Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Cannot get access token from connection

tmschiller
New Contributor III
New Contributor III
Unable to get a valid security token from a new connection. I've tried numerous times to get the access token, but no matter what I've tried, I cannot get the token. I am able to get the token from Postman without issue and if I hard code the token in Saviynt the import/provisioning jobs run fine, but cannot get the token from the API as I get a 401 error, that states "Please provide a valid security token" from the logs. I've provided the connection below:
{
    "authentications": {
        "auth": {
            "authType": "BasicWithAccessToken",
            "httpMethod": "POST",       
            "httpHeaders": {
                "Accept": "application/x-www-form-urlencoded"
            },
            "properties": {
                "client_id": "<removed>",
                "client_secret": "<removed>"
            },
            "httpContentType": "application/json",
            "expiryError": "ExpiredAuthenticationToken",
            "retryFailureStatusCode": [
                403,
                401,
                500
            ],
            "authError": [
                "InvalidAuthenticationToken",
                "AuthenticationFailed",
                "Authentication_MissingOrMalformed",
                "Authentication_ExpiredToken"
            ],
            "timeOutError": "Read timed out",
            "errorPath": "error.code",
            "maxRefreshTryCount": 5,
            "tokenResponsePath": "access_token",
            "tokenType": "Bearer",
            "accessToken": "Bearer xyz"
        }
    }
}
28 REPLIES 28

rushikeshvartak
All-Star
All-Star

Postman screenshot


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

tmschiller
New Contributor III
New Contributor III

tmschiller_0-1699897325797.png

 

tmschiller
New Contributor III
New Contributor III

tmschiller_1-1699897375158.png

 

parameters ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

rushikeshvartak
All-Star
All-Star
{
    "authentications": {
        "auth": {
            "authType": "BasicWithAccessToken",
            "url": "https://oneplm.api.dev.xxxxxx.net:3102/token",
            "httpMethod": "POST",       
            "httpHeaders": {
                "Accept": "application/x-www-form-urlencoded",
                "client_id": "<removed>",
                "client_secret": "<removed>"
            },
            "httpContentType": "application/json",
            "expiryError": "ExpiredAuthenticationToken",
            "retryFailureStatusCode": [
                403,
                401,
                500
            ],
            "authError": [
                "InvalidAuthenticationToken",
                "AuthenticationFailed",
                "Authentication_MissingOrMalformed",
                "Authentication_ExpiredToken"
            ],
            "timeOutError": "Read timed out",
            "errorPath": "error.code",
            "maxRefreshTryCount": 5,
            "tokenResponsePath": "access_token",
            "tokenType": "Bearer",
            "accessToken": "Bearer xyz"
        }
    }
}

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

What is target application / product 

 

Additionally you can check API details using curl command in postman https://stackoverflow.com/questions/49432735/converting-a-postman-request-to-curl


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

tmschiller
New Contributor III
New Contributor III

tmschiller_0-1699897528273.png

 

tmschiller
New Contributor III
New Contributor III

I still get the same error (attached). It's a custom API created for Teamcenter integration.

tmschiller_0-1699897872897.png

 

Share screenshot of curl 

Additionally you can check API details using curl command in postman https://stackoverflow.com/questions/49432735/converting-a-postman-request-to-curl


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

can you share any  1 provisioning /import json ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

I'm not sure what you want me to do with cURL as the Postman call works fine and I can see all the responses.

