Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/03/2024 06:20 AM - last edited on 06/03/2024 11:26 PM by Sunil
I am trying to configure the userImportJson to perform a user import of DUO accounts to supplement user data in saviynt. Currently we have two active and working DUO connections. One OOTB DUO connection used for reconciliation only. A second REST connection that is used for account operations like create/update/enable/disable. Both of these connections work as is. The problem is when I introduce an importUserJson config, crafted using info from the Developer's Handbook as shown here:
{
"connection": "acctAuth",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"url": "https://api-.duosecurity.com/admin/v1/users ",
"httpMethod": "GET",
"httpHeaders": {
"Accept": "application/json",
"Authorization": "${access_token}",
"Content-Type":"application/x-www-form-urlencoded"
},
"userResponsePath": "response",
"colsToPropsMap": {
"username": "notes~#~char",
"customproperty59": "phones[0].number~#~char"
}
}
When trying to run a user import I see the following error in the logs, any suggestions on what the issue might be? This is the same endpoint we're using for account imports.
"2024-06-03T13:18:11.580+00:00","ecm","services.HttpClientUtilityService","http-nio-8080-exec-8-fnvkv","DEBUG","called executeGetRequestWithHeaders for api..."
"2024-06-03T13:18:11.580+00:00","ecm","services.HttpClientUtilityService","http-nio-8080-exec-8-fnvkv","DEBUG","after calling executeRequestWithHeaders for api..."
"2024-06-03T13:18:11.581+00:00","ecm","services.HttpClientUtilityService","http-nio-8080-exec-8-fnvkv","DEBUG","called api..."
"2024-06-03T13:18:11.581+00:00","ecm","services.HttpClientUtilityService","http-nio-8080-exec-8-fnvkv","DEBUG","timeout validated for api..."
"2024-06-03T13:18:11.581+00:00","ecm","services.HttpClientUtilityService","http-nio-8080-exec-8-fnvkv","DEBUG","got response for api..."
"2024-06-03T13:18:11.581+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-8-fnvkv","DEBUG",""
"2024-06-03T13:18:11.581+00:00","ecm","rest.RestUtilService","http-nio-8080-exec-8-fnvkv","DEBUG","pullObjectsByRest - responseStatusCode ::null"
"2024-06-03T13:18:11.581+00:00","ecm","rest.RestUtilService","http-nio-8080-exec-8-fnvkv","DEBUG","Got showLogs = true"
"2024-06-03T13:18:11.582+00:00","ecm","rest.RestUtilService","http-nio-8080-exec-8-fnvkv","DEBUG","Got null response statusCode with erroMsg - [error:Error api-143f79bb.duosecurity.com:443 failed to respond]"
"2024-06-03T13:18:11.582+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-8-fnvkv","ERROR","Exception in getting response in pullObjectsByRest :"
"2024-06-03T13:18:11.843+00:00","ecm","","null-fnvkv","","java.lang.Exception: NullResponseFromTarget at com.saviynt.provisoning.rest.RestUtilService.checkForErrorMsg(RestUtilService.groovy:1463) at com.saviynt.provisoning.rest.RestProvisioningService.pullObjectsByRest(RestProvisioningService.groovy:4551) at com.saviynt.provisoning.rest.RestProvisioningService.testConnectionRest(RestProvisioningService.groovy:11122) at com.saviynt.ecm.integration.ExternalConnectionCallService.testExternalConnection(ExternalConnectionCallService.groovy:1060) at com.saviynt.ecm.utility.domain.EcmConfigController$_closure21.doCall(EcmConfigController.groovy:776) at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53) at com.saviynt.webservice.SaviyntRestAuthenticationFilter.doFilter(SaviyntRestAuthenticationFilter.groovy:158) at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62) at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.java:59) at com.mrhaki.grails.plugin.xframeoptions.web.XFrameOptionsFilter.doFilterInternal(XFrameOptionsFilter.java:69) at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82) at java.lang.Thread.run(Thread.java:750)"
"2024-06-03T13:18:11.582+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-8-fnvkv","DEBUG","Inside validateErrorResponse"
"2024-06-03T13:18:11.583+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-8-fnvkv","DEBUG","Null response from the Target. Target Error Message: [responseText:null, statusCode:null]"
"2024-06-03T13:18:11.583+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-8-fnvkv","ERROR","Error while saving the Connection: [Null response from the Target. Target Error Message: [responseText:null, statusCode:null]]"
"2024-06-03T13:18:11.583+00:00","ecm","domain.EcmConfigController","http-nio-8080-exec-8-fnvkv","ERROR","ErrorMessage res : [Null response from the Target. Target Error Message: [responseText:null, statusCode:null]]"
"2024-06-03T13:18:05.224+00:00","ecm","domain.JobcontrolController","http-nio-8080-exec-2-2ln68","INFO","Auditing for list of JobControl"
"2024-06-03T13:18:05.225+00:00","ecm","domain.JobcontrolController","http-nio-8080-exec-2-2ln68","INFO","Auditing process completed for JobControl"
[This message has been edited by moderator to disable url hyperlink]
06/03/2024 06:30 AM
@jralexander137 Check connectivity from target system telnet opened or not and it working in postman?
