Saviynt Forums

yatishtiwari · ‎02/20/2024

Hi Experts,

I am trying to create an exchange account with hard-coded values and it works fine, But when I am trying to create an account using dynamic values, it throws the error. I followed the below posts but still have the same issue:

https://forums.saviynt.com/t5/identity-governance/integrating-saviynt-variables-with-rest-connector-...

https://forums.saviynt.com/t5/identity-governance/exchange-rest-conenctor-issue-in-dynamic-value-pas...

Here is my connection JSON-

{
"authentications": {
"acctAuth": {
"authType": "Basic",
"url": "http://removed/saviyntdev/PS/ExecutePSScript ",
"httpMethod": "POST",
"httpParams": {},
"httpHeaders": {},
"httpContentType": "text/html",
"properties":
{
"exchUser": "<account name>",
"exchPassword": "<password>"
},
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"timeOutError": "Read timed out",
"echPassword": "<password>",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Basic",
"accessToken": "Basic abc",
"apiRateLimitConfig": {
"retryAfterCalls": 100,
"retryWaitSeconds": 60
}
}
}
}

Here are my couple of create account jsons-

1st JSON-

{
"accountIdPath": "accountName",
"responseColsToPropsMap": {},
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "http://<hostname>/saviyntdev/PS/ExecutePSScript",
"httpMethod": "POST",
"httpParams": "{\"script\": \"$svcacct = 'ytiwar@domain.com'; $password = '${connection.echPassword}'| ConvertTo-SecureString -AsPlainText -Force; $psCred = New-Object System.Management.Automation.PSCredential -ArgumentList ($svcacct, $password); $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'http://<exch_hostname>.com/PowerShell/' -Authentication Kerberos -Credential $psCred; Invoke-Command -Session $session -ScriptBlock {Enable-RemoteMailbox -Identity 'CAllum' -RemoteRoutingAddress 'CAllum@domain.com'} \"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"response[9].Objectreturned": [
"Success"
]
},
"unsuccessResponses": {
"response[9].Objectreturned": [
"Failure"
]
}
}
]
}

2nd JSON-

{
"accountIdPath": "accountName",
"responseColsToPropsMap": {},
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "http://<hostname>/saviyntdev/PS/ExecutePSScript",
"httpMethod": "POST",
"httpParams": "{\"script\": \"\\$password = '${connection.echPassword}'| ConvertTo-SecureString -AsPlainText -Force; $psCred = New-Object System.Management.Automation.PSCredential -ArgumentList ('ytiwar@test.com', \\$password); \\$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'http://<exch_hsotname>.com/PowerShell/' -Authentication Kerberos -Credential $psCred; Import-PSSession -Session \\$session -DisableNameChecking -AllowClobber; Enable-RemoteMailbox -Identity 'CAllum' -RemoteRoutingAddress 'CAllum@domain.com' \"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"response[9].Objectreturned": [
"Success"
]
},
"unsuccessResponses": {
"response[9].Objectreturned": [
"Failure"
]
}
}
]
}

and the exception it throws-

he user name or password is incorrect. For more information, see the about_Remote_Troubleshooting Help topic.Cannot validate argument on parameter \\u0027Session\\u0027. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.

but when I use hardcoded values 1st json works.

Same issue in case of user attributes also. I tried-

${user.username} or ${users.username} or ${user?.username} or '${user.username}' or '${users.username}' but none of them works.

Below JSON is working JSON with hardcoded values, if it helps-

{
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "http://hostname/saviyntdev/PS/ExecutePSScript ",
"httpMethod": "POST",
"httpParams": "{\"script\": \"$svcacct = 'ytiwar@domain.com'; $passwd = ConvertTo-SecureString 'mypassword' -AsPlainText -Force; $psCred = New-Object System.Management.Automation.PSCredential -ArgumentList ($svcacct, $passwd); $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'http://<exch_hostname>/PowerShell/' -Authentication Kerberos -Credential $psCred; Invoke-Command -Session $session -ScriptBlock {Enable-RemoteMailbox -Identity 'CAllum' -RemoteRoutingAddress 'CAllum@domain.com'} \"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"response[9].Objectreturned": [
"Success"
]
},
"unsuccessResponses": {
"response[9].Objectreturned": [
"Failure"
]
}
}
]
}

I am out of options. Neither connection attributes nor user attributes are getting passed.

