and more in a single search tool across platforms. Read the announcement here. |
08/22/2023 05:02 AM - edited 08/22/2023 05:03 AM
Hi All,
We are trying to import the cyberArk application data (Users, Groups, Safes and Privileged Accounts) using the rest connector below is the ConnectionJSON and ImportAccountEntJSON
ConnectionJSON : This is successful when Save & Test Connection
{
"authentications": {
"acctAuth": {
"authType": "basic",
"httpHeaders": {
"Accept": "application/xml",
"contentType": "application/json"
},
"authError": [
"ITATS366E",
"PASWS006E"
],
"url": "BaseURL/PasswordVault/API/Auth/CyberArk/Logon",
"httpMethod": "POST",
"httpContentType": "application/json",
"errorPath": "ErrorCode",
"maxRefreshTryCount": 5,
"tokenResponsePath": "string.content",
"authHeaderName": "Authorization",
"accessToken": "Basic suyssbddf",
"httpParams":{}
}
}
},
{
"username": "username_cd",
"password": "cdes_shfhb_"
}
ImportAccountEntJSON: After adding this JSON and running the Application Import Job- See error as follow
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"statusColumn": "customproperty7",
"activeStatus": [
"true"
],
"deleteLinks": true,
"accountThresholdValue": 20,
"correlateInactiveAccounts": false,
"inactivateAccountsNotInFile": true,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "BaseURL/PasswordVault/API/Users",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpMethod": "GET",
"httpContentType": "application/json"
},
"listField": "Users",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "username~#~char"
},
"makeProcessingStatus": true
},
"call2": {
"callOrder": 1,
"stageNumber": 3,
"http": {
"url": "BaseURL/PasswordVault/API/Users/${accountName}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpMethod": "GET",
"httpContentType": "application/json"
},
"inputParams": {
"dependentCall": true
},
"listField": "",
"keyField": "accountID",
"nextApiKeyField": "accountID",
"colsToPropsMap": {
"name": "username~#~char",
"status": "enableUser~#~char",
"displayName": "username~#~char",
"accounttype": "userType~#~char",
"customproperty1": "source~#~char",
"customproperty2": "componentUser~#~char",
"customproperty3": "vaultAuthorization~#~char",
"customproperty5": "location~#~char",
"customproperty6": "suspended~#~char",
"customproperty7": "enableUser~#~char",
"customproperty8": "lastSuccessfulLoginDate~#~char",
"customproperty9": "unAuthorizedInterfaces~#~char",
"customproperty10": "authenticationMethod~#~char",
"customproperty11": "passwordNeverExpires~#~char",
"customproperty12": "distinguishedName~#~char",
"customproperty13": "description~#~char",
"customproperty14": "businessAddress~#~char",
"customproperty15": "internet~#~char",
"customproperty16": "phones~#~char",
"customproperty17": "personalDetails~#~char",
"accountID": "id~#~char"
}
}
}
},
"entitlementParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"Groups": {
"entTypeOrder": 0,
"entTypeLabels": {
"customproperty1": "Group Type",
"customproperty2": "Location"
},
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"url": "BaseURL/PasswordVault/API/UserGroups",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "groupName~#~char",
"displayname": "groupName~#~char",
"description": "description~#~char",
"entitlement_glossary": "description~#~char",
"customproperty1": "groupType~#~char",
"customproperty2": "location~#~char"
},
"disableDeletedEntitlements": true
}
}
},
"Safes": {
"entTypeOrder": 1,
"entTypeLabels": {
"customproperty1": "Safe URL ID",
"customproperty2": "Location"
},
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"url": "BaseURL/PasswordVault/API/Safes",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "Safes",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "SafeUrlId~#~char",
"entitlement_value": "SafeName~#~char",
"displayname": "SafeName~#~char",
"description": "Description~#~char",
"entitlement_glossary": "SafeName~#~char",
"customproperty1": "SafeUrlId~#~char",
"customproperty2": "Location~#~char"
},
"disableDeletedEntitlements": true
}
}
},
"PrivilegedAccounts": {
"entTypeOrder": 2,
"entTypeLabels": {
"customproperty1": "userName",
"customproperty2": "Platform ID",
"customproperty3": "Safe Name",
"customproperty4": "Secret Type",
"customproperty5": "Application ID",
"customproperty6": "Active Directory ID",
"customproperty7": "automaticManagementEnabled",
