Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Need ssl "KeyFile" path that works for UpdateUserJson

Bharadwaj
Regular Contributor
Regular Contributor

‎11/20/2023 08:58 AM

Hi,
 
We have a REST based connection, that uses SSL certificate to make any kind of calls(GET, POST etc). We have used the below mentioned path in Connection Json and we were able to make calls to the server. However, when we use same "KeyFilePath" in UpdateUserJSON, we are unable to read the certificate and we see handshake error as the response because of missing certificate in the call. (Please refer to the screenshot below).
 
Could you please confirm the right location that could be used in UpdateUserJson so that we can use SSL certificate while making the call.
 
P.S: I have raised a Support request but they have closed the ticket saying it a "how to" request.
 
Working SSL path in connectionjson:
"ssl": {
            "keyFile": "/saviynt_shared/saviynt/ConnectorFiles/DIAS_SAP_OAuth.p12",
            "keyFilePassword": "xxxxxxx",
            "keyManagerAlgorithm": "SunX509",
            "keyStoreType": "JKS",
            "sslAlgorithmName": "TLSv1.2"
          }
SSL path NOT working for UpdateUserJSON:
"ssl": {
            "keyFile": "/saviynt_shared/saviynt/ConnectorFiles/DIAS_SAP_OAuth.p12",
            "keyFilePassword": "xxxxxxx",
            "keyManagerAlgorithm": "SunX509",
            "keyStoreType": "JKS",
            "sslAlgorithmName": "TLSv1.2"
          }
 
Logs:
Bharadwaj_1-1700499373105.png
 
Response from Client server:
 
Bharadwaj_2-1700499440095.png

 

Thanks! 

0 Kudos
5 REPLIES 5

sk
All-Star
All-Star

‎11/20/2023 10:13 AM - edited ‎11/20/2023 10:18 AM

@Bharadwaj :

  • Can you share your UpdateUserJSON with masked values of sensitive information?
  • Also issue is only happening for update scenario and working for all other scenarios? 
  • Does your target expect SSL parameters for all calls?
  • Would you be able to share postman screenshot for same call?

Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

Bharadwaj
Regular Contributor
Regular Contributor
In response to sk

‎11/21/2023 12:25 AM

Hi @sk ,

Please find the responses below:

  • Can you share your UpdateUserJSON with masked values of sensitive information?
    • {
      "actions": {
      "Update Login": {
      "call": [
      {
      "name": "Update Login",
      "callOrder": 0,
      "connection": "acctAuth",
      "url": "https://XXXX/sap/opu/odata/sap/ZHR_SRV/$metadata",
      "httpMethod": "GET",
      "ssl": {
      "keyFile": "/saviynt_shared/saviynt/ConnectorFiles/DIAS_SAP_OAuth.p12",
      "keyFilePassword": "xxxxx",
      "keyManagerAlgorithm": "SunX509",
      "keyStoreType": "JKS",
      "sslAlgorithmName": "TLSv1.2"
      },
      "httpHeaders": {
      "Authorization": "${access_token}",
      "Content-Type": "application/xml",
      "x-csrf-token": "fetch"
      },
      "successResponses": {
      "statusCode": [
      200,201
      ]
      }
      },
      {
      "name": "Update Login",
      "callOrder": 1,
      "connection": "acctAuth",
      "url": "https://XXXX/sap/opu/odata/sap/ZHR_SRV/usridSet",
      "httpMethod": "POST",
      "ssl": {
      "keyFile": "/saviynt_shared/saviynt/ConnectorFiles/DIAS_SAP_OAuth.p12",
      "keyFilePassword": "xxxxx",
      "keyManagerAlgorithm": "SunX509",
      "keyStoreType": "JKS",
      "sslAlgorithmName": "TLSv1.2"
      },
      "httpContentType": "application/xml",
      "httpHeaders": {
      "Authorization": "${access_token}",
      "Content-Type": "application/json",
      "x-csrf-token": "${response.'Update Login'.headers.x-csrf-token}",
      "Cookie": "${response.'Update Login'.headers.Cookie}"
      },
      "httpParams": "{\"UsrID\":\"${user.username}\",\"Pernr\":\"${user.employeeid}\"}",
      "successResponses": {
      "statusCode": [
      200,
      201
      ]
      }
      }
      ]
      }
      }
      }
  • Also issue is only happening for update scenario and working for all other scenarios? 
    • I am not sure of the other scenarios because we do not have those use cases at the moment. SSL params are working only in the connectionJSON.
  • Does your target expect SSL parameters for all calls?
    • Yes, we need to pass it for all the calls.
  • Would you be able to share postman screenshot for same call?
    Bharadwaj_1-1700555141722.png
    Bharadwaj_0-1700555084856.png

