Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Need help Rest API Provisioning

ShantanuKumar
New Contributor III
New Contributor III

‎09/24/2024 05:31 PM

We have a Rest API Application integration which expect a request in XML and provide response in XML.

Need help with 2 issues we are facing for same connection.

1.  Create Account is working but we would like to read the response body and handle success or failure based on that, rather than reading the success code. The Application send below response body but the response code is always 200. How do we handle these scenario. This needs to be done for all the use cases. Attached is the Add Access JSON.

<?xml version="1.0" encoding="UTF-8"?>
<provisionUser>
<FailureCode>1</FailureCode>
<FailureMessage>ERROR: Cannot commit transaction
A relationship of this type already exists between these objects and the type does not permit the creation of a new one.
Connect failed for relationship Person-DAR from Person 503508024 - to Data Access Role Vault Upload Admin -</FailureMessage>
</provisionUser>

2. The Add Access JSON is failing. If i preform same activity in Postman it works fine. Logs attached. I can see below error in the logs:

"2024-09-25T00:06:11.040+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-4-hzhlg","DEBUG","Got Webservice API Response: [error:Error Illegal character in path at index 94: https://app.domain.com/gehplminternal/resources/GEHPLMService/IdmConnectorService ]"

 

"2024-09-25T00:06:11.495+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-4-hzhlg","DEBUG","Task Response: {"auditDetails":{"Access-Role":[{"headers":null,"message":"","statusCode":null,"description":null,"status":"Failed"}]},"Access-Role":{"headers":null,"message":"","statusCode":null,"description":null,"status":"Failed"}}"

 

ShantanuKumar_0-1727223668195.png

 

Labels:
Preview file
140 KB
Preview file
1 KB
0 Kudos
4 REPLIES 4

stalluri
Valued Contributor
Valued Contributor

‎09/24/2024 06:02 PM

@ShantanuKumar 
There is a Space in the URL, and also some issue with JSON.
Use the JSON below.

{
    "call": [
        {
            "name": "Access-Role",
            "connection": "acctAuth",
            "url": "https://app.domain.com/gehplminternal/resources/GEHPLMService/IdmConnectorService",
            "httpMethod": "POST",
            "httpParams": "<provisionUser><uid>${user.username}</uid><operationName>addRole</operationName><roles>${entitlementValuesObj.entitlement_value}</roles></provisionUser>",
            "httpHeaders": {
                "Authorization": "${access_token}",
                "Content-Type": "application/xml"
            },
            "httpContentType": "application/xml",
            "successResponses": {
                "statusCode": [
                    200
                ]
            },
            "unsuccessResponses": {
                "statusCode": [
                    400,
                    500
                ]
            }
        }
    ]
}


 


Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

ShantanuKumar
New Contributor III
New Contributor III

‎09/24/2024 06:32 PM

Thanks Sam for finding the typo. Need help on the 1st issue:

1.  Create Account is working but we would like to read the response body and handle success or failure based on that, rather than reading the success code. The Application send below response body but the response code is always 200. How do we handle these scenario. This needs to be done for all the use cases. Attached is the Add Access JSON.

<?xml version="1.0" encoding="UTF-8"?>
<provisionUser>
<FailureCode>1</FailureCode>
<FailureMessage>ERROR: Cannot commit transaction
A relationship of this type already exists between these objects and the type does not permit the creation of a new one.
Connect failed for relationship Person-DAR from Person 503508024 - to Data Access Role Vault Upload Admin -</FailureMessage>
</provisionUser>

0 Kudos

ShantanuKumar
New Contributor III
New Contributor III

‎09/24/2024 06:45 PM

I tried to add a role which is already exist in target and received a message in response body as error but the status code was 200 so Saviynt considered the task a success. Logs attached.

"Access-Role":{"headers":"XJLUDgHHwFzOZrBrI7r4XraeHDNbB+RwllgxHXg8O5TTMoeB9fuKvgKi/Fc14Pa1QoAsgqdh/IyMAK8WfGLpxRjgjU7NdQo0Lb/2GXcoMwnFnJRTxsH2V+SNvdwcq0jPYqPZbhv2sM8N94Z57Qh7ea2E9JO1lOemMMpD+qxQqnMIPkz6/fLw4hZhARAlHyR9tF/vX/+0Ar5uUBWR/kxTCbvh7EFFZuSqdgVLCiY4xUim2hxYwezc+qoc4I+RyfQRr9JRSueOqG6Pc0rjgn4jQACYl0iz73n74VMpST+bY3mFTRxTOfd3UJnfAOM+aCsGtSQ8EcIayLS+vLCer7TOBwtvIZoLqaFcU9hPv3RzwV2NJVVM3eCOK7JaIaBYiTe60gYJIAlWe9juk+0SEAC4e9cyO8uK37WwMyoZtMzo401C2CWD2UITSvOPUUO1noNqMEOyNBU+2ZfBYY7SEmtmGtGIJlkgjcJyn/4f4nc7Rm9c0SdCgxv5OmxcoMxhTRb/","message":{"responseMessage":"&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;&lt;provisionUser&gt;&lt;FailureCode&gt;1&lt;/FailureCode&gt;&lt;FailureMessage&gt;ERROR: Cannot commit transaction\nA relationship of this type already exists between these objects and the type does not permit the creation of a new one.\nConnect failed for relationship Person-DAR from Person 503508025 - to Data Access Role Issue Manager -&lt;/FailureMessage&gt;&lt;/provisionUser&gt;"},"statusCode":200,"description":null,"status":"Success"}}

Preview file
73 KB
0 Kudos

stalluri
Valued Contributor
Valued Contributor
In response to ShantanuKumar

‎09/24/2024 06:59 PM

@ShantanuKumar 

<XML> response can't be handled in JSON. Create a Saviynt ticket for the same.

You can ask the API team to change the response and handle it.
Example:
If the account got created 201.
If the account ready exists 200.
If it failed, some other code 400/500.

https://forums.saviynt.com/t5/identity-governance/rest-unable-to-map-response-field/m-p/110146








Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC