Saviynt Forums

ARCrosthwaite · ‎10/22/2024

We have an issue where we are trying to use the REST connection for provisioning actions for redhatIDM where we can't get the connectionJSON to work correctly to pass the cookie.

We've tested this using curl commands both the api call to request a cookie and then using the cookie that is sent back in subsequent api calls to show/modify users etc all work. As does hard coding the cookie into the connectionJSON.

We're testing that the connection is working correctly by trying to disable an account.

I've included the connectionJSON and the disable account JSON below...

ConnectionJSON

{
"authentications": {
    "acctAuth": {
      "authType": "oauth2",
      "url": "https://<url>/ipa/session/login_password",
      "httpMethod": "POST",
      "httpParams": {
"user": "<username>",
"password": "<password>"

      },
      "httpHeaders": {
        "Accept":"text/html",
"Content-Type": "application/x-www-form-urlencoded",
"Referer": "https://<url>/ipa"
      },
      "httpContentType": "application/x-www-form-urlencoded",
      "expiryError": "ExpiredAuthenticationToken",
      "authError": [
        "USER_AUTHENTICATION_FAILED"
      ],
      "timeOutError": "error",
      "errorPath": "error",
      "maxRefreshTryCount": 3,
      "tokenResponsePath": "#HEADERS#Set-Cookie",
      "tokenType": "",
      "authHeaderName": "Cookie",
      "retryFailureStatusCode": [
        401
      ],
      "accessToken": "<token>"
    }
}
}
DisableAccountJSON
{
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "https://<url>/ipa/session/json",
"httpMethod": "POST",
"httpParams": "{ \"method\": \"user_mod\", \"params\": [ [\"idm_fedtest_03\"], { \"nsaccountlock\": true, \"version\": \"2.251\" } ] }",
"httpHeaders": {
"Cookie": "${access_token}",
"Accept": "application/json",
"Content-Type": "application/json",
"Referer": "https://<url>/ipa"
},
"httpContentType": "application/json"
}
]
}

Working CURL command to get cookie

curl -v -X POST https://<url>/ipa/session/login_password -H "Accept: text/html" -H "Content-Type: application/x-www-form-urlencoded" -H "Referer: https://<url>/ipa" -d "user=<username>&password=<password>

Working CURL command to show user/modify user
curl -X POST https://<url>/ipa/session/json -H "Accept: application/json" -H "Content-Type: application/json" -H "Referer: https://<url>/ipa" -H "Cookie:<cookie>" -d @data2.json

Contents is data2.json
{
"method": "user_show",
"params": [
[
"idm_fedtest_03"
],
{
"all": true,
"version": "2.251"
}
],
"id": 0
}

ARCrosthwaite · ‎10/22/2024

reply from the get cookie curl command is as below

Server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1 mod_wsgi/4.6.4 Python/3.6
< Set-Cookie: <cookie_value>/ipa;httponly;secure;

rushikeshvartak · ‎10/22/2024

Please share postman screenshot

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

ARCrosthwaite · ‎10/22/2024

The API tests we not conducted using postman but were performed in a CLI application running directly on a jumpbox due to networking issues.

However we've resolved the issue and found it was due to a missing successresponce part in the JSON adding

"successResponces":

{

"statusCode": [200]

},

to the DisableAccountJSON appears to have resolved the issue.

rushikeshvartak · ‎10/22/2024

If you can update response with full working json that will help community

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Saviynt Forums

Issue with redhatIDM API connection (using cookie auth)