"customproperty8": "Status",
"customproperty9": "lastModifiedTime",
"customproperty10": "createdTime"
},
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"url": "BaseURL/PasswordVault/API/Accounts",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "name~#~char",
"displayname": "name~#~char",
"description": "name~#~char",
"entitlement_glossary": "name~#~char",
"customproperty1": "userName~#~char",
"customproperty2": "platformId~#~char",
"customproperty3": "safeName~#~char",
"customproperty4": "secretType~#~char",
"customproperty5": "platformAccountProperties.ApplicationID~#~char",
"customproperty6": "platformAccountProperties.ActiveDirectoryID~#~char",
"customproperty7": "secretManagement.automaticManagementEnabled~#~char",
"customproperty8": "secretManagement.status~#~char",
"customproperty9": "secretManagement.lastModifiedTime~#~char",
"customproperty10": "createdTime~#~char"
},
"disableDeletedEntitlements": true
}
}
}
}
},
"acctEntParams": {
"connection": "acctAuth",
"entTypes": {
"Safes": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"showJobHistory": true,
"processingType": "httpEntToAcct",
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "BaseURL/PasswordVault/API/Safes/${id}/Members",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET"
},
"listField": "SafeMembers",
"entKeyField": "entitlementID",
"acctIdPath": "MemberName",
"acctKeyField": "name"
}
}
}
}
},
"entMappingParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"Safes": {
"ent1KeyField": "entitlement_value",
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "BaseURL/PasswordVault/API/Accounts",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"ent1IdPath": "safeName",
"ent2IdPath": "id",
"ent2KeyField": "entitlementID",
"targetEntType": "PrivilegedAccounts",
"mappingTypes": [
"ENT2"
]
}
}
}
}
}
}
Error Message in the job details:
Logs :
Could anyone please let know what I am missing or going wrong with in the JSON's ? Any help would be good.
Thank you,
Vidya D Mudagal
08/23/2023 12:17 AM
Hello @vmudagal1,
Can you please try passing the Username /password as mentioned in the developer handbooks,
Sample:
{ "authentications": { "acctAuth": { "authType": "Basic", "url": "https://<domain name>", "httpMethod": "POST", "httpParams": {}, "httpHeaders": {}, "httpContentType": "text/html", "properties": { "userName": "username", "password": "password" }, "expiryError": "Couldn't authenticate you", "authError": [ "Couldn't authenticate you" ], "timeOutError": "Read timed out", "errorPath": "error", "maxRefreshTryCount": 5, "tokenResponsePath": "access_token", "tokenType": "Basic", "accessToken": "Basic asdfghjkl", "testConnectionParams": { "http": { "url": "https://<domain name>/api/v2/users.json", "httpHeaders": { "Authorization": "${access_token}" }, "httpContentType": "application/json", "httpMethod": "GET" }, "successResponse": [], "successResponsePath": "", "errors": [ "Couldn't authenticate you" ], "errorPath": "error" } } } }
For Ref:-
https://docs.saviyntcloud.com/bundle/REST-v23x/page/Content/Developers-Handbook.htm
https://docs.saviyntcloud.com/bundle/CyberArk-REST-v2022x/page/Content/Understanding-the-Integration...
08/23/2023 02:58 AM
Thank you for your response. The below JSON worked to pull few of the data like Account, Groups and Privileged Accounts.
Connection JSON
{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"httpHeaders": {
"Accept": "application/xml",
"contentType": "application/json"
},
"authError": ["ITATS366E","PASWS006E"],
"url": "https://HOSTNAME/PasswordVault/API/Auth/CyberArk/Logon",
"httpMethod": "POST",
"httpContentType": "application/json",
"errorPath": "ErrorCode",
"maxRefreshTryCount": 5,
"tokenResponsePath": "string.content",
"authHeaderName": "Authorization",
"accessToken": "Basic dgddyfSJASG",
"httpParams": "{\"username\":\"@username\",\"password\":\"@password\"}",
"retryFailureStatusCode": [
401,
403
]
}
}
}
Thanks,
Vidya D Mudagal
08/31/2023 04:30 AM
Hi Vidya,
Thanks for the information. We also have similar implementation where we are integrating CyberArk using a REST connector. However, we are seeing the below error during creating the account. (attached below).
Note: Tasks are getting completed in Saviynt but the provisioning is not working in reality.
Did you come across this error before or could you please let me know if you see any error?