     

    Thanks!
0 Kudos

rushikeshvartak
All-Star
All-Star

‎11/20/2023 07:26 PM

Define SSL configuration in connection json


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Bharadwaj
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎11/21/2023 12:55 AM

Hi @rushikeshvartak ,

Yes, we have defined the SSL params in the connectionjson and hence we are able to see the response of the GET call mentioned in the TestConnectParams of the connectionjson. However, the status of the connection shows failed because of "GrailsAnonymousAuthenticationFilter.doFilter". I am not sure why I am seeing that. Please find the Connectionjson below:


"authentications": {
"acctAuth": {
"authType": "oauth2",
"url": "https://xxxxxx/f5-oauth2/v1/token",
"httpMethod": "POST",
"httpParams": {
"grant_type": "client_credentials",
"client_id": "xxxxxx",
"client_secret": "xxxxx",
"scope": "xxxxx-xxx.xxx"
},
"ssl": {
"keyFile": "/saviynt_shared/saviynt/ConnectorFiles/DIAS_SAP_OAuth.p12",
"keyFilePassword": "xxxx",
"keyManagerAlgorithm": "SunX509",
"keyStoreType": "JKS",
"sslAlgorithmName": "TLSv1.2"
},
"httpContentType": "application/x-www-form-urlencoded",
"httpHeaders": {},
"successResponse": [200,201],
"successResponsePath": "",
"expiryError": "ExpiredAuthenticationToken",
"retryFailureStatusCode": [
401,403
],
"timeOutError": "Read timed out",
"errorPath": "error",
"maxRefreshTryCount": 3,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer abcd",
"testConnectionParams": {
"http": {
"url": "https://XXXXX/sap/opu/odata/sap/ZHR_SRV/usridSet('yyyyyyy')?$format=json",
"httpHeaders": {"Authorization": "${access_token}"},
"httpMethod": "GET",
"httpContentType": "application/json",
"ssl": {
"keyFile": "/saviynt_shared/saviynt/ConnectorFiles/DIAS_SAP_OAuth.p12",
"keyFilePassword": "xxxxxx",
"keyManagerAlgorithm": "SunX509",
"keyStoreType": "JKS",
"sslAlgorithmName": "TLSv1.2"
}
},
"successResponse": [200,201],
"successResponsePath": "",
"errors": [
"Couldn't authenticate you"
],
"errorPath": "error"
}
}
}
}

Response in the logs:

Bharadwaj_0-1700556878367.png

Thanks!

 

0 Kudos

Bharadwaj
Regular Contributor
Regular Contributor

‎11/21/2023 04:26 AM

Hi @rushikeshvartak @sk 

Handshake error has been resolved after placing SSL block in the first part of connectionjson (overlooked this as I have placed it in the TestConnectParams. 

However, I see that value of x-csrf token is not transported to next call. Details are provided below:

We have two calls in the Update User Json, where the call 1 retrieves the "x-csrf-token" and we use this value in call 2.

For call 1, we are able to see the response of "x-csrf-token", however, we do not see the value of x-csrf-token transported to call 2. Please find the respective responses below:

Update user Json:

{
"actions": {
"Update Login": {
"call": [
{
"name": "Update Login",
"callOrder": 0,
"connection": "acctAuth",
"url": "https://XXXX/sap/opu/odata/sap/ZHR_SRV/$metadata",
"httpMethod": "GET",
"ssl": {
"keyFile": "/saviynt_shared/saviynt/ConnectorFiles/DIAS_SAP_OAuth.p12",
"keyFilePassword": "xxxxx",
"keyManagerAlgorithm": "SunX509",
"keyStoreType": "JKS",
"sslAlgorithmName": "TLSv1.2"
},
"httpContentType": "text/xml",
"httpHeaders": {
"Authorization": "${access_token}",
"x-csrf-token": "fetch"
},
"successResponses": {
"statusCode": [
200,201
]
}
},
{
"name": "Update Login",
"callOrder": 1,
"connection": "acctAuth",
"url": "https://XXXXX/sap/opu/odata/sap/ZHR_SRV/usridSet",
"httpMethod": "POST",
"ssl": {
"keyFile": "/saviynt_shared/saviynt/ConnectorFiles/DIAS_SAP_OAuth.p12",
"keyFilePassword": "xxxx",
"keyManagerAlgorithm": "SunX509",
"keyStoreType": "JKS",
"sslAlgorithmName": "TLSv1.2"
},
"httpContentType": "text/xml",
"httpHeaders": {
"Authorization": "${access_token}",
"x-csrf-token": "${response.'Update Login'.headers.x-csrf-token}",
"Cookie": "${response.'Update Login'.headers.cookies}"
},
"httpParams": "{\"UsrID\":\"${user.username}\",\"Pernr\":\"${user.employeeid}\"}",
"successResponses": {
"statusCode": [
200,
201
]
}
}
]
}
}
}

