Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

DUO Rest ImportUserJson Issue

jralexander137
New Contributor III
New Contributor III

I am trying to configure the userImportJson to perform a user import of DUO accounts to supplement user data in saviynt. Currently we have two active and working DUO connections. One OOTB DUO connection used for reconciliation only. A second REST connection that is used for account operations like create/update/enable/disable. Both of these connections work as is. The problem is when I introduce an importUserJson config, crafted using info from the Developer's Handbook as shown here:

{
"connection": "acctAuth",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"url": "https://api-.duosecurity.com/admin/v1/users ",
"httpMethod": "GET",
"httpHeaders": {
"Accept": "application/json",
"Authorization": "${access_token}",
"Content-Type":"application/x-www-form-urlencoded"
},
"userResponsePath": "response",
"colsToPropsMap": {
"username": "notes~#~char",
"customproperty59": "phones[0].number~#~char"
}
}

When trying to run a user import I see the following error in the logs, any suggestions on what the issue might be? This is the same endpoint we're using for account imports.

"2024-06-03T13:18:11.580+00:00","ecm","services.HttpClientUtilityService","http-nio-8080-exec-8-fnvkv","DEBUG","called executeGetRequestWithHeaders for api..."
"2024-06-03T13:18:11.580+00:00","ecm","services.HttpClientUtilityService","http-nio-8080-exec-8-fnvkv","DEBUG","after calling executeRequestWithHeaders for api..."
"2024-06-03T13:18:11.581+00:00","ecm","services.HttpClientUtilityService","http-nio-8080-exec-8-fnvkv","DEBUG","called api..."
"2024-06-03T13:18:11.581+00:00","ecm","services.HttpClientUtilityService","http-nio-8080-exec-8-fnvkv","DEBUG","timeout validated for api..."
"2024-06-03T13:18:11.581+00:00","ecm","services.HttpClientUtilityService","http-nio-8080-exec-8-fnvkv","DEBUG","got response for api..."
"2024-06-03T13:18:11.581+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-8-fnvkv","DEBUG",""
"2024-06-03T13:18:11.581+00:00","ecm","rest.RestUtilService","http-nio-8080-exec-8-fnvkv","DEBUG","pullObjectsByRest - responseStatusCode ::null"
"2024-06-03T13:18:11.581+00:00","ecm","rest.RestUtilService","http-nio-8080-exec-8-fnvkv","DEBUG","Got showLogs = true"
"2024-06-03T13:18:11.582+00:00","ecm","rest.RestUtilService","http-nio-8080-exec-8-fnvkv","DEBUG","Got null response statusCode with erroMsg - [error:Error api-143f79bb.duosecurity.com:443 failed to respond]"
"2024-06-03T13:18:11.582+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-8-fnvkv","ERROR","Exception in getting response in pullObjectsByRest :"
"2024-06-03T13:18:11.843+00:00","ecm","","null-fnvkv","","java.lang.Exception: NullResponseFromTarget at com.saviynt.provisoning.rest.RestUtilService.checkForErrorMsg(RestUtilService.groovy:1463) at com.saviynt.provisoning.rest.RestProvisioningService.pullObjectsByRest(RestProvisioningService.groovy:4551) at com.saviynt.provisoning.rest.RestProvisioningService.testConnectionRest(RestProvisioningService.groovy:11122) at com.saviynt.ecm.integration.ExternalConnectionCallService.testExternalConnection(ExternalConnectionCallService.groovy:1060) at com.saviynt.ecm.utility.domain.EcmConfigController$_closure21.doCall(EcmConfigController.groovy:776) at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53) at com.saviynt.webservice.SaviyntRestAuthenticationFilter.doFilter(SaviyntRestAuthenticationFilter.groovy:158) at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62) at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.java:59) at com.mrhaki.grails.plugin.xframeoptions.web.XFrameOptionsFilter.doFilterInternal(XFrameOptionsFilter.java:69) at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82) at java.lang.Thread.run(Thread.java:750)"
"2024-06-03T13:18:11.582+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-8-fnvkv","DEBUG","Inside validateErrorResponse"
"2024-06-03T13:18:11.583+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-8-fnvkv","DEBUG","Null response from the Target. Target Error Message: [responseText:null, statusCode:null]"
"2024-06-03T13:18:11.583+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-8-fnvkv","ERROR","Error while saving the Connection: [Null response from the Target. Target Error Message: [responseText:null, statusCode:null]]"
"2024-06-03T13:18:11.583+00:00","ecm","domain.EcmConfigController","http-nio-8080-exec-8-fnvkv","ERROR","ErrorMessage res : [Null response from the Target. Target Error Message: [responseText:null, statusCode:null]]"
"2024-06-03T13:18:05.224+00:00","ecm","domain.JobcontrolController","http-nio-8080-exec-2-2ln68","INFO","Auditing for list of JobControl"
"2024-06-03T13:18:05.225+00:00","ecm","domain.JobcontrolController","http-nio-8080-exec-2-2ln68","INFO","Auditing process completed for JobControl"