Error:
Connection Json:
{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"httpHeaders": {
"Accept": "application/xml",
"contentType": "application/json"
},
"authError": ["ITATS366E","PASWS006E"],
"url": "https://XXXX/passwordvault/api/Auth/cyberark/logon",
"httpMethod": "POST",
"httpContentType": "application/json",
"errorPath": "ErrorCode",
"maxRefreshTryCount": 5,
"tokenResponsePath": "string.content",
"authHeaderName": "Authorization",
"accessToken": "Basic dgddyfSJASG",
"httpParams": "{\"username\":\"@username\",\"password\":\"@password\"}",
"retryFailureStatusCode": [
401,
403
]
}
}
}
CreateAccountJson for reference:
{
"accountIdPath": "accountName",
"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "https://XXXXX/passwordvault/api/accounts",
"httpMethod": "POST",
"httpParams": "{\"name\": \"${task.accountName}\", \"address\": \"myXXX.com\", \"userName\":\"${task.accountName}\", \"platformId\": \"WinServerLocal\", \"safeName\": \"Icc_Safe_Test\", \"secretType\": \"password\"}",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201
]
}
}
]
}
Thanks!
08/31/2023 07:53 AM
Hi @Bharadwaj,
I am still trying to get the data import to Saviynt for the membership of entitlement and account.
As for the "Access Token is null" I haven't come across this error until now.
Thank you,
Vidya D Mudagal
08/31/2023 07:06 PM - edited 08/31/2023 07:10 PM
Hi @Vedanth_BK , @nimitdave
Could you please let us know what could be the issue here?
Providing you the screenshots of the logon URL response and the respective body for creating account that worked in Postman.
Logon response from Postman:
Create account body(working) from Postman:
Response:
Appreciate your help!
Thanks!
09/01/2023 02:38 AM - edited 09/01/2023 08:35 AM
Hi @Bharadwaj
Can you please keep the below param as blank as for token its null and try it.
"tokenResponsePath": "",
Thanks
Darshan
09/13/2023 05:54 AM
Hi Darshan,
this is also not working. ("tokenResponsePath": "",)
the connection JSON cannot capture the session token from the response.
any other way, to capture the token comes without a jsonPath in the response?
regards,
partha
09/15/2023 03:49 AM
Hi Darshan,
we trird the connection JSON with "authType": "BasicWithAccessToken"
{ "authentications": { "acctAuth": { "authType": "BasicWithAccessToken", "httpHeaders": { "contentType": "application/x-www-form-urlencoded" }, "authError": [ "ITATS366E", "PASWS006E" ], "url": https://*********/passwordvault/api/Auth/cyberark/logon, "httpMethod": "POST", "httpContentType": "application/x-www-form-urlencoded", "errorPath": "ErrorCode", "maxRefreshTryCount": 5, "tokenResponsePath": "string.content", "authHeaderName": "Authorization", "accessToken": "", "tokenType": "Basic", "httpParams": { "username": "***********", "password": "*************", "concurrentSession": "true" }, "retryFailureStatusCode": [ 401, 403 ], "testConnectionParams": { "http": { "url": https://*********/passwordvault/API/Accounts?limit=25, "httpHeaders": { "Authorization": "${access_token}", "Accept": "application/json" }, "httpContentType": "application/json", "httpMethod": "GET" }, "successResponses": { "statusCode": [ 200, 201 ] }, "successResponsePath": "", "errors": [ "Couldn't authenticate you" ], "errorPath": "error" } } } } |
But that didnot work either.
its throwing below error
09/15/2023 10:09 AM
Hi @parthaghosh
On the postman response, if you click on raw how does it see, the main issue is response is not in json format and its not picking
Thanks
Darshan
09/19/2023 12:11 AM
Hi @Darshanjain ,
The RAW view is also a simple text. "<TOKEN>"
this response is a simplet string, not in JSON format.
I was just being curious, it the connector has a limitation that it cannot capture the token from the response string, is it resolved in th higher version?
if so, then, can it be back ported to our version (5.5 sp3.12) using a patch, as a temporary solution?
Then we can approach the support.
pleaase advise.
regards,
Partha
09/20/2023 03:07 AM - edited 09/20/2023 03:08 AM
Hi @Darshanjain ,
CyberArk Gen-1 auth call is working fine. we are getting a JSON response and token is captured with "tokenResponsePath": "CyberArkLogonResult".
09/20/2023 03:12 AM
Okay Thanks for the update and hope now all the calls are working.
Thanks
Darshan
09/20/2023 04:29 AM
yes
11/02/2023 11:19 PM - edited 11/08/2023 10:48 PM
Hi @parthaghosh,
When running Access Import Job, I see below errorcode in logs in Saviynt and dont see a JOb end date time being logged in job details page.
Dont see a complete import of data the job is not reaching the "acctEntParams" section as its getting terminated without any job details being logged.
Errorcode:CAWS00001E
I am using Gen 2 API calls of CyberArk as given in the Documentation. Did using Gen 1 API call import all the records of data into Saviynt and any issues of jobs getting terminated after long runs?
Request to provide your input.
Thank you,
Vidya D Mudagal