and more in a single search tool across platforms. Read the announcement here. |
10/31/2023 04:57 AM
Hi Team,
I am trying to integrate Cyberark using REST connector. The connectonJSON provided in Understanding the Integration Between EIC and CyberArk (saviyntcloud.com) throws syntax error in 23.8.
I have tried to use below, but the connection still fails.
{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"httpHeaders": {
"Accept": "application/xml",
"contentType": "application/json"
},
"authError": [
"ITATS366E",
"PASWS006E"
],
"url": "https://test.privilegecloud.cyberark.com/PasswordVault/api/Auth/cyberark/Logon",
"httpMethod": "POST",
"httpContentType": "application/json",
"errorPath": "ErrorCode",
"maxRefreshTryCount": 5,
"tokenResponsePath": "string.content",
"authHeaderName": "Authorization",
"accessToken": "Basic dgddyfSJASG",
"httpParams": "{\"username\":\"test\",\"password\":\"test\"}",
"retryFailureStatusCode": [
401,
403
],
"testConnectionParams": {
"http": {
"url": "https://test.privilegecloud.cyberark.com/PasswordVault/API/Users/",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"successResponse": [],
"successResponsePath": "",
"errors": [],
"errorPath": "ErrorCode"
}
}
}
}
I am getting the token successfully via postman
and also subsequent call using token is successful.
10/31/2023 07:09 AM
@mohitarora1 , please share the error snippet. Also have showlogs=true in the config json as that may provide more detail that can help to troubleshooting.
10/31/2023 07:48 AM
thanks @nimitdave , I have added the config json, but I think this would be helpful in import. As of now, I am able to see below in the logs on save and test.
11/01/2023 06:27 AM
Hi Team,
Any help on this would be appreciated.
thanks
11/01/2023 10:27 PM
@mohitarora1 , Please see if this helps:
{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"httpHeaders": {
"Accept": "application/xml",
"contentType": "application/json"
},
"authError": [
"ITATS366E",
"PASWS006E"
],
"url": "https://HOSTNAME/PasswordVault/API/Auth/CyberArk/Logon",
"httpMethod": "POST",
"httpContentType": "application/json",
"errorPath": "ErrorCode",
"maxRefreshTryCount": 5,
"tokenResponsePath": "string.content",
"authHeaderName": "Authorization",
"accessToken": "Basic dgddyfSJASG",
"httpParams": "{\"username\":\"@username\",\"password\":\"@password\"}",
"retryFailureStatusCode": [
401,
403
]
}
}
}
11/02/2023 05:47 AM
Hi @nimitdave , this isn't working.
{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"httpHeaders": {
"Accept": "application/xml",
"contentType": "application/json"
},
"authError": [
"ITATS366E",
"PASWS006E"
],
"url": "https://test.privilegecloud.cyberark.com/PasswordVault/API/Auth/CyberArk/Logon",
"httpMethod": "POST",
"httpContentType": "application/json",
"errorPath": "ErrorCode",
"maxRefreshTryCount": 5,
"tokenResponsePath": "string.content",
"authHeaderName": "Authorization",
"accessToken": "Basic dgddyfSJASG",
"httpParams": "{\"username\":\"test\",\"password\":\"test\"}",
"retryFailureStatusCode": [
401,
403
],
"testConnectionParams": {
"http": {
"url": "https://test.privilegecloud.cyberark.com/PasswordVault/API/Users",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"successResponse": [
200
],
"successResponsePath": "Users",
"errors": [],
"errorPath": "ErrorCode"
}
}
}
}
In my opinion, saviynt is not able to read the token via string.content, because I hard coded the token and it brought the data.
Cyberark API returns the token without path to identify the token, the response itself is the token.
Thanks,
Mohit Arora
11/03/2023 05:54 AM
@nimitdave I have noticed, we are getting 401 code, and Saviynt is unable to refresh the token and eventually job fails. It works if we provide hard coded token in the JSONs, can you confirm so that if this is an issue and requires a support ticket.
Thanks,
Mohit
11/03/2023 07:12 AM
@mohitarora1 , can you share the body for request that provides you that token. I think we are missing another call to get the token as https://URL/PasswordVault/API/Auth/CyberArk/Logon is just logon to the vault. But to make the API calls you will be using a different user and the response of above url will help to fetch the secret for that user(appuser). And then token/secret from AIMWebService/api/Accounts call will be used for importing/provisioning data. Sample attached below:
*********************************************************
{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"httpParamsName": "password",
"call": {
"call1": {
"callOrder": 0,
"url": "https://URL/AIMWebService/api/Accounts?appID=<appuser>&safe=<safename>&object=<appname>",
"httpMethod": "GET",
"httpHeaders": {
"Accept": "application/json"
},
"httpContentType": "application/json",
"keyPath": "Content",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
}
}
},
"url": "https://URL/PasswordVault/API/Auth/CyberArk/Logon",
"httpMethod": "POST",
"httpParams": {
"username": "saviynt_ops",
"password": "abcd"
},
"httpHeaders": {
"Accept": "application/xml"
},
"httpContentType": "application/x-www-form-urlencoded",
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed",
"FAILURE",
"INVALID_SESSION_ID",
"ExpiredAuthenticationToken",
"Read timed out",
401
],
"retryFailureStatusCode": [
401
],
"errorPath": "errors.type",
"maxRefreshTryCount": 5,
"tokenResponsePath": "string.content",
"tokenType": "",
"accessToken": ""
}
}
}
**********************************************************************************
11/03/2023 07:28 AM
Hi @nimitdave ,
I am following below API documentation provided by Cyberark team.
