Saviynt Forums

kieranb · ‎09/09/2024

Hello,

Having an issue with my Prisma Cloud REST app integration. The connection is successful, the full import job runs successfully, but no accounts are imported.

Checking the logs, it does one call which successfully returns data, and then does another call which fails. I am currently limiting the mapped properties to just accountID while I am troubleshooting.

1 call is giving 200 response code, its then making another call which is failing and giving 401. I don't know why it's making a second call or why it is failing.

ConnectionJSON

{
"authentications": {
"userAuth": {
"authType": "oauth2",
"url": "https://{API_URL}/login",
"httpMethod": "POST",
"httpParams": {
"username": "tokenID",
"password": "Secret"
},
"httpHeaders": {
"contentType": "application/json"
},
"httpContentType": "application/json",
"authHeaderName": "x-redlock-auth",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"retryFailureStatusCode": [
401
],
"timeOutError": "Read timed out",
"errorPath": "error.message",
"maxRefreshTryCount": 5,
"tokenResponsePath": "token",
"tokenType": "Bearer",
"accessToken": ""
}
}
}

ImportAccountEntJSON

{
"globalSettings": {
"dateFormat": "yyyy-MM-dd'T'HH:mm:ss"
},
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://{API_URL}/v3/user",
"httpHeaders": {
"x-redlock-auth": "${access_token}",
"contentType": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "responseText",
"keyField": "accountID",
"statusConfig": {
"active": "true",
"inactive": "false"
},
"colsToPropsMap": {
"accountID": "userName~#~char"
}
}
}
},
"entitlementParams": {
},
"acctEntParams": {
}
}

Connection cURL

curl --location 'https://removed.prismacloud.io/login' \

--header 'accept: application/json; charset=UTF-8' \

--header 'content-type: application/json' \

--data '{

"username": "TokenID",

"password": "Secret"

}'

User cURL

curl --location 'https://removed.prismacloud.io/v3/user' \

--header 'accept: application/json; charset=UTF-8' \

--header 'content-type: application/json' \

--header 'x-redlock-auth: {access_token}'

[This message has been edited by moderator to mask sensitive information]

rushikeshvartak · ‎09/09/2024

Please share postman screenshot and curl command [Refer https://codingnconcepts.com/postman/how-to-generate-curl-command-from-postman/ ]

⚠️‼️‼️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.‼️‼️⚠️

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

kieranb · ‎09/09/2024

Login Postman

User Postman

rushikeshvartak · ‎09/09/2024

Use below JSONs

{
  "authentications": {
    "userAuth": {
      "authType": "oauth2",
      "url": "https://{API_URL}/login",
      "httpMethod": "POST",
      "httpParams": {
        "username": "tokenID",
        "password": "Secret"
      },
      "httpHeaders": {
        "contentType": "application/json"
      },
      "httpContentType": "application/json",
      "authHeaderName": "Authorization",
      "expiryError": "ExpiredAuthenticationToken",
      "authError": [
        "InvalidAuthenticationToken",
        "AuthenticationFailed"
      ],
      "retryFailureStatusCode": [
        401
      ],
      "timeOutError": "Read timed out",
      "errorPath": "error.message",
      "maxRefreshTryCount": 5,
      "tokenResponsePath": "token",
      "tokenType": "Bearer",
      "accessToken": "Bearer abcd"
    }
  }
}

Import JSON

{
  "globalSettings": {
    "dateFormat": "yyyy-MM-dd'T'HH:mm:ss"
  },
  "accountParams": {
    "connection": "userAuth",
    "processingType": "SequentialAndIterative",
    "call": {
      "call1": {
        "callOrder": 0,
        "stageNumber": 0,
        "http": {
          "url": "https://{API_URL}/v3/user",
          "httpHeaders": {
            "x-redlock-auth": "${access_token}",
            "Authorization": "${access_token}",
            "contentType": "application/json"
          },
          "httpContentType": "application/json",
          "httpMethod": "GET"
        },
        "listField": "responseText",
        "keyField": "accountID",
        "statusConfig": {
          "active": "true",
          "inactive": "false"
        },
        "colsToPropsMap": {
          "accountID": "userName~#~char"
        }
      }
    }
  },
  "entitlementParams": {},
  "acctEntParams": {}
}

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

kieranb · ‎09/09/2024

Ok I tried the above, did not work

This error "request has different values in X-Redlock-Auth and Authorization, unclear which to use." is why I have "authHeaderName": "x-redlock-auth" in the connection JSON, not "authHeaderName": "Authorization"

rushikeshvartak · ‎09/09/2024

Add test connection param in connection json and validate

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

NM · ‎09/09/2024

Hi @kieranb can you share the json which you have used to make 2 calls.

kieranb · ‎09/09/2024

The JSONs I listed in my first post are the ones that resulted in the logs showing 2 call responses. I dont have any other JSONs populated other than the ConfigJSON

{
"connectionTimeoutConfig": {
"connectionTimeout": 10,

"readTimeout": 60,
"writeTimeout": 60,
"retryWait": 2,
"retryCount": 3
},
"showLogs": true
}

