Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Pass csrf token and cookies from call1 in call 2

Bharadwaj
Regular Contributor
Regular Contributor

‎11/16/2023 08:33 AM

Hi,

We have an integration with SAP using OAuth 2.0. Below mentioned is the flow for the whole scenario:

1)Connection Json: This has client secret, id, scope and also SSL parameters that contain certificate in .p12 and the respective password. Through this we are generating "OAuth token". Test connection is fine based on the testconnectionparams we passed in the connection json.

2) GET call using "OAuth token" to fetch $metadata which returns x-csrf-token and Cookie stored in the headers of the response.

3) POST call using "OAuth token", x-csrf-token and Cookie (returned from the previous GET call).

We have constructed the UpdateUser Json as mentioend below, however, we are seeing an error ,"2023-11-16T17:12:33+01:00-ecm-worker-rest.RestProvisioningService-quartzScheduler_Worker-5-ERROR-Error in doUpdateUserActionjava.lang.NullPointerException: Cannot get property 'call' on null object".

UpdateUserJson used:

{
"actions": {
"acctAuth": {
"call": [
{
"name": "call1",
"callOrder": 0,
"connection": "acctAuth",
"url": "https://XXXX/sap/opu/odata/sap/ZHR_SRV/$metadata",
"httpMethod": "GET",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json",
"x-csrf-token": "fetch"
},
"ssl": {
"keyFile": "/saviynt_shared/saviynt/ConnectorFiles/DIAS_SAP_OAuth.p12",
"keyFilePassword": "xxxxxxx",
"keyManagerAlgorithm": "SunX509",
"keyStoreType": "JKS",
"sslAlgorithmName": "TLSv1.2"
},
"successResponses": {
"statusCode": [
200
]
}
},
{
"name": "call2",
"callOrder": 1,
"connection": "acctAuth",
"url": "https://XXXXXX/sap/opu/odata/sap/ZHR_SRV/usridSet",
"httpMethod": "POST",
"httpContentType": "application/xml",
"httpParams": "{\"UsrID\":\"${user.username}\",\"Pernr\":\"${user.employeeid}\"}",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json",
"x-csrf-token": "${response.call1.headers.x-csrf-token}",
"Cookie": "${response.call1.headers.Cookie}"
},
"ssl": {
"keyFile": "/saviynt_shared/saviynt/ConnectorFiles/DIAS_SAP_OAuth.p12",
"keyFilePassword": "xxxxx",
"keyManagerAlgorithm": "SunX509",
"keyStoreType": "JKS",
"sslAlgorithmName": "TLSv1.2"
},
"successResponses": {
"statusCode": [
200,
201
]
}
}
]
}
}
}

 

We have also replaced dynamic attributes in call2(csrf token and cookies) with hard-coded values, but the tasks haven't got completed.

Could you please let me know if I have missed something or what is the issue here?

 

Thanks!

0 Kudos
6 REPLIES 6

SB
Saviynt Employee
Saviynt Employee

‎11/21/2023 10:38 AM

You will need to use Update Login instead of Call1 which is the action selected in the rule (this is case sensitive). Also, when you use the name as Update Login, can you confirm what is the error you are getting in the logs for your call 2. Also share the complete JSON.

Do ensure you enable additional logging on the Connector before running the prov job (update ConfigJSON param in the REST connection with value {"showLogs":true}.)

 


Regards,
Sahil
0 Kudos

Bharadwaj
Regular Contributor
Regular Contributor

‎11/22/2023 08:14 AM

Hi @SB , 

I have updated the JSON after I went through other discussions. Here is the latest improvement.


We have two calls in the Update User Json, where the call 1 retrieves the "x-csrf-token" and we use this value in call 2.

For call 1, we are able to see the response of "x-csrf-token", however, we do not see the value of x-csrf-token transported to call 2. Please find the respective responses below:

Update user Json:

{
"actions": {
"Update Login": {
"call": [
{
"name": "Update Login",
"callOrder": 0,
"connection": "acctAuth",
"url": "https://XXXX/sap/opu/odata/sap/ZHR_SRV/$metadata",
"httpMethod": "GET",
"ssl": {
"keyFile": "/saviynt_shared/saviynt/ConnectorFiles/DIAS_SAP_OAuth.p12",
"keyFilePassword": "xxxxx",
"keyManagerAlgorithm": "SunX509",
"keyStoreType": "JKS",
"sslAlgorithmName": "TLSv1.2"
},
"httpContentType": "text/xml",
"httpHeaders": {
"Authorization": "${access_token}",
"x-csrf-token": "fetch"
},
"successResponses": {
"statusCode": [
200,201
]
}
},
{
"name": "Update Login",
"callOrder": 1,
"connection": "acctAuth",
"url": "https://XXXXX/sap/opu/odata/sap/ZHR_SRV/usridSet",
"httpMethod": "POST",
"ssl": {
"keyFile": "/saviynt_shared/saviynt/ConnectorFiles/DIAS_SAP_OAuth.p12",
"keyFilePassword": "xxxx",
"keyManagerAlgorithm": "SunX509",
"keyStoreType": "JKS",
"sslAlgorithmName": "TLSv1.2"
},
"httpContentType": "text/xml",
"httpHeaders": {
"Authorization": "${access_token}",
"x-csrf-token": "${response.'Update Login'.headers.x-csrf-token}",
"Cookie": "${response.'Update Login'.headers.cookies}"
},
"httpParams": "{\"UsrID\":\"${user.username}\",\"Pernr\":\"${user.employeeid}\"}",
"successResponses": {
"statusCode": [
200,
201
]
}
}
]
}
}
}

