Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Cookie based REST connector

Suresh1
Regular Contributor
Regular Contributor

Hello All,

We have a requirement to onboard an application which uses cookies in the API call. This application does not use access token, instead it uses cookies from the response headers.

I tried the below JSON suggested in the REST connector handbook, but it seems to be not working in my case, When i am trying to import accounts its not even calling the webservice URL though the connection is showing successful upon each save and test connection.

{
"authentications": {
"acctAuth": {
"authType": "cookies",
"url": "",
"httpMethod": "POST",
"httpParams": {
"username": "<specify username>",
"password": "<specify password>",
"apiKey": "${apiKey}",
"timestamp": "${timestamp}"
},
"httpHeaders": {
"contentType": "application/json"
},
"cookies": "${cookies}",
"properties": {
"apiKey": "${apiKey}"
},
"httpContentType": "application/json",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"SESSION_NOT_VALID",
"AuthenticationFailed",
"HTTP error code : 401"
],
"timeOutError": "Read timed out",
"errorPath": "code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "",
"tokenType": "",
"accessToken": "<specify access token>",
"retryFailureStatusCode": [
500,
502,
401
]
}
}
}

Please suggest the syntax for connectionJSON and ImportAccountEntJSON for cookie based REST connections.

Thank you in advance for you help.

@naveenss @rushikeshvartak 

16 REPLIES 16

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @Suresh1,

Can you please provide the response header screenshot from postman, and also briefly explain the authentication flow?

Thanks,

If you find the above response useful, Kindly Mark it as "Accept As Solution".

Suresh1
Regular Contributor
Regular Contributor

Hi @sudeshjaiswal ,

Below is the response header from Postman.

Suresh1_0-1690983982883.png

As shown in the above image all the 5 set-cookie parameters from response headers are being used for authentication.

We are passing clientID and secret in the Body. Once we hit the API call, Cookie key is getting generated and being passed to cookie parameter dynamically in the API headers as shown below.

Suresh1_2-1690985763828.png

 

Let me know if you need any further details.

Thank you!! 

 

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @Suresh1,

Could you please provide a snapshot of the get call as well,
Are you passing all 5 cookies in a consecutive call?

If you find the above response useful, Kindly Mark it as "Accept As Solution".

Hi @sudeshjaiswal ,

Below is the GET call from postman. Yes you are correct all 5 cookie keys are getting passed dynamically to header Cookie parameter.

Suresh1_1-1691060315267.pngSuresh1_2-1691060331328.png

Thank you !!

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @Suresh1,

You can use OAUTH2, for your use case,

{
  "authentications": {
    "acctAuth": {
      "authType": "oauth2",
      "url": "",
      "httpMethod": "POST",
      "httpParams": {

      },
      "httpHeaders": {
        "Content-Type": "application/x-www-form-urlencoded"
      },
      "httpContentType": "application/x-www-form-urlencoded",
      "expiryError": "ExpiredAuthenticationToken",
      "authError": [
        "USER_AUTHENTICATION_FAILED"
      ],
      "timeOutError": "error",
      "errorPath": "error",
      "maxRefreshTryCount": 3,
      "tokenResponsePath": "#HEADERS#Set-Cookie",
      "tokenType": "",
      "authHeaderName": "Cookie",
      "retryFailureStatusCode": [
        401
      ],
      "accessToken": "sdfghjk"
    }
  }
}
If you find the above response useful, Kindly Mark it as "Accept As Solution".

RajeshA
Regular Contributor
Regular Contributor

 @sudeshjaiswal 

 

PFB the connectionjson we are using based on your above response (I had erased url and client id and secret)

RajeshA_1-1691541839064.png

Can you let us know what is the parameter or variable name I need to update in other jsons. PFB screenshot of importaccountentjson and in both cases cookies are not getting passed correctly. 

RajeshA_0-1691541724313.png

Below is postman call to get the accounts. if you see we are passing cookies in "Cookie" parameter in request header. Can you let us know the variable name to be used to get the cookies from connectionjson to  in importaccountentjson 

RajeshA_2-1691542132491.png

 

 

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @Suresh1 ,

Could you kindly share the cURL response from Postman? We're interested in verifying how the cookies are being transmitted. Specifically, we want to determine whether all five cookies are sent as an array, or if the system is selecting a random cookie from the set of five cookies.


If you find the above response useful, Kindly Mark it as "Accept As Solution".

Hi @sudeshjaiswal ,

Below are the CURL code snippets from Postman. All 5 cookie keys are getting passed.

POST Call

Suresh1_0-1691591340930.png

Suresh1_2-1691591589301.png

GET Call

Suresh1_3-1691591601175.png

 

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @Suresh1,

Can you provide it in the attach document, please make sure to masked the confidiential information.

If you find the above response useful, Kindly Mark it as "Accept As Solution".

Hi @sudeshjaiswal 

 Attaching the document contains both login API curl command and Get Accounts CURL command.

Note: We have replaced all 5 cookie values with a dummy string value.

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @Suresh1,

Can you use the $accesstoken json for import (PFA screenshot below)

sudeshjaiswal_0-1691639183937.png

and also add below showLogs true, and capture the logs to see where is is failing.
If you add below parameter you would be able to see more deatailed logs.

{
  "showLogs": true
}

 

If you find the above response useful, Kindly Mark it as "Accept As Solution".

Hi @sudeshjaiswal ,

We have tried with "cookies": "${access_token}". logs are attached. As per our analysis, it is passing only one cookie at the time of API call. In this case it only passed JSESSIONID in cookie parameter.

Suresh1_0-1691674422991.png

Suresh1_1-1691674704156.png

We replicated the same thing in postman and we are getting same response as above if we pass no cookie or only one cookie in cookie field.