[This message has been edited by moderator to disable url hyperlink]

12 REPLIES 12

Raghu
All-Star
All-Star

@jralexander137  Check connectivity from target system telnet opened or not and it working in postman?

error:Error api-143f79bb.duosecurity.com:443 failed to respond]"
"2024-06-03T13:18:11.582+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-8-fnvkv","ER


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

jralexander137
New Contributor III
New Contributor III

The URL endpoint is the same one we're using in the accountEntImportJson and that works just fine. I am able to import accounts. And to confirm, i just added :443 to the postman call and in the accountImport config and both worked fine. I am not explicitly stating port 443 anywhere in the importUserJson config either.

  • Does connection name is correct ?
  • What is connector type ?

Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

Connector type is REST

And yes connection name is acctAuth like the rest of the configs. 

The issue almost certainly lies with the HMAC signature not being passed properly but the connector doesn't display the outbound payload in the logs to review.

Please share postman screenshot and curl command [Refer https://codingnconcepts.com/postman/how-to-generate-curl-command-from-postman/ ]
⚠️‼️‼️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.‼️‼️⚠️


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

curl --location 'https://api-.duosecurity.com/admin/v1/users' \
--header 'Date: Mon, 03 Jun 2024 14:47:00 -0400' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic RElEVU5NNE1ZQ05GWUU4NVk0TEU6NDU5M2M0ZmFjOGZlMDFjMWJmYzNkZjYzZDgxODI2NDUxYTExYjM5OA=='

jralexander137_0-1717440546447.png

The token in the curl snip is the calculated HMAC string which is what the connector should be doing. There is no authentication endpoint available to generate a token to be passed into subsequent calls, just the HMAC signature. Also, I removed part of the URL in curl snip to hide sensitive value.

{
"connection": "acctAuth",
"successResponses": {
"statusCode": [200, 201, 202, 203, 204, 205]
},
"url": "https://api-.duosecurity.com/admin/v1/users",
"httpMethod": "GET",
"httpHeaders": {
"Accept": "application/json",
"Authorization": "${access_token}",
"Content-Type": "application/x-www-form-urlencoded",
"Date": "new Date().format("EEE, dd MMM yyyy HH:mm:ss Z", TimeZone.getDefault())"
},
"userResponsePath": "response",
"colsToPropsMap": {
"username": "notes~#~char",
"customproperty59": "phones[0].number~#~char"
}
}


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

I am getting the following error when trying to send Date value as a header: Failed url-https://api-.duosecurity.com/admin/v1/users with Error Message-{"code": 40104, "message": "Missing request timestamp", "stat": "FAIL"}

This is the header config I have "Date": "new SimpleDateFormat(\"yyyy-MM-dd'T'HH:mm:ssXXX\", Locale.US).format(new Date())" based on the following req from api docs: 

  • Are the Date and time zone used RFC 3339 compliant?? If not, you may get a 40104 or 40105 response.

The full config is {
"connection": "acctAuth",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"url": "https://api-.duosecurity.com/admin/v1/users",
"httpMethod": "GET",
"httpParams": "",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json",
"Content-Type":"application/x-www-form-urlencoded",
"Date": "new SimpleDateFormat(\"yyyy-MM-dd'T'HH:mm:ssXXX\", Locale.US).format(new Date())"
},
"userResponsePath": "response",
"colsToPropsMap": {
"username": "notes~#~char",
"customproperty59": "phones[0].number~#~char"
}
}

 

Am I missing something here? This looks like it should work.

{
"connection": "acctAuth",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"url": "https://api-.duosecurity.com/admin/v1/users",
"httpMethod": "GET",
"httpParams": "",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json",
"Content-Type": "application/x-www-form-urlencoded",
"Date": "${new SimpleDateFormat(\"yyyy-MM-dd'T'HH:mm:ssXXX\", Locale.US).format(new Date())}"
},
"userResponsePath": "response",
"colsToPropsMap": {
"username": "notes~#~char",
"customproperty59": "phones[0].number~#~char"
}
}


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

Failed url-https://api-143f79bb.duosecurity.com/admin/v1/users with Error Message-{"code": 40104, "message": "Missing request timestamp", "stat": "FAIL"}

Still getting the same error response.

  • Did you created different connection for User & Account Import ?

Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

Sure did. Also tried it in the existing connection where account operations are. UserImport doesn't work in either case.