Call 1 response: (where we retrive x-csrf token)

Got Webservice API Response: [headers:[set-cookie=******/, set-cookie=******/, content-type: application/xml, x-csrf-token: b9fPK2b71JEf6R9dqsbLGg==, last-modified: Wed, 13 Sep 2023 07:09:37 GMT, cache-control: max-age=0, dataserviceversion: 2.0, sap-processing-info: ODataBEP=,crp=,st=,MedCacheHub=Table,codeployed=X,softstate=, sap-perf-fesrec: 17038.000000, Transfer-Encoding: chunked], responseText:<?xml version="1.0" encoding="utf-8"?><edmx:Edmx Version="1.0" xmlns:edmx="http://schemas.microsoft.com/ado/2007/06/edmx" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:sap="http://www.sap.com/Protocols/SAPData"><edmx:DataServices m:DataServiceVersion="2.0"><Schema Namespace="ZHR_SRV" xml:lang="en" sap:schema-version="1" xmlns="http://schemas.microsoft.com/ado/2008/09/edm"><EntityType Name="usrid" sap:content-version="1"><Key><PropertyRef Name="Pernr"/></Key><Property Name="Pernr" Type="Edm.String" Nullable="false" MaxLength="8" sap:unicode="false" sap:label="Personnel No." sap:creatable="false" sap:updatable="false" sap:sortable="false" sap:filterable="false"/><Property Name="EndDate" Type="Edm.String" Nullable="false" MaxLength="10" sap:unicode="false" sap:label="End Date" sap:creatable="false" sap:updatable="false" sap:sortable="false" sap:filterable="false"/><Property Name="StartDate" Type="Edm.String" Nullable="false" MaxLength="10" sap:unicode="false" sap:label="Start Date" sap:creatable="false" sap:updatable="false" sap:sortable="false" sap:filterable="false"/><Property Name="UsrID" Type="Edm.String" Nullable="false" MaxLength="30" sap:unicode="false" sap:label="System ID" sap:creatable="false" sap:updatable="false" sap:sortable="false" sap:filterable="false"/></EntityType><EntityContainer Name="ZHR_SRV_Entities" m:IsDefaultEntityContainer="true" sap:supported-formats="atom json xlsx"><EntitySet Name="usridSet" EntityType="ZHR_SRV.usrid" sap:updatable="false" sap:deletable="false" sap:pageable="false" sap:content-version="1"/></EntityContainer><atom:link rel="self" href="https://xxxx/sap/opu/odata/sap/ZHR_SRV/$metadata" xmlns:atom="http://www.w3.org/2005/Atom"/><atom:link rel="latest-version" href="https://xxxx/sap/opu/odata/sap/ZHR_SRV/$metadata" xmlns:atom="http://www.w3.org/2005/Atom"/></Schema></edmx:DataServices></edmx:Edmx>, cookies:[sap-usercontext=sap-client=700; path=/, SAP_SESSIONID_EED_700=cD0A78La6xYzd7FH6zjVOphdP3KIXxHuqFkAUFaqEN4%3d; path=/], statusCode:200]

Call 2 Response: (where x-csrf-token is not transported from call 1)

2023-11-21T12:54:15+01:00-ecm-worker-rest.RestProvisioningService-quartzScheduler_Worker-4-9fc2v-DEBUG-Got Webservice API Response: [headers:[set-cookie=******/, set-cookie=******/, content-type: text/plain; charset=utf-8, x-csrf-token: Required, sap-processing-info: ODataBEP=,crp=,st=,MedCacheHub=,codeployed=X,softstate=, sap-perf-fesrec: 7738.000000, Transfer-Encoding: chunked], responseText:CSRF token validation failed, cookies:[sap-usercontext=sap-client=700; path=/, SAP_SESSIONID_EED_700=W5_JCTE4bOEOmgXz3VHbX6-l2AmIZBHuqFkAUFaqEN4%3d; path=/], statusCode:403]

Appreciate your help if you could let me know the issue.

Thanks!

0 Kudos

Darshanjain
Saviynt Employee
Saviynt Employee
In response to Bharadwaj

‎12/08/2023 02:56 AM

Hi @Bharadwaj ,

can you pass the below value in call2 and try it out

"x-csrf-token": "${response.call1.headers.'x-csrf-token'}",
"Cookie": "${response.call1.headers.'Set-Cookie'}"

 

Note: instead of call1 mention Update Login

 

Thanks

Darshan

 

0 Kudos

Bharadwaj
Regular Contributor
Regular Contributor

‎11/30/2023 01:31 AM

Hello @SB ,

Could you please take a look at this?

Thanks!

0 Kudos

SB
Saviynt Employee
Saviynt Employee
In response to Bharadwaj

‎11/30/2023 08:58 AM

This appears to be an issue and I am checking this. Will update you as I have a solution.


Regards,
Sahil
0 Kudos

SB
Saviynt Employee
Saviynt Employee

‎12/08/2023 09:04 AM

This has been identified as a defect and is being reviewed by Saviynt Product team.


Regards,
Sahil
0 Kudos
Copyright © 2024 Khoros, LLC