I will add the test params and validate

kieranb · ‎09/09/2024

NM · ‎09/09/2024

Hi @kieranb keep the same json just add

400 under retryfailurestatuscode of connection json and see if it works

kieranb · ‎09/09/2024

Tried the below and the job failed

{
"authentications": {
"userAuth": {
"authType": "oauth2",
"url": "https://{API_URL}/login",
"httpMethod": "POST",
"httpParams": {
"username": "client",
"password": "secret"
},
"httpHeaders": {
"contentType": "application/json"
},
"httpContentType": "application/json",
"authHeaderName": "Authorization",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"retryFailureStatusCode": [
400,401
],
"timeOutError": "Read timed out",
"errorPath": "error.message",
"maxRefreshTryCount": 5,
"tokenResponsePath": "token",
"tokenType": "Bearer",
"accessToken": "Bearer abcd"
}
}
}

NM · ‎09/09/2024

@kieranb "authHeaderName": "x-redlock-auth",

add this don't use authorization as per your postman screenshot this is required as header.

Import Json

{
  "globalSettings": {
    "dateFormat": "yyyy-MM-dd'T'HH:mm:ss"
  },
  "accountParams": {
    "connection": "userAuth",
    "processingType": "SequentialAndIterative",
    "call": {
      "call1": {
        "callOrder": 0,
        "stageNumber": 0,
        "http": {
          "url": "https://{API_URL}/v3/user",
          "httpHeaders": {
            "x-redlock-auth": "${access_token}",
            "contentType": "application/json"
          },
          "httpContentType": "application/json",
          "httpMethod": "GET"
        },
        "listField": "responseText",
        "keyField": "accountID",
        "statusConfig": {
          "active": "true",
          "inactive": "false"
        },
        "colsToPropsMap": {
          "accountID": "userName~#~char"
        }
      }
    }
  },
  "entitlementParams": {},
  "acctEntParams": {}
}

kieranb · ‎09/09/2024

Did that and am now back to where I started. It does 2 calls at pretty much the same time, one fails and one succeeds

Job successful, no accounts

NM · ‎09/10/2024

@kieranb can you share logs file in txt format?

kieranb · ‎09/23/2024

We have the import working for the entitlements and accounts with the below JSON:
{
"globalSettings": {
"dateFormat": "yyyy-MM-dd'T'HH:mm:ss"
},
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"statusColumn": "customproperty7",
"activeStatus": [
"true"
],
"deleteLinks": false,
"accountThresholdValue": 10,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false,
"deleteAccEntForActiveAccounts": false
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://api.removed.prismacloud.io/v3/user ",
"httpHeaders": {
"x-redlock-auth": "${access_token}",
"contentType": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "username~#~char",
"name": "username~#~char",
"displayName": "displayName~#~char",
"customproperty4": "email~#~char",
"customproperty1": "firstName~#~char",
"customproperty2": "lastName~#~char",
"customproperty7": "enabled~#~char",
"LastlogonDate": "lastLoginTs~#~epochdate",
"customproperty9": "lastLoginTs~#~char",
"customproperty10": "ssoBypassAllowed~#~char",
"customproperty11": "accessKeysAllowed~#~char",
"status": "enabled~#~char",
"CUSTOMPROPERTY56": "roleIds~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
}

},
"entitlementParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"Role": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://api.removed.prismacloud.io/user/role ",
"httpHeaders": {
"x-redlock-auth": "${access_token}",
"contentType": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "id~#~char",
"displayName": "name~#~char",
"description": "description~#~char",
"customproperty1": "description~#~char",
"customproperty2": "lastModifiedBy~#~char",
"customproperty3": "lastModifiedTs~#~char",
"customproperty4": "roleType~#~char"
},
"disableDeletedEntitlements": false
}
}
}

}
},
"acctEntParams": {
"connection": "userAuth",
"entTypes": {
"Role":{
"call":{
"call1":{
"callOrder": 0,
"stageNumber": 0,
"processingType": "httpEntToAcct",
"http": {
"httpHeaders": {
"x-redlock-auth": "${access_token}"
},
"url": "https://api.removed.prismacloud.io/user/role/${id }",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "",
"entKeyField": "entitlementID",
"acctIdPath": "associatedUsers",
"entIdPath":"id",
"acctKeyField": "accountID"
}
}
}
}
}
}

The issue now is that the ent to Acct mapping isnt working.

Below is the response I get from postman if I request details for a specific role.
When I run the above JSON in Saviynt, nothing is mapped.

We think it is due to the accounts being in a list rather than a string.

Are you able to confirm my settings for acctEntParams are correct?

[This message has been edited by moderator mask sensitive information]

rushikeshvartak · ‎09/23/2024

What is cp31 value of account

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

rushikeshvartak · ‎09/10/2024

Please add test connection param in connection jSON

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

kieranb · ‎09/23/2024

Sorry we resolved issue. Changed this part

"listField": "",
"entKeyField": "entitlementID",
"acctIdPath": "associatedUsers",
"entIdPath":"id",
"acctKeyField": "accountID"

To this:

"listField": "associatedUsers",
"entKeyField": "entitlementID",
"acctIdPath": "",
"acctKeyField": "accountID"

Saviynt Forums

REST API call failing even though other calls are successful