Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

REST API call failing even though other calls are successful

kieranb
New Contributor III
New Contributor III

Hello,

Having an issue with my Prisma Cloud REST app integration. The connection is successful, the full import job runs successfully, but no accounts are imported.

kieranb_0-1725921478445.png

Checking the logs, it does one call which successfully returns data, and then does another call which fails. I am currently limiting the mapped properties to just accountID while I am troubleshooting.

kieranb_2-1725922834736.png

1 call is giving 200 response code, its then making another call which is failing and giving 401. I don't know why it's making a second call or why it is failing.

 

ConnectionJSON

{
"authentications": {
"userAuth": {
"authType": "oauth2",
"url": "https://{API_URL}/login",
"httpMethod": "POST",
"httpParams": {
"username": "tokenID",
"password": "Secret"
},
"httpHeaders": {
"contentType": "application/json"
},
"httpContentType": "application/json",
"authHeaderName": "x-redlock-auth",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"retryFailureStatusCode": [
401
],
"timeOutError": "Read timed out",
"errorPath": "error.message",
"maxRefreshTryCount": 5,
"tokenResponsePath": "token",
"tokenType": "Bearer",
"accessToken": ""
}
}
}

ImportAccountEntJSON

{
"globalSettings": {
"dateFormat": "yyyy-MM-dd'T'HH:mm:ss"
},
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://{API_URL}/v3/user",
"httpHeaders": {
"x-redlock-auth": "${access_token}",
"contentType": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "responseText",
"keyField": "accountID",
"statusConfig": {
"active": "true",
"inactive": "false"
},
"colsToPropsMap": {
"accountID": "userName~#~char"
}
}
}
},
"entitlementParams": {
},
"acctEntParams": {
}
}

Connection cURL

--header 'accept: application/json; charset=UTF-8' \
--header 'content-type: application/json' \
--data '{
    "username": "TokenID",
    "password": "Secret"
}'
 
User cURL
--header 'accept: application/json; charset=UTF-8' \
--header 'content-type: application/json' \
--header 'x-redlock-auth: {access_token}'
 
[This message has been edited by moderator to mask sensitive information]
17 REPLIES 17

rushikeshvartak
All-Star
All-Star

Please share postman screenshot and curl command [Refer https://codingnconcepts.com/postman/how-to-generate-curl-command-from-postman/ ]



⚠️‼️‼️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.‼️‼️⚠️


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

kieranb
New Contributor III
New Contributor III

Login Postman

kieranb_0-1725924864659.png

User Postman

kieranb_1-1725924997228.png

 

Use below JSONs

{
  "authentications": {
    "userAuth": {
      "authType": "oauth2",
      "url": "https://{API_URL}/login",
      "httpMethod": "POST",
      "httpParams": {
        "username": "tokenID",
        "password": "Secret"
      },
      "httpHeaders": {
        "contentType": "application/json"
      },
      "httpContentType": "application/json",
      "authHeaderName": "Authorization",
      "expiryError": "ExpiredAuthenticationToken",
      "authError": [
        "InvalidAuthenticationToken",
        "AuthenticationFailed"
      ],
      "retryFailureStatusCode": [
        401
      ],
      "timeOutError": "Read timed out",
      "errorPath": "error.message",
      "maxRefreshTryCount": 5,
      "tokenResponsePath": "token",
      "tokenType": "Bearer",
      "accessToken": "Bearer abcd"
    }
  }
}

 

Import JSON 

{
  "globalSettings": {
    "dateFormat": "yyyy-MM-dd'T'HH:mm:ss"
  },
  "accountParams": {
    "connection": "userAuth",
    "processingType": "SequentialAndIterative",
    "call": {
      "call1": {
        "callOrder": 0,
        "stageNumber": 0,
        "http": {
          "url": "https://{API_URL}/v3/user",
          "httpHeaders": {
            "x-redlock-auth": "${access_token}",
            "Authorization": "${access_token}",
            "contentType": "application/json"
          },
          "httpContentType": "application/json",
          "httpMethod": "GET"
        },
        "listField": "responseText",
        "keyField": "accountID",
        "statusConfig": {
          "active": "true",
          "inactive": "false"
        },
        "colsToPropsMap": {
          "accountID": "userName~#~char"
        }
      }
    }
  },
  "entitlementParams": {},
  "acctEntParams": {}
}

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

kieranb
New Contributor III
New Contributor III

Ok I tried the above, did not work

kieranb_0-1725945096930.png

This error "request has different values in X-Redlock-Auth and Authorization, unclear which to use."  is why I have "authHeaderName": "x-redlock-auth" in the connection JSON, not "authHeaderName": "Authorization"

Add test connection param in connection json and validate


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

NM
Honored Contributor II
Honored Contributor II

Hi @kieranb can you share the json which you have used to make 2 calls.

kieranb
New Contributor III
New Contributor III

The JSONs I listed in my first post are the ones that resulted in the logs showing 2 call responses. I dont have any other JSONs populated other than the ConfigJSON

{
"connectionTimeoutConfig": {
"connectionTimeout": 10,

"readTimeout": 60,
"writeTimeout": 60,
"retryWait": 2,
"retryCount": 3
},
"showLogs": true
}

