Saviynt Forums

Suresh1 · ‎08/01/2023

Hello All,

We have a requirement to onboard an application which uses cookies in the API call. This application does not use access token, instead it uses cookies from the response headers.

I tried the below JSON suggested in the REST connector handbook, but it seems to be not working in my case, When i am trying to import accounts its not even calling the webservice URL though the connection is showing successful upon each save and test connection.

{
"authentications": {
"acctAuth": {
"authType": "cookies",
"url": "",
"httpMethod": "POST",
"httpParams": {
"username": "<specify username>",
"password": "<specify password>",
"apiKey": "${apiKey}",
"timestamp": "${timestamp}"
},
"httpHeaders": {
"contentType": "application/json"
},
"cookies": "${cookies}",
"properties": {
"apiKey": "${apiKey}"
},
"httpContentType": "application/json",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"SESSION_NOT_VALID",
"AuthenticationFailed",
"HTTP error code : 401"
],
"timeOutError": "Read timed out",
"errorPath": "code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "",
"tokenType": "",
"accessToken": "<specify access token>",
"retryFailureStatusCode": [
500,
502,
401
]
}
}
}

Please suggest the syntax for connectionJSON and ImportAccountEntJSON for cookie based REST connections.

Thank you in advance for you help.

@naveenss @rushikeshvartak

sudeshjaiswal · ‎08/02/2023

Hello @Suresh1,

Can you please provide the response header screenshot from postman, and also briefly explain the authentication flow?

Thanks,

If you find the above response useful, Kindly Mark it as "Accept As Solution".

Suresh1 · ‎08/02/2023

Hi @sudeshjaiswal ,

Below is the response header from Postman.

As shown in the above image all the 5 set-cookie parameters from response headers are being used for authentication.

We are passing clientID and secret in the Body. Once we hit the API call, Cookie key is getting generated and being passed to cookie parameter dynamically in the API headers as shown below.

Let me know if you need any further details.

Thank you!!

sudeshjaiswal · ‎08/02/2023

Hello @Suresh1,

Could you please provide a snapshot of the get call as well,
Are you passing all 5 cookies in a consecutive call?

If you find the above response useful, Kindly Mark it as "Accept As Solution".

Suresh1 · ‎08/03/2023

Hi @sudeshjaiswal ,

Below is the GET call from postman. Yes you are correct all 5 cookie keys are getting passed dynamically to header Cookie parameter.

Thank you !!

sudeshjaiswal · ‎08/06/2023

Hello @Suresh1,

You can use OAUTH2, for your use case,

{
  "authentications": {
    "acctAuth": {
      "authType": "oauth2",
      "url": "",
      "httpMethod": "POST",
      "httpParams": {

      },
      "httpHeaders": {
        "Content-Type": "application/x-www-form-urlencoded"
      },
      "httpContentType": "application/x-www-form-urlencoded",
      "expiryError": "ExpiredAuthenticationToken",
      "authError": [
        "USER_AUTHENTICATION_FAILED"
      ],
      "timeOutError": "error",
      "errorPath": "error",
      "maxRefreshTryCount": 3,
      "tokenResponsePath": "#HEADERS#Set-Cookie",
      "tokenType": "",
      "authHeaderName": "Cookie",
      "retryFailureStatusCode": [
        401
      ],
      "accessToken": "sdfghjk"
    }
  }
}

If you find the above response useful, Kindly Mark it as "Accept As Solution".

RajeshA · ‎08/08/2023

@sudeshjaiswal

PFB the connectionjson we are using based on your above response (I had erased url and client id and secret)

Can you let us know what is the parameter or variable name I need to update in other jsons. PFB screenshot of importaccountentjson and in both cases cookies are not getting passed correctly.

Below is postman call to get the accounts. if you see we are passing cookies in "Cookie" parameter in request header. Can you let us know the variable name to be used to get the cookies from connectionjson to in importaccountentjson

sudeshjaiswal · ‎08/08/2023

Hello @Suresh1 ,

Could you kindly share the cURL response from Postman? We're interested in verifying how the cookies are being transmitted. Specifically, we want to determine whether all five cookies are sent as an array, or if the system is selecting a random cookie from the set of five cookies.

If you find the above response useful, Kindly Mark it as "Accept As Solution".

Suresh1 · ‎08/09/2023

Hi @sudeshjaiswal ,

Below are the CURL code snippets from Postman. All 5 cookie keys are getting passed.

POST Call

GET Call

sudeshjaiswal · ‎08/09/2023

Hello @Suresh1,

Can you provide it in the attach document, please make sure to masked the confidiential information.

If you find the above response useful, Kindly Mark it as "Accept As Solution".

Suresh1 · ‎08/09/2023

Hi @sudeshjaiswal

Attaching the document contains both login API curl command and Get Accounts CURL command.

Note: We have replaced all 5 cookie values with a dummy string value.

sudeshjaiswal · ‎08/09/2023

Hello @Suresh1,

Can you use the $accesstoken json for import (PFA screenshot below)

and also add below showLogs true, and capture the logs to see where is is failing.
If you add below parameter you would be able to see more deatailed logs.

{
  "showLogs": true
}

If you find the above response useful, Kindly Mark it as "Accept As Solution".

Suresh1 · ‎08/10/2023

Hi @sudeshjaiswal ,

We have tried with "cookies": "${access_token}". logs are attached. As per our analysis, it is passing only one cookie at the time of API call. In this case it only passed JSESSIONID in cookie parameter.

We replicated the same thing in postman and we are getting same response as above if we pass no cookie or only one cookie in cookie field.

