Saviynt Forums

mirani · ‎03/29/2024

Greetings,
I am working on a REST Connection and having troubles with the authentication.
So it is a Basic Authorization with a username and password. In postman I add username and password under authorization tab and pass the payloads in body and it works. I am able to create users in target through postman so the username and password is correct. As it is a Basic Type connection no tokens are generated.

In Saviynt:
ConnectionJSON (1.1):

{
"authentications": {
"acctAuth": {
"authType": "Basic",
"url": "XXXXX",
"httpMethod": "POST",
"httpParams": {},
"httpHeaders": {},
"httpContentType": "application/xml",
"properties": {
"userName":"XXXXX",
"password":"XXXXX"
},
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"timeOutError": "Read timed out",
"testname": "<test URL>",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Basic",
"accessToken": "Basic <<TOKEN>>",
"apiRateLimitConfig": {"retryAfterCalls": 100,"retryWaitSeconds": 60}
}
}
}

ConnectionJSON (1.2):

{
"authentications": {
"acctAuth": {
"authType": "Basic",
"url": "XXXXX",
"httpMethod": "POST",
"httpParams": {},
"httpHeaders": {},
"httpContentType": "application/xml",
"properties": {
"userName":"XXXXX",
"password":"XXXXX"
},
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"timeOutError": "Read timed out",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Basic",
"accessToken": "Basic abcd",
"apiRateLimitConfig": {"retryAfterCalls": 100,"retryWaitSeconds": 60}
}
}
}

When using any of these 2 JSON's the connection is SUCCESSFUL but I am getting this error:
"DEBUG","Got null response statusCode with erroMsg - [error:Error XXXX-dev.cloud.XXXXX.XX.com: No address associated with hostname]"

ConnectionJSON(2.0):

{
"authentications": {
"acctAuth": {
"authType": "Basic",
"url": "XXXXX",
"httpMethod": "POST",
"httpParams": {
"username":"XXXXX",
"password":"XXXXX"
},
"httpHeaders": {},
"httpContentType": "application/xml"
},
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"timeOutError": "Read timed out",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Basic",
"accessToken": "Basic abcd",
"apiRateLimitConfig": {"retryAfterCalls": 100,"retryWaitSeconds": 60}
}
}

and when I am using this JSON the connection is FAILING and I am getting this error:

Could not find matching constructor for: java.util.HashMap(java.lang.String)

Cannot cast object 'ExpiredAuthenticationToken' with class 'java.lang.String'

CreateAccountJSON :
{
"accountIdPath": "call1.message.data.id",
"call": [
{
"name": "call1",
"connection": "acctAuth",
"showResponse": true,
"url": "XXXXX",
"httpMethod": "POST",
"httpHeaders": {
"Authorization": "${connection.accessToken}",
"Content-Type": "application/xml",
"Accept": "*/*"
},
"httpParams": "<Transmission xmlns=\"URL\"><TransmissionBody><XXX:GLogXMLElement><User><GlUserGid><Gid><Xid>${users.username}</Xid></Gid></GlUserGid><Nickname>${users.displayname}</Nickname><UserPassword><NewPassword><GlPassword><TextPassword>${users.customproperty65}</TextPassword></GlPassword></NewPassword></UserPassword></User></XXX:GLogXMLElement><GLogXMLElement><Contact><EmailAddress>${users.email}</EmailAddress><FirstName>${users.firstname}</FirstName><LastName>${users.lastname}</LastName></Contact></GLogXMLElement></TransmissionBody></Transmission>",
"httpContentType": "application/xml",
"successResponses": {
"statusCode": [
201,
200,
204
]
}
}
]
}

Can someone guide me on this?

rushikeshvartak · ‎03/29/2024

Refer https://forums.saviynt.com/t5/identity-governance/how-to-integrate-a-target-system-only-supports-bas...

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Falcon · ‎03/29/2024

Based on the details you've provided, there are a few key points to address to help resolve the issues you're encountering with your REST Connection for Basic Authentication in Saviynt.

Issues in ConnectionJSON configurations

Basic Authentication

For Basic Authentication, the "accessToken" should be a Base64 encoded string of username:password. You don't need to include accessToken explicitly if it's not used as part of the header in the API requests, as you're including the Authorization header directly in your CreateAccountJSON.

Correcting the Authentication Header

In your CreateAccountJSON, you've correctly included the Authorization header. However, make sure that ${connection.accessToken} is properly replaced with a Base64 encoded value of your username:password.

Proposed Solution

Ensure correct Base64 encoding: The accessToken field should contain the Base64 encoded value of username:password. For Basic Authentication, this is typically generated outside the system (as you've done with Postman) and then included in your configuration. You can use online tools or a programming language to encode your credentials to Base64.
Adjust the ConnectionJSON: Given that you're using Basic Authentication, the connection JSON should focus on specifying the httpHeaders for the Authorization correctly. However, since the header might be set in each individual call (like in CreateAccountJSON), the focus in ConnectionJSON should be on the structure and common properties that don't change across calls.

Considering the error messages and your current setup, here's a revised approach to your ConnectionJSON focusing on structure and leaving the dynamic Authorization header handling to individual call JSONs like your CreateAccountJSON.

{
  "authentications": {
    "acctAuth": {
      "authType": "Basic",
      "properties": {
        "userName": "XXXXX",
        "password": "XXXXX"
      },
      "httpContentType": "application/xml",
      "expiryError": "ExpiredAuthenticationToken",
      "authError": [
        "InvalidAuthenticationToken",
        "AuthenticationFailed"
      ],
      "timeOutError": "Read timed out",
      "errorPath": "error.code",
      "maxRefreshTryCount": 5,
      "apiRateLimitConfig": {
        "retryAfterCalls": 100,
        "retryWaitSeconds": 60
      }
    }
  }
}

Note: This configuration doesn't explicitly set accessToken since the Authorization header will be managed at each call level, as seen in your CreateAccountJSON.

Debugging Connection Failures

For the "No address associated with hostname" error, ensure the URL provided in your configurations is correct and reachable from the server where Saviynt is hosted. This error typically indicates a DNS resolution issue or a typo in the URL.
For the "Could not find matching constructor for: java.util.HashMap" error, it seems there's a syntax issue or misconfiguration, especially around how data structures are initialized or used in your JSON. Make sure all JSON structures are correctly formatted.

Final Note

Ensure that all sensitive information like userName and password are correctly entered and that any Base64 encoding is done correctly. Test your endpoint accessibility and credentials outside of Saviynt first (which you've done with Postman) to ensure the basic connectivity and authentication are functioning as expected before moving to integration testing within Saviynt.