Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

Getting 401 error when calling Saviynt API from ImportAccntEntJson

SinghAtul
Regular Contributor
Regular Contributor

Hi all,

We have configured an ImportAccntEntJson where we are calling the Saviynt CreateRequestAPI whenever a ServiceNow catalog item is being imported from SNOW table as an account.

W are able to generate the tasks using Postman but when we try the same from Saviynt the job is erroring out with error: 401 Status Code.

The Service Account has all the required privileges.

I feel that the ConnectionJSON we have configured in order to call the SSM API has some issue.

Here is the Connection JSON we are using:

 

{
"authentications": {

"ssmAuth": {
"authType": "oauth2",
"httpHeaders": {
"Accept": "application/json"
},
"authError": [
"InvalidAuthenticationToken"
],
"url": "https://xxxx.saviyntcloud.com/ECM/api/login",
"httpMethod": "POST",
"httpContentType": "application/json",
"httpParams": "{\"username\":\"xxxx\",\"password\":\"xxxxx\"}",
"errorPath": "error.code",
"maxRefreshTryCount": 2,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"authHeaderName": "Authorization",
"accessToken": "Bearer xxxx",
"retryFailureStatusCode": [
401
]
},

"snowAuth": {
            "authType": "Basic",
            "url": "https://xxxxx.service-now.com/api/now/table/u_adm_accounts_management",
            "httpMethod": "GET",
            "httpHeaders": {},
            "properties": {
                "userName": "xxxx",
                "password": "xxxxxx"
            },
            "httpContentType": "application/json",
            "expiryError": "ExpiredAuthenticationToken",
            "retryFailureStatusCode": [403, 401, 500],
            "authError": [
                "InvalidAuthenticationToken",
                "AuthenticationFailed",
                "Authentication_ExpiredToken"
            ],
            "timeOutError": "Read timed out",
            "errorPath": "error.code",
            "maxRefreshTryCount": 5,
            "tokenResponsePath": "access_token",
            "tokenType": "Basic",
            "accessToken": "Basic xxxx"
        }

}

Below is the ImportAccntEntJson:

{
"accountParams": {
"connection": "snowAuth",
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200
]
},
"call": {
"call1": {
"connection": "snowAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxxx.service-now.com/api/now/table/u_adm_accounts_management/02ef054d1b84685800ac0f686e4bcb...",
"httpHeaders": {
"Content-Type": "application/json",
"Accept": "application/json",
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201
]
},
"httpMethod": "GET"
},
"listField": "result",
"keyField": "accountID",
"statusConfig": {
"active": "Active",
"inactive": "Inactive"
},
"colsToPropsMap": {
"accountID": "u_employee_id~#~char",
"name": "u_employee_name~#~char",
"displayname": "u_employee_name~#~char",
"status": "u_status~#~char",
"customproperty1": "u_adm_id~#~char",
"customproperty2": "u_source~#~char",
"customproperty3": "u_require_azure_ad_access~#~char",
"customproperty4": "sys_id~#~char",
"customproperty5": "sys_updated_by~#~char",
"customproperty6": "u_manager~#~char",
"customproperty7": "sys_created_by~#~char",
"customproperty8": "u_review_date~#~char"
}
},
"call2": {
"connection": "ssmAuth",
"callOrder": 1,
"stageNumber": 3,
"http": {
"url": "https://xxxxx.saviyntcloud.com/ECM/api/v5/createautoapprovedrequest",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204
]
},
"unsuccessResponses": {
"statusCode": [400, 403, 401, 404, 409, 501, 500]
},
"httpMethod": "POST",
"httpParams": "{\"username\": \"c053436\",\"requestor\": \"admin\",\"comments\": \"AD admin account request\",\"requestaccess\": [{\"endpoint\": \"Active Directory\", \"securitysystem\": \"Active Directory\",\"requesttype\":\"3\",\"accountname\":\"adm053436\"}]}",
"inputParams": {
"dependentCall": true
}
}
}
}
},
"entitlementParams": {},
"acctEntParams": {}
}

 

We are using hardcoded values in the httpParams for now as we are testing for a single user.

Please guide as to why we might be facing the 401 Unauthorized error. We have tried generating a new Access Token and pasting in the Authorization("accessToken": "Bearer xxxx"). The authentication part for SNOW is working fine and the account(catalog item) is imported. Only the second call(call2) i.e is the SSM API CreateRequest API call is failing.

Thanks,

Atul Singh

 

5 REPLIES 5

SB
Saviynt Employee
Saviynt Employee

Let me check the JSON and will update.


Regards,
Sahil

SinghAtul
Regular Contributor
Regular Contributor

@SB 

I was using the 'dependentCall' Parameter inside 'http'. Once I moved it outside I didn't get the 401 error. But the call2 is not at all being called. call1 is called and account is being imported. The job shows success.

When I completely removed the 'dependentCall' parameter the job is again throwing 401 error.

Someone mentioned that, currently REST Connector doesn't support multiple authentication types for ImportAccount json. Maybe that's the reason we are getting the 401 error?.

In that case how do we even achieve our requirement?. The requirement is that whenever a Service Now catalog item is imported as account, an AD admin account request should be automatically created. 

We don't have a concept of AccountUpdateRules. So, how do we achieve this? . Any thoughts?.

Thanks,

Atul Singh

SB
Saviynt Employee
Saviynt Employee

One way to achieve this is to use Actionable analytics and trigger tasks for the required users. Multiple auth is supported but I don't believe you will be able to generate tasks using ImportJSON. 


Regards,
Sahil

SinghAtul
Regular Contributor
Regular Contributor

@SB

That was the option that came to mind at first but we found that there is no Create Account Option when configuring Actionable Analytics. It seems Create Account tasks cannot be created using Analytics.

rushikeshvartak
All-Star
All-Star

It wont work how saviynt will know access_token is for snow or ssm


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.