[This message has been edited by moderator to mask url]

CR · ‎02/20/2024

@yatishtiwari below link help full try

https://forums.saviynt.com/t5/identity-governance/integrating-saviynt-variables-with-rest-connector-...

Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

rushikeshvartak · ‎02/20/2024

USE of escaping characters, particularly the dollar sign ($)

{
"accountIdPath": "accountName",
"responseColsToPropsMap": {},
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "http://<hostname>/saviyntdev/PS/ExecutePSScript",
"httpMethod": "POST",
"httpParams": "{\"script\": \"\\$password = '${connection.echPassword}'| ConvertTo-SecureString -AsPlainText -Force; \\$psCred = New-Object System.Management.Automation.PSCredential -ArgumentList ('ytiwar@labmbtest.com', \\$password); \\$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'http://<exch_hsotname>.com/PowerShell/' -Authentication Kerberos -Credential \\$psCred; Import-PSSession -Session \\$session -DisableNameChecking -AllowClobber; Enable-RemoteMailbox -Identity 'CAllum' -RemoteRoutingAddress 'CAllum@domain.com' \"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"response[9].Objectreturned": [
"Success"
]
},
"unsuccessResponses": {
"response[9].Objectreturned": [
"Failure"
]
}
}
]
}

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

yatishtiwari · ‎02/21/2024

Thank you, @rushikeshvartak and @CR .

It worked.

Here are the working JSONs for a broader audience:

Connector type - REST

1- Connection JSON

{
"authentications": {
"acctAuth": {
"authType": "Basic",
"url": "http://winserverhostname/saviyntdev/PS/ExecutePSScript",
"httpMethod": "POST",
"httpParams": {},
"httpHeaders": {},
"httpContentType": "text/html",
"properties":
{
"exchUser": "<domain>\\\\<account>",
"exchPassword": "password"
},
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"timeOutError": "Read timed out",
"echUser": "<account>@domain.com",
"echPassword": "password",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Basic",
"accessToken": "Basic <base64 token>",
"apiRateLimitConfig": {
"retryAfterCalls": 100,
"retryWaitSeconds": 60
}
}
}
}

2- Create Account JSON

{
"accountIdPath": "accountName",
"responseColsToPropsMap": {},
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "http://winserverhostname/saviyntdev/PS/ExecutePSScript",
"httpMethod": "POST",
"httpParams": "{\"script\": \"\\$password = '${connection.echPassword}'| ConvertTo-SecureString -AsPlainText -Force; \\$psCred = New-Object System.Management.Automation.PSCredential -ArgumentList ('${connection.echUser}', \\$password); \\$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'http://exchange_server_host_name/PowerShell/' -Authentication Kerberos -Credential \\$psCred; Import-PSSession -Session \\$session -DisableNameChecking -AllowClobber; Enable-RemoteMailbox -Identity '${user.systemUserName}' -RemoteRoutingAddress '${user.systemUserName}@domain.com' \"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"response[9].Objectreturned": [
"Success"
]
},
"unsuccessResponses": {
"response[9].Objectreturned": [
"Failure"
]
}
}
]
}

3- Disable account JSON

{
"accountIdPath": "accountName",
"responseColsToPropsMap": {},
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "http://winserverhostname/saviyntdev/PS/ExecutePSScript",
"httpMethod": "POST",
"httpParams": "{\"script\": \"\\$password = '${connection.echPassword}'| ConvertTo-SecureString -AsPlainText -Force; \\$psCred = New-Object System.Management.Automation.PSCredential -ArgumentList ('${connection.echUser}', \\$password); \\$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'http://exchange_server_host_name/PowerShell/' -Authentication Kerberos -Credential \\$psCred; Import-PSSession -Session \\$session -DisableNameChecking -AllowClobber; Disable-RemoteMailbox -Identity '${user.systemUserName}' -Confirm:\\$false \"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"response[9].Objectreturned": [
"Success"
]
},
"unsuccessResponses": {
"response[9].Objectreturned": [
"Failure"
]
}
}
]
}

yatishtiwari · ‎02/21/2024

Just curious.

Why does hard-coded JSON not require escaping the $ sign, but when we pass dynamic values, it requires to be escaped. What is the logic behind it.

rushikeshvartak · ‎02/21/2024

its saviynt 😉

since its dynamic variable and its needs to evaluated

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Saviynt Forums

Pass Dynamic Values- Exchange Connector