Saviynt Forums

aksharkay · ‎05/25/2023

Hi,

I am calling the Saviynt REST APIs (v23.4) from Postman. The API service account user has ROLE_ADMIN SAV role. The authentication API is working successfully as shown in the screenshot below:

But when I save the access_token and call any other Saviynt API, I get the below message:

I had set localAuthEnabled = 1 for this user before setting the password and passwordexpired = false. Yet, it is somehow returning an HTML response with something like a SAML token.

If anyone has come across this before, then kindly let me know if I am missing some config.

Thanks & Regards,

Akshar

dgandhi · ‎05/25/2023

Are you calling SSO URL or direct Saviynt URL?

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

aksharkay · ‎05/25/2023

I think it is the SSO URL (https://*.saviyntcloud.com). Non-SSO URL is disabled for us but not sure if that makes a difference. The same URL works when I use another user whose config is the same as the one in the screenshot.

yogesh · ‎05/27/2023

Are your user's attributes like this:

"statuskey": "1",
"passwordExpired": "false",
"enabled": "true",
"accountExpired": "false",
"accountLocked": "false",
"localAuthEnabled": "true",

I would suggest doing a comparision between all attributes of both working and non working users, I don't think there is another factor affecting this other than user attributes and SAV role permissions.

aksharkay · ‎05/29/2023

Hey Yogesh, I did check compare all the attributes of the working and non-working user and I did not find any major difference 😞

yogesh · ‎05/29/2023

You can try removing that other SAV ROLE that is assigned to service account... but honestly I am also just as puzzled, as you are able to get the token and the status for the get roles call is also 200

aksharkay · ‎05/29/2023

Tried that as well, the working user has the other SAV role itself (ROLE_SIEM). I have raised a ticket with Saviynt, just in case they are able to investigate further on this.

rushikeshvartak · ‎05/29/2023

You can check webservice used under ROLE_SIEM

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

aksharkay · ‎05/29/2023

ROLE_SIEM has almost the same web services as ROLE_ADMIN. I believe there is some issue with the user itself. I tried removing ROLE_SIEM from the user and keep just ROLE_ADMIN, yet the issue persists.

rushikeshvartak · ‎05/29/2023

It seems role name hardcoded in code ? Can you create replica of role_siem role and trt

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

aksharkay · ‎05/30/2023

ROLE_SIEM is a custom role which I created. I also tried with having only ROLE_ADMIN assigned to the user, but I still receive the HTML response for the API call.

SinghAtul · ‎05/30/2023

Hi,

I am facing this issue as well. I am getting some HTML response when calling any Saviynt API. The Authentication is successful.

localAuthEnabled is 1 and passwordexpired is 0 for the user I am using to call Saviynt API from postman.

Saviynt Forums

Browser Does Not Support Javascript Message: Saviynt API