Below is the screenshot of the token request.
In the documentation, it is mentioned to use the token received from the logon request for subsequent calls and it works for me in the postman and with hard-coded token in saviynt.
Thanks
11/03/2023 08:00 PM
Can you try below
{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"httpHeaders": {
"Accept": "application/xml",
"contentType": "application/json"
},
"authError": [
"ITATS366E",
"PASWS006E"
],
"url": "https://<<hostname>>/PasswordVault/API/Auth/CyberArk/Logon",
"httpMethod": "POST",
"httpContentType": "application/json",
"errorPath": "ErrorCode",
"maxRefreshTryCount": 5,
"tokenResponsePath": "string.content",
"authHeaderName": "Authorization",
"accessToken": "<access token>",
"httpParams": ""
}
}
},
{
"username": "admin",
"password": "@password@"
}
11/06/2023 03:20 AM
Hi @rushikeshvartak , connection json works syntax wise but saviynt is not validating the actual connection, it just checks the syntax of it, even if you provide invalid credentials. Problem here is, even though connection is successful, the import is failing, because it is unable to generate token. If I hard code the token in the import json, it works and brings in the data.
Even if I provide right credentials in the JSON, saviynt is not able to generate the token and we get 401 error while refreshing token.
Thanks,
Mohit Arora
Thanks,
Mohit Arora
11/07/2023 04:03 AM - edited 11/07/2023 05:12 AM
Hi @mohitarora1
Can you try the connection json as below only changing the url ,username and password and try it out.
{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"httpHeaders": {
"Accept": "application/xml",
"contentType": "application/json"
},
"authError": [
"ITATS366E",
"PASWS006E"
],
"url": "https://<<hostname>>/PasswordVault/API/Auth/CyberArk/Logon",
"httpMethod": "POST",
"httpContentType": "application/json",
"errorPath": "ErrorCode",
"maxRefreshTryCount": 5,
"tokenResponsePath": "string.content",
"authHeaderName": "Authorization",
"accessToken": "<access token>,\r\n",
"httpParams": ": "
}
}
},
{
"username": "admin",
"password": "@password@"
}
Thanks
Darshan
11/07/2023 04:07 AM
11/07/2023 04:11 AM
Hi @mohitarora1
can you create a FD ticket on this mentioning the forum link, we will get it checked internally . please attach the logs and all the connection json's you tried.
Thanks
Darshan
11/07/2023 05:23 AM
Hi @mohitarora1
Did you try with tokenresponsepath as blank , if not please try with below json once and let me know.
{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"httpParamsName": "password",
"call": {
"call1": {
"callOrder": 0,
"url": "",
"httpMethod": "GET",
"httpHeaders": {
"Accept": "application/json"
},
"httpContentType": "application/json",
"keyPath": "Content",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
}
}
},
"url": "
https://cyberark.com/PasswordVault/API/Auth/CyberArk/Logon"
,
"httpMethod": "POST",
"httpParams": {
"username": "test",
"password": "test",
"concurrentSession":"True"
},
"httpHeaders": {
"Accept": "application/json"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed",
"FAILURE",
"INVALID_SESSION_ID",
"ExpiredAuthenticationToken",
"Read timed out",
"PASWS013E",
401,
403,
500
],
"retryFailureStatusCode": [
401,
403,
500
],
"errorPath": "errors.type",
"maxRefreshTryCount": 5,
"tokenResponsePath": "",
"tokenType": "",
"accessToken": "test"
}
}
}
Thanks
Darshan
11/07/2023 05:49 AM
Hi @Darshanjain ,
This isn't working, in the logs I can see, it tries to refresh the token 5 times and throwing exception each time.
Thanks,
Mohit Arora
11/15/2023 04:42 AM - edited 11/15/2023 04:42 AM
11/20/2023 05:01 AM
Hi @Nmaheshwari ,
No, we have raised a saviynt support ticket for this. Yet to get a solution for it.
Thanks,
Mohit Arora
11/24/2023 04:47 AM
See if this helps, resolved a similar cyberArk Logon issue.
Access Token Refresh Failure Issue - CyberArk(Targ... - Saviynt Forums - 61818