tmschiller
New Contributor III
New Contributor III
{
    "accountParams": {
        "connection": "auth",
        "processingType": "SequentialAndIterative",
        "call": {
            "call1": {
                "callOrder": 0,
                "stageNumber": 0,
                "http": {
                    "httpHeaders": {
                        "Accept": "application/scim+json",
                        "Authorization": "${access_token}"
                    },
                    "httpContentType": "application/json",
                    "httpMethod": "GET"
                },
                "listField": "resources",
                "keyField": "accountID",
                "statusConfig": {
                    "active": "true",
                    "inactive": "false"
                },
                "colsToPropsMap": {
                    "displayName": "displayName~#~char",
                    "accountID": "id~#~char",
                    "name": "id~#~char",
                    "customproperty1": "emails.value~#~char",
                    "customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char",
                    "status": "active~#~char"
                },
                "pagination": {
                    "nextUrl": {
                        "nextUrlPath": "${response?.objectList?.size()>0?'https://oneplm.api.dev.xxxxxx.net:3102/scim/v2/users?count=1000&startIndex='+Math.addExact(response....}"
                    }
                }
            }
        }
    },
    "entitlementParams": {
        "connection": "auth",
        "processingType": "SequentialAndIterative",
        "entTypes": {
            "GroupRole": {
                "entTypeOrder": 0,
                "call": {
                    "call1": {
                        "callOrder": 0,
                        "stageNumber": 0,
                        "http": {
                            "url": "https://oneplm.api.dev.xxxxxx.net:3102/scim/v2/roles?startIndex=1&count=10",
                            "httpHeaders": {
                                "Accept": "application/scim+json",
                                "Authorization": "${access_token}"
                            },
                            "httpContentType": "application/json",
                            "httpMethod": "GET"
                        },
                        "listField": "resources",
                        "keyField": "entitlementID",
                        "colsToPropsMap": {
                            "entitlementID": "displayName~#~char",
                            "entitlement_value": "displayName~#~char",
                            "customproperty1": "id~#~char",
                            "acctEntMappingInfoColumnFromEnt": "STORE#ACC#ENT#MAPPINGINFO~#~char"
                        },
                        "pagination": {
                            "nextUrl": {
                                "nextUrlPath": "${response?.objectList?.size()>0?'https://oneplm.api.dev.xxxxxx.net:3102/scim/v2/roles?count=10&startIndex='+Math.addExact(response.co...}"
                            }
                        },
                        "disableDeletedEntitlements": true
                    }
                },
                "acctEntMappings": {
                    "listField": "users",
                    "idPath": "id",
                    "keyField": "accountID",
                    "importAsAccount": false,
                    "importAsEntitlement": false
                }
            }
        }
    },
    "acctEntParams": {
        "processingType": "entToAcctMapping"
    }
}

I have changed auth name so please update import acc json also 

{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"url": "https://oneplm.api.dev.xxxxxx.net:3102/token",
"httpMethod": "POST",
"httpParams": {
"client_secret": "<<ClientSecret>>",
"client_id": "<<ClientID>>",
},
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded"
},
"httpContentType": "application/x-www-form-urlencoded",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken"
],
"timeOutError": "Read timed out",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer abc"
}
}
}


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

tmschiller
New Contributor III
New Contributor III

Same error:

tmschiller_0-1699899267282.png

 

Share curl output and full log file when you run recon 

 
 

rushikeshvartak_2-1699899468146.png

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

tmschiller
New Contributor III
New Contributor III

I'm not quite understanding what it is you want me to do here. Below is the cURL code from Postman, but I don't know what you want me to do with it exactly. You're going to need to provide a step-by-step explanation of what you want.

tmschiller_0-1699900081012.png

 

{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"url": "https://oneplm.api.dev.xxxxxx.net:3102/token?client_secret=aaaaaa&client_id=bbbbbbbbbb",
"httpMethod": "POST",
"httpParams": {
"client_secret": "<<ClientSecret>>",
"client_id": "<<ClientID>>",
},
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded"
},
"httpContentType": "application/x-www-form-urlencoded",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken"
],
"timeOutError": "Read timed out",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer abc"
}
}
}


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

tmschiller
New Contributor III
New Contributor III

Same error

Can you share final and current connection JSON and logs in file


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

tmschiller
New Contributor III
New Contributor III
 

{
    "authentications": {
        "acctAuth": {
            "authType": "oauth2",
            "url": "https://oneplm.api.dev.xxxxxx.net:3102/token?client_id=<removed>&client_secret=<removed>",
            "httpMethod": "POST",
            "httpParams":{
                "grant_type": "client_credentials",
                "client_secret": "<removed>",
                "client_id": "<removed>"
            },
            "httpHeaders": {
                "contentType": "application/x-www-form-urlencoded"
            },
			"httpContentType": "application/x-www-form-urlencoded",
            "expiryError": "ExpiredAuthenticationToken",
            "authError": [
                "InvalidAuthenticationToken"
            ],
            "timeOutError": "Read timed out",
            "errorPath": "error.code",
            "maxRefreshTryCount": 5,
            "tokenResponsePath": "access_token",
            "tokenType": "Bearer",
            "accessToken": "Bearer abc"
        }
    }
}

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

tmschiller
New Contributor III
New Contributor III

Same error.

trying content type as application/json


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

tmschiller
New Contributor III
New Contributor III

same error

tmschiller
New Contributor III
New Contributor III

Do you have any other suggestions? I'm at a loss.