error:Error api-143f79bb.duosecurity.com:443 failed to respond]"
"2024-06-03T13:18:11.582+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-8-fnvkv","ER
06/03/2024 06:33 AM - edited 06/03/2024 06:36 AM
The URL endpoint is the same one we're using in the accountEntImportJson and that works just fine. I am able to import accounts. And to confirm, i just added :443 to the postman call and in the accountImport config and both worked fine. I am not explicitly stating port 443 anywhere in the importUserJson config either.
06/03/2024 11:36 AM
06/03/2024 11:43 AM - edited 06/03/2024 11:46 AM
Connector type is REST
And yes connection name is acctAuth like the rest of the configs.
The issue almost certainly lies with the HMAC signature not being passed properly but the connector doesn't display the outbound payload in the logs to review.
06/03/2024 11:44 AM
Please share postman screenshot and curl command [Refer https://codingnconcepts.com/postman/how-to-generate-curl-command-from-postman/ ]
⚠️‼️‼️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.‼️‼️⚠️
06/03/2024 11:50 AM
curl --location 'https://api-.duosecurity.com/admin/v1/users' \
--header 'Date: Mon, 03 Jun 2024 14:47:00 -0400' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic RElEVU5NNE1ZQ05GWUU4NVk0TEU6NDU5M2M0ZmFjOGZlMDFjMWJmYzNkZjYzZDgxODI2NDUxYTExYjM5OA=='
The token in the curl snip is the calculated HMAC string which is what the connector should be doing. There is no authentication endpoint available to generate a token to be passed into subsequent calls, just the HMAC signature. Also, I removed part of the URL in curl snip to hide sensitive value.
06/03/2024 07:06 PM
{
"connection": "acctAuth",
"successResponses": {
"statusCode": [200, 201, 202, 203, 204, 205]
},
"url": "https://api-.duosecurity.com/admin/v1/users",
"httpMethod": "GET",
"httpHeaders": {
"Accept": "application/json",
"Authorization": "${access_token}",
"Content-Type": "application/x-www-form-urlencoded",
"Date": "new Date().format("EEE, dd MMM yyyy HH:mm:ss Z", TimeZone.getDefault())"
},
"userResponsePath": "response",
"colsToPropsMap": {
"username": "notes~#~char",
"customproperty59": "phones[0].number~#~char"
}
}
06/05/2024 07:10 AM
I am getting the following error when trying to send Date value as a header: Failed url-https://api-.duosecurity.com/admin/v1/users with Error Message-{"code": 40104, "message": "Missing request timestamp", "stat": "FAIL"}
This is the header config I have "Date": "new SimpleDateFormat(\"yyyy-MM-dd'T'HH:mm:ssXXX\", Locale.US).format(new Date())" based on the following req from api docs:
The full config is {
"connection": "acctAuth",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"url": "https://api-.duosecurity.com/admin/v1/users",
"httpMethod": "GET",
"httpParams": "",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json",
"Content-Type":"application/x-www-form-urlencoded",
"Date": "new SimpleDateFormat(\"yyyy-MM-dd'T'HH:mm:ssXXX\", Locale.US).format(new Date())"
},
"userResponsePath": "response",
"colsToPropsMap": {
"username": "notes~#~char",
"customproperty59": "phones[0].number~#~char"
}
}
Am I missing something here? This looks like it should work.
06/05/2024 10:17 PM
{
"connection": "acctAuth",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"url": "https://api-.duosecurity.com/admin/v1/users",
"httpMethod": "GET",
"httpParams": "",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json",
"Content-Type": "application/x-www-form-urlencoded",
"Date": "${new SimpleDateFormat(\"yyyy-MM-dd'T'HH:mm:ssXXX\", Locale.US).format(new Date())}"
},
"userResponsePath": "response",
"colsToPropsMap": {
"username": "notes~#~char",
"customproperty59": "phones[0].number~#~char"
}
}
06/06/2024 03:56 AM
Failed url-https://api-143f79bb.duosecurity.com/admin/v1/users with Error Message-{"code": 40104, "message": "Missing request timestamp", "stat": "FAIL"}
Still getting the same error response.
06/09/2024 09:52 PM
06/10/2024 05:52 AM
Sure did. Also tried it in the existing connection where account operations are. UserImport doesn't work in either case.