Call 1 response: (where we retrive x-csrf token)

Got Webservice API Response: [headers:[set-cookie=******/, set-cookie=******/, content-type: application/xml, x-csrf-token: b9fPK2b71JEf6R9dqsbLGg==, last-modified: Wed, 13 Sep 2023 07:09:37 GMT, cache-control: max-age=0, dataserviceversion: 2.0, sap-processing-info: ODataBEP=,crp=,st=,MedCacheHub=Table,codeployed=X,softstate=, sap-perf-fesrec: 17038.000000, Transfer-Encoding: chunked], responseText:<?xml version="1.0" encoding="utf-8"?><edmx:Edmx Version="1.0" xmlns:edmx="http://schemas.microsoft.com/ado/2007/06/edmx" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:sap="http://www.sap.com/Protocols/SAPData"><edmx:DataServices m:DataServiceVersion="2.0"><Schema Namespace="ZHR_SRV" xml:lang="en" sap:schema-version="1" xmlns="http://schemas.microsoft.com/ado/2008/09/edm"><EntityType Name="usrid" sap:content-version="1"><Key><PropertyRef Name="Pernr"/></Key><Property Name="Pernr" Type="Edm.String" Nullable="false" MaxLength="8" sap:unicode="false" sap:label="Personnel No." sap:creatable="false" sap:updatable="false" sap:sortable="false" sap:filterable="false"/><Property Name="EndDate" Type="Edm.String" Nullable="false" MaxLength="10" sap:unicode="false" sap:label="End Date" sap:creatable="false" sap:updatable="false" sap:sortable="false" sap:filterable="false"/><Property Name="StartDate" Type="Edm.String" Nullable="false" MaxLength="10" sap:unicode="false" sap:label="Start Date" sap:creatable="false" sap:updatable="false" sap:sortable="false" sap:filterable="false"/><Property Name="UsrID" Type="Edm.String" Nullable="false" MaxLength="30" sap:unicode="false" sap:label="System ID" sap:creatable="false" sap:updatable="false" sap:sortable="false" sap:filterable="false"/></EntityType><EntityContainer Name="ZHR_SRV_Entities" m:IsDefaultEntityContainer="true" sap:supported-formats="atom json xlsx"><EntitySet Name="usridSet" EntityType="ZHR_SRV.usrid" sap:updatable="false" sap:deletable="false" sap:pageable="false" sap:content-version="1"/></EntityContainer><atom:link rel="self" href="https://xxxx/sap/opu/odata/sap/ZHR_SRV/$metadata" xmlns:atom="http://www.w3.org/2005/Atom"/><atom:link rel="latest-version" href="https://xxxx/sap/opu/odata/sap/ZHR_SRV/$metadata" xmlns:atom="http://www.w3.org/2005/Atom"/></Schema></edmx:DataServices></edmx:Edmx>, cookies:[sap-usercontext=sap-client=700; path=/, SAP_SESSIONID_EED_700=cD0A78La6xYzd7FH6zjVOphdP3KIXxHuqFkAUFaqEN4%3d; path=/], statusCode:200]

Call 2 Response: (where x-csrf-token is not transported from call 1)

2023-11-21T12:54:15+01:00-ecm-worker-rest.RestProvisioningService-quartzScheduler_Worker-4-9fc2v-DEBUG-Got Webservice API Response: [headers:[set-cookie=******/, set-cookie=******/, content-type: text/plain; charset=utf-8, x-csrf-token: Required, sap-processing-info: ODataBEP=,crp=,st=,MedCacheHub=,codeployed=X,softstate=, sap-perf-fesrec: 7738.000000, Transfer-Encoding: chunked], responseText:CSRF token validation failed, cookies:[sap-usercontext=sap-client=700; path=/, SAP_SESSIONID_EED_700=W5_JCTE4bOEOmgXz3VHbX6-l2AmIZBHuqFkAUFaqEN4%3d; path=/], statusCode:403]

Appreciate your help if you could let me know the issue.

Thanks!

0 Kudos
Copyright © 2024 Khoros, LLC