's attributes like this:
"statuskey": "1",
"passwordExpired": "false",
"enabled": "true",
"accountExpired": "false",
"accountLocked": "false",
"localAuthEnabled": "true",
I would suggest doing a comparision between all attributes of both working and non working users, I don't think there is another factor affecting this other than user attributes and SAV role permissions.
05/29/2023 06:01 AM - edited 05/29/2023 07:59 AM
Hey Yogesh, I did check compare all the attributes of the working and non-working user and I did not find any major difference 😞
05/29/2023 06:22 AM
You can try removing that other SAV ROLE that is assigned to service account... but honestly I am also just as puzzled, as you are able to get the token and the status for the get roles call is also 200
05/29/2023 08:02 AM
Tried that as well, the working user has the other SAV role itself (ROLE_SIEM). I have raised a ticket with Saviynt, just in case they are able to investigate further on this.
05/29/2023 03:17 PM
You can check webservice used under ROLE_SIEM
05/29/2023 08:07 PM
ROLE_SIEM has almost the same web services as ROLE_ADMIN. I believe there is some issue with the user itself. I tried removing ROLE_SIEM from the user and keep just ROLE_ADMIN, yet the issue persists.
05/29/2023 08:08 PM
It seems role name hardcoded in code ? Can you create replica of role_siem role and trt
05/30/2023 07:52 PM
ROLE_SIEM is a custom role which I created. I also tried with having only ROLE_ADMIN assigned to the user, but I still receive the HTML response for the API call.
05/30/2023 12:15 PM
Hi,
I am facing this issue as well. I am getting some HTML response when calling any Saviynt API. The Authentication is successful.
localAuthEnabled is 1 and passwordexpired is 0 for the user I am using to call Saviynt API from postman.