We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Error when Adding Access for AzureAD

vermilyacd1
Regular Contributor
Regular Contributor

Trying to add access to an AzureAD Group with the Out of the Box connector but getting the following error. I am not calling any string function explicitly so not sure where this is coming from. This works just fine in Postman so it is Saviynt related somewhere.

This is in v2020

Error: Error in processGroupInTargetgroovy.lang.GroovyRuntimeException: Ambiguous method overloading for method java.lang.String#<init>.
Cannot resolve which method to invoke for [null] due to overlapping prototypes between:
[class [B]
[class [C]
[class java.lang.String]

AddAccessJSON: 

{
"call": [
{
"name": "AADGroup",
"connection": "graphAuth",
"url": "https://graph.microsoft.com/v1.0/groups/${entitlementValue.entitlementID}/members/\\$ref",
"httpMethod": "POST",
"httpParams": "{\"@odata.id\":\"https://graph.microsoft.com/v1.0/directoryObjects/${account.accountID}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}
]
}

5 REPLIES 5

sundas7
Regular Contributor II
Regular Contributor II

Hi 

Can you try giving "unsuccessResponses" with values like below.. I am sorry , I dont have V2020 to check and assist,but in one of environment , we have  AddAccess included with the below responses,

You can also wait for other responses who can assist to fix that error.

 

"Authorization_RequestDenied",
"Authentication_Unauthorized"

 

Thanks

Shyam

vermilyacd1
Regular Contributor
Regular Contributor

Thank you for the suggestion @sundas7! I have added that parameter but unfortunately still get the same error.

vermilyacd1
Regular Contributor
Regular Contributor

This has been resolved. The Azure AD Connector Guide is incorrect. I would recommend updating the documentation for the Azure AD Connector. The following line should NOT be in the ConnectionJSON. Removing it solved the issue.

"accessToken": "Bearer abcd"

Belwyn
Saviynt Employee
Saviynt Employee

Hi 

Thank you for posting your feedback on AZure AD Connector Guide,

This line in our guide ("accessToken": "Bearer abcd") is just a dummy access token. 

So, actual token looks something like this:

    "accessToken""eyJhbGciOiJIUzI1NiJ9.eyJwcmluY2lwYWwiOiJINHNJQUFBQUFBQUFBSlZTUDA4VVFSUlwvZXh6QlNGUWcwY1FDRzdFamM0bVcxOGdCS21ZOWpPYzFtR2ptZGhcL3J3T3pNTWpQTDNUWGtLaXdvTUNxSmlWK0JiNuduyVdE55NXZsWUU4YjRsUzdiMzc3K1wvZjI4QlRHcllFbmllRkNXcGJKUEJHSzJjd0lsVmlNY2lOY24rVVdUWXl1UUR3dmdHMmF3TVVKS2hDRVVCR3hnNWx3ZzJcL3ptdVFxcWExMk5qQnk5WjZCeDlva1E4WjF3MVBzYXJQSnJyZ2piZkysgdjshedzsezzdscUJpVFdZNWxHa2MrV2FXaTMzTW1Fd1hvT3BjaGJxYU5PUDdrWjBnOG9KTHUwb2RBSVY3MGlNUTVqa3VmdW9TVldnZFhEbndtenVoS3kxME5WRHVKRnhhOG5kUDBsYXpsdjM5OTZtb2dSYnNBUFZYaGJRb2U0ZWVTanpQR3hSUzBtcGhWWjJycTFTSFl0MTRjV0pmekQ3NVdqXC94NkJkQWFCTzVxXC9cL3BwemZiOERnNVwvdXpCMFhSUWVUZzNvajFFbGJhfgodjrudrsejfhrgidrdrfsdrgsdrygzdNVkwyaUdmXC92NCs1aFdGelwvVVdkWnR4d3AwZDJSTFRkcW44bThzYjE1SmRiNkxPV1NET0o5RWNwaFwvR1ZSRWxNY2F0R3k4dStIZHg4c3hvdWYxaFllclhTOUsrM0dpaTdmY1ZhUExWVW40SGJSWGlcL05SWnEydG5leWVkZit3OVwvRTlOTEdOXC9tTWtmcWZxb0VOZk8wZzJiMzhHQjI4dHVmdlNMSjhLOStjUTYwclRUOUdRTUFBQT09Iiwic3ViIjoiQmVsd3luLlNhbXNvbiIsImV4cCI6MTY1MjI3ODQxNCwiaWF0IjoxNjUyMjQ5NjE0LCJyb2xlcyI6WyJST0xFX0FETUlOIl19.Sh8skDdC4jT-_hybgHRIfXSxI_UIIQMQ5r8c2yKdOnc",
 
So, if you are not using the access token then you will have to remove that line completely. 
 
Regards, 
Belwyn.

vermilyacd1
Regular Contributor
Regular Contributor

Yes, I understand that is a dummy line but that dummy line is required for the REST connector. During authentication in the REST connector, 'abcd' is replaced with the actual token. The documentation for the AzureAD connector implies the same behavior, however, it does not work the same way. In the AzureAD connector, the abcd replaces the real token, whereas, in the REST connector, it is the other way around.

This inconsistency is not reflected in the documentation, and therefore I'd recommend either building consistency in the platform, or updating the documentation.