RajeshA · ‎08/15/2023

@sudeshjaiswal do you have an update on this, can you let me know if this is possible in Saviynt or do we need to open and idea ticket

sudeshjaiswal · ‎08/15/2023

Hello @RajeshA,

Currently one cookie can be passed in the saviynt, would request you to raised the enhancement in the idea portal.

Thanks,

If you find the above response useful, Kindly Mark it as "Accept As Solution".

Suresh1 · ‎08/18/2023

Hi @sudeshjaiswal ,

In that case, In post call (create user) we are passing only one cookie, is that possible to pass only one selected cookie from 5 cookie values generated ?

So, in above screen shot, X-XSRF-TOKEN we are passing manually from cookies generated in Get API post call. X-XSRF-TOKEN is one cookie parameter among those 5 cookie values.

Please suggest

Thank you in advance.

sudeshjaiswal · ‎08/20/2023

Hello @Suresh1 ,

In that you can pass the value in the header in the createaccount json and test it,
Sample Json,

{
  "call": [
    {
      "name": "Role",
      "connection": "acctAuth",
      "url": "https://<domain name>/api/users/${account.accountID}",
      "httpMethod": "GET",
      "httpParams": "",
      "httpHeaders": {
        "X-XSRF-TOKEN": "${access_token}",
        "Accept": "application/json"
      },
      "httpContentType": "application/json"
    },
    {
      "name": "Role",
      "connection": "acctAuth",
      "url": "https://<domain name>/api/users/${account.accountID}",
      "httpMethod": "PUT",
      "httpParams": "<?xml version=\"1.0\" encoding=\"UTF-8\"?><user><roles></roles></user>",
      "httpHeaders": {
        "X-XSRF-TOKEN": "${access_token}",
        "Accept": "application/xml"
      },
      "httpContentType": "application/xml"
    },
    {
      "name": "Role",
      "connection": "acctAuth",
      "url": "https://<domain name>/api/users/${account.accountID}",
      "httpMethod": "PUT",
      "httpParams": "<?xml version=\"1.0\" encoding=\"UTF-8\"?><user><roles>${String rolesStr = '';int size = response.Role1.message.roles?.size();int i = 0;for (Map map : response.Role1.message.roles){if(!map.name.equals(entitlementValue.entitlement_value)){rolesStr=rolesStr+'<role><name>'+map.name+'</name></role>';i++;if(i == size){return rolesStr;}}else{i++;if(i == size){return rolesStr;}}}}</roles></user>",
      "httpHeaders": {
        "X-XSRF-TOKEN": "${access_token}",
        "Accept": "application/xml"
      },
      "httpContentType": "application/xml",
      "successResponses": {
        "statusCode": [
          200,
          201
        ]
      }
    },
    {
      "name": "User Group",
      "connection": "acctAuth",
      "url": "https://<domain name>/api/user_group_memberships?user-id=${account.accountID}",
      "httpMethod": "GET",
      "httpParams": "",
      "httpHeaders": {
        "X-XSRF-TOKEN": "${access_token}",
        "Accept": "application/json"
      },
      "httpContentType": "application/json"
    },
    {
      "name": "User Group",
      "connection": "acctAuth",
      "url": "https://<domain name>/api/user_group_memberships/${for (Map map : response.get('User Group1').message){if (map.'user-group-id'.equals(entitlementValue.entitlementID)){return map.id;}}}",
      "httpMethod": "DELETE",
      "httpParams": "",
      "httpHeaders": {
        "X-XSRF-TOKEN": "${access_token}",
        "Accept": "application/json"
      },
      "httpContentType": "application/json",
      "successResponses": {
        "statusCode": [
          403
        ]
      }
    },
    {
      "name": "Business Group",
      "connection": "acctAuth",
      "url": "https://<domain name>/api/users/${account.accountID}",
      "httpMethod": "GET",
      "httpParams": "",
      "httpHeaders": {
        "X-XSRF-TOKEN": "${access_token}",
        "Accept": "application/json"
      },
      "httpContentType": "application/json"
    },
    {
      "name": "Business Group",
      "connection": "acctAuth",
      "url": "https://<domain name>/api/users/${account.accountID}",
      "httpMethod": "PUT",
      "httpParams": "{\"content-groups\":\"\"}",
      "httpHeaders": {
        "X-COUPA-API-KEY": "${access_token}",
        "Accept": "application/json"
      },
      "httpContentType": "application/json"
    },
    {
      "name": "Business Group",
      "connection": "acctAuth",
      "url": "https://<domain name>/api/users/${account.accountID}",
      "httpMethod": "PUT",
      "httpParams": "${List responseList = response.'Business Group1'.message.'content-groups';if(responseList?.size() == 0){return '{\"content-groups\":\"\"}'}else{Set groupSet = new HashSet();Map test1 = new HashMap();int size = responseList.size();int i = 0;for(Map map: responseList){Map test = new HashMap();i++;if(!map.id.toString().equals(entitlementValue.entitlementID)){test.put('id',map.id);groupSet.add(test);if(i == size){test1.put('content-groups',groupSet);return new com.fasterxml.jackson.databind.ObjectMapper().writeValueAsString(test1)}}else{if(i == size){test1.put('content-groups',groupSet);return new com.fasterxml.jackson.databind.ObjectMapper().writeValueAsString(test1)}}}}}",
      "httpHeaders": {
        "X-XSRF-TOKEN": "${access_token}",
        "Accept": "application/json"
      },
      "httpContentType": "application/json",
      "successResponses": {
        "statusCode": [
          200,
          201
        ]
      }
    }
  ]
}

You can also pass the hardcoded access token in the connnection json.

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".

Saviynt Forums

Cookie based REST connector