I will add the test params and validate

kieranb
New Contributor III
New Contributor III

kieranb_0-1725947513083.png

 

NM
Honored Contributor II
Honored Contributor II

Hi @kieranb keep the same json just add

400 under retryfailurestatuscode of connection json and see if it works

kieranb
New Contributor III
New Contributor III

Tried the below and the job failed

{
"authentications": {
"userAuth": {
"authType": "oauth2",
"url": "https://{API_URL}/login",
"httpMethod": "POST",
"httpParams": {
"username": "client",
"password": "secret"
},
"httpHeaders": {
"contentType": "application/json"
},
"httpContentType": "application/json",
"authHeaderName": "Authorization",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"retryFailureStatusCode": [
400,401
],
"timeOutError": "Read timed out",
"errorPath": "error.message",
"maxRefreshTryCount": 5,
"tokenResponsePath": "token",
"tokenType": "Bearer",
"accessToken": "Bearer abcd"
}
}
}

kieranb_0-1725948430817.png

 

NM
Honored Contributor II
Honored Contributor II

@kieranb "authHeaderName": "x-redlock-auth",

add this don't use authorization as per your postman screenshot this is required as header.

Import Json

{
  "globalSettings": {
    "dateFormat": "yyyy-MM-dd'T'HH:mm:ss"
  },
  "accountParams": {
    "connection": "userAuth",
    "processingType": "SequentialAndIterative",
    "call": {
      "call1": {
        "callOrder": 0,
        "stageNumber": 0,
        "http": {
          "url": "https://{API_URL}/v3/user",
          "httpHeaders": {
            "x-redlock-auth": "${access_token}",
            "contentType": "application/json"
          },
          "httpContentType": "application/json",
          "httpMethod": "GET"
        },
        "listField": "responseText",
        "keyField": "accountID",
        "statusConfig": {
          "active": "true",
          "inactive": "false"
        },
        "colsToPropsMap": {
          "accountID": "userName~#~char"
        }
      }
    }
  },
  "entitlementParams": {},
  "acctEntParams": {}
}

kieranb
New Contributor III
New Contributor III

Did that and am now back to where I started. It does 2 calls at pretty much the same time, one fails and one succeeds

kieranb_0-1725949374473.pngkieranb_1-1725949439913.png

Job successful, no accounts

kieranb_2-1725949549779.png

 

NM
Honored Contributor II
Honored Contributor II

@kieranb can you share logs file in txt format?

kieranb
New Contributor III
New Contributor III

We have the import working for the entitlements and accounts with the below JSON:
{
"globalSettings": {
"dateFormat": "yyyy-MM-dd'T'HH:mm:ss"
},
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"statusColumn": "customproperty7",
"activeStatus": [
"true"
],
"deleteLinks": false,
"accountThresholdValue": 10,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false,
"deleteAccEntForActiveAccounts": false
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://api.removed.prismacloud.io/v3/user ",
"httpHeaders": {
"x-redlock-auth": "${access_token}",
"contentType": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "username~#~char",
"name": "username~#~char",
"displayName": "displayName~#~char",
"customproperty4": "email~#~char",
"customproperty1": "firstName~#~char",
"customproperty2": "lastName~#~char",
"customproperty7": "enabled~#~char",
"LastlogonDate": "lastLoginTs~#~epochdate",
"customproperty9": "lastLoginTs~#~char",
"customproperty10": "ssoBypassAllowed~#~char",
"customproperty11": "accessKeysAllowed~#~char",
"status": "enabled~#~char",
"CUSTOMPROPERTY56": "roleIds~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
}

},
"entitlementParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"Role": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://api.removed.prismacloud.io/user/role ",
"httpHeaders": {
"x-redlock-auth": "${access_token}",
"contentType": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "id~#~char",
"displayName": "name~#~char",
"description": "description~#~char",
"customproperty1": "description~#~char",
"customproperty2": "lastModifiedBy~#~char",
"customproperty3": "lastModifiedTs~#~char",
"customproperty4": "roleType~#~char"
},
"disableDeletedEntitlements": false
}
}
}

}
},
"acctEntParams": {
"connection": "userAuth",
"entTypes": {
"Role":{
"call":{
"call1":{
"callOrder": 0,
"stageNumber": 0,
"processingType": "httpEntToAcct",
"http": {
"httpHeaders": {
"x-redlock-auth": "${access_token}"
},
"url": "https://api.removed.prismacloud.io/user/role/${id }",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "",
"entKeyField": "entitlementID",
"acctIdPath": "associatedUsers",
"entIdPath":"id",
"acctKeyField": "accountID"
}
}
}
}
}
}

The issue now is that the ent to Acct mapping isnt working.

Below is the response I get from postman if I request details for a specific role.
When I run the above JSON in Saviynt, nothing is mapped.

We think it is due to the accounts being in a list rather than a string.

kieranb_0-1727155650098.png

Are you able to confirm my settings for acctEntParams are correct?


[This message has been edited by moderator mask sensitive information]

What is cp31 value of account


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Please add test connection param in connection jSON


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

kieranb
New