@tmschiller : Can you try below

{
    "authentications": {
        "acctAuth": {
            "authType": "oauth2",
            "url": "https://oneplm.api.dev.xxxxxx.net:3102/token?client_id=<removed>&client_secret=<removed>",
            "httpMethod": "POST",
            "httpParams": {},
            "httpHeaders": {
                "contentType": "application/scim+json",
                "Accept": "application/scim+json"
            },
            "httpContentType": "application/scim+json",
            "expiryError": "ExpiredAuthenticationToken",
            "authError": [
                "InvalidAuthenticationToken"
            ],
            "timeOutError": "Read timed out",
            "errorPath": "error.code",
            "maxRefreshTryCount": 5,
            "tokenResponsePath": "access_token",
            "tokenType": "Bearer",
            "accessToken": "Bearer abc"
        }
    }
}

Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

tmschiller
New Contributor III
New Contributor III

Still getting the same error.

Sampsa
New Contributor
New Contributor

I'm working on this case discussed by tmschiller. Right now I'm using this connectionJSON

{
"authentications": {
"auth": {
"authType": "oauth2",
"url": "https://oneplm.api.dev.xxxxx.net:3102/token?client_id=<removed>&client_secret=<removed>",
"httpMethod": "POST",
"httpHeaders": {"Accept": "application/json"},
"httpParams": {},
"httpContentType": "application/json",
"expiryError": "ExpiredAuthenticationToken",
"retryFailureStatusCode": [403,401,500],
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed",
"Authentication_MissingOrMalformed",
"Authentication_ExpiredToken"
],
"timeOutError": "Read timed out",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer xyz"
}
}
}

I think Saviynt is getting the token, since I don't see errors about the response token missing in the logs like I saw with some other configurations. However, there is an exception in the logs when it's trying to process the response after getting the token:

2023-11-20/07:21:20.158 [{}] [quartzScheduler_Worker-20] DEBUG services.HttpClientUtilityService - got response for api...
2023-11-20/07:21:20.158 [{}] [quartzScheduler_Worker-20] DEBUG rest.RestUtilService - fetching result from response.responseText
2023-11-20/07:21:20.159 [{}] [quartzScheduler_Worker-20] DEBUG rest.RestUtilService - connectionid:: null
2023-11-20/07:21:20.180 [{}] [quartzScheduler_Worker-20] DEBUG rest.RestProvisioningService - access token populated for oauth authentication..
2023-11-20/07:21:20.300 [{}] [quartzScheduler_Worker-20] DEBUG rest.RestProvisioningService - Exception while iterating Http Map instance
groovy.lang.GroovyRuntimeException: Could not find matching constructor for: java.lang.String(java.util.ArrayList)
at com.saviynt.provisoning.rest.RestProvisioningService.doHttpParamsBinding(RestProvisioningService.groovy:3717)
at com.saviynt.provisoning.rest.RestProvisioningService.populateHttpParamsForOauth(RestProvisioningService.groovy:3530)
at com.saviynt.provisoning.rest.RestProvisioningService.populateHttpParams(RestProvisioningService.groovy:3398)
at com.saviynt.provisoning.rest.RestProvisioningService.populateHttpBeforeRetry(RestProvisioningService.groovy:4618)
at com.saviynt.provisoning.rest.RestProvisioningService.isErrorRetry(RestProvisioningService.groovy:4588)
at com.saviynt.provisoning.rest.RestProvisioningService.retryAfterFailure(RestProvisioningService.groovy:4572)
at com.saviynt.provisoning.rest.RestProvisioningService.pullObjectsByRest(RestProvisioningService.groovy:4556)
at com.saviynt.provisoning.rest.RestProvisioningService.processWebservice(RestProvisioningService.groovy:8246)
at com.saviynt.provisoning.rest.RestProvisioningService$_provisionAccountsAccess_closure44.doCall(RestProvisioningService.groovy:8403)
at com.saviynt.provisoning.rest.RestProvisioningService.provisionAccountsAccess(RestProvisioningService.groovy:8330)
at com.saviynt.ecm.services.ArsTaskService.provisionAccessToAccounttarget(ArsTaskService.groovy:10517)
at com.saviynt.ecm.services.ArsTaskHelperService$_whenTaskTypeIsOneAddAccess_closure45.doCall(ArsTaskHelperService.groovy:2736)
at com.saviynt.ecm.services.ArsTaskHelperService.whenTaskTypeIsOneAddAccess(ArsTaskHelperService.groovy:2727)
at com.saviynt.ecm.services.ArsTaskHelperService$_completeAutoProvTasksUpgraded_closure1.doCall(ArsTaskHelperService.groovy:153)
at com.saviynt.ecm.services.ArsTaskHelperService.completeAutoProvTasksUpgraded(ArsTaskHelperService.groovy:148)
at MultipleProvisioningJob.execute(MultipleProvisioningJob.groovy:222)
at org.quartz.core.JobRunShell.run(JobRunShell.java:199)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)