Suresh1_3-1691675217700.png

 

Suresh1_2-1691674770301.png

 

RajeshA
Regular Contributor
Regular Contributor

@sudeshjaiswal do you have an update on this, can you let me know if this is possible in Saviynt or do we need to open and idea ticket

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @RajeshA,

Currently one cookie can be passed in the saviynt, would request you to raised the enhancement in the idea portal.

Thanks,

If you find the above response useful, Kindly Mark it as "Accept As Solution".

Hi @sudeshjaiswal ,

In that case, In post call (create user) we are passing only one cookie, is that possible to pass only one selected cookie from 5 cookie values generated ?

Suresh1_0-1692386336007.png

So, in above screen shot, X-XSRF-TOKEN we are passing manually from cookies generated in Get API post call. X-XSRF-TOKEN is one cookie parameter among those 5 cookie values.

Please suggest

Thank you in advance. 

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @Suresh1 ,

In that you can pass the value in the header in the createaccount json and test it,
Sample Json,

{
  "call": [
    {
      "name": "Role",
      "connection": "acctAuth",
      "url": "https://<domain name>/api/users/${account.accountID}",
      "httpMethod": "GET",
      "httpParams": "",
      "httpHeaders": {
        "X-XSRF-TOKEN": "${access_token}",
        "Accept": "application/json"
      },
      "httpContentType": "application/json"
    },
    {
      "name": "Role",
      "connection": "acctAuth",
      "url": "https://<domain name>/api/users/${account.accountID}",
      "httpMethod": "PUT",
      "httpParams": "<?xml version=\"1.0\" encoding=\"UTF-8\"?><user><roles></roles></user>",
      "httpHeaders": {
        "X-XSRF-TOKEN": "${access_token}",
        "Accept": "application/xml"
      },
      "httpContentType": "application/xml"
    },
    {
      "name": "Role",
      "connection": "acctAuth",
      "url": "https://<domain name>/api/users/${account.accountID}",
      "httpMethod": "PUT",
      "httpParams": "<?xml version=\"1.0\" encoding=\"UTF-8\"?><user><roles>${String rolesStr = '';int size = response.Role1.message.roles?.size();int i = 0;for (Map map : response.Role1.message.roles){if(!map.name.equals(entitlementValue.entitlement_value)){rolesStr=rolesStr+'<role><name>'+map.name+'</name></role>';i++;if(i == size){return rolesStr;}}else{i++;if(i == size){return rolesStr;}}}}</roles></user>",
      "httpHeaders": {
        "X-XSRF-TOKEN": "${access_token}",
        "Accept": "application/xml"
      },
      "httpContentType": "application/xml",
      "successResponses": {
        "statusCode": [
          200,
          201
        ]
      }
    },
    {
      "name": "User Group",
      "connection": "acctAuth",
      "url": "https://<domain name>/api/user_group_memberships?user-id=${account.accountID}",
      "httpMethod": "GET",
      "httpParams": "",
      "httpHeaders": {
        "X-XSRF-TOKEN": "${access_token}",
        "Accept": "application/json"
      },
      "httpContentType": "application/json"
    },
    {
      "name": "User Group",
      "connection": "acctAuth",
      "url": "https://<domain name>/api/user_group_memberships/${for (Map map : response.get('User Group1').message){if (map.'user-group-id'.equals(entitlementValue.entitlementID)){return map.id;}}}",
      "httpMethod": "DELETE",
      "httpParams": "",
      "httpHeaders": {
        "X-XSRF-TOKEN": "${access_token}",
        "Accept": "application/json"
      },
      "httpContentType": "application/json",
      "successResponses": {
        "statusCode": [
          403
        ]
      }
    },
    {
      "name": "Business Group",
      "connection": "acctAuth",
      "url": "https://<domain name>/api/users/${account.accountID}",
      "httpMethod": "GET",
      "httpParams": "",
      "httpHeaders": {
        "X-XSRF-TOKEN": "${access_token}",
        "Accept": "application/json"
      },
      "httpContentType": "application/json"
    },
    {
      "name": "Business Group",
      "connection": "acctAuth",
      "url": "https://<domain name>/api/users/${account.accountID}",
      "httpMethod": "PUT",
      "httpParams": "{\"content-groups\":\"\"}",
      "httpHeaders": {
        "X-COUPA-API-KEY": "${access_token}",
        "Accept": "application/json"
      },
      "httpContentType": "application/json"
    },
    {
      "name": "Business Group",
      "connection": "acctAuth",
      "url": "https://<domain name>/api/users/${account.accountID}",
      "httpMethod": "PUT",
      "httpParams": "${List responseList = response.'Business Group1'.message.'content-groups';if(responseList?.size() == 0){return '{\"content-groups\":\"\"}'}else{Set groupSet = new HashSet();Map test1 = new HashMap();int size = responseList.size();int i = 0;for(Map map: responseList){Map test = new HashMap();i++;if(!map.id.toString().equals(entitlementValue.entitlementID)){test.put('id',map.id);groupSet.add(test);if(i == size){test1.put('content-groups',groupSet);return new com.fasterxml.jackson.databind.ObjectMapper().writeValueAsString(test1)}}else{if(i == size){test1.put('content-groups',groupSet);return new com.fasterxml.jackson.databind.ObjectMapper().writeValueAsString(test1)}}}}}",
      "httpHeaders": {
        "X-XSRF-TOKEN": "${access_token}",
        "Accept": "application/json"
      },
      "httpContentType": "application/json",
      "successResponses": {
        "statusCode": [
          200,
          201
        ]
      }
    }
  ]
}

 You can also pass the hardcoded access token in the connnection json.

Thanks. 

If you find the above response useful, Kindly Mark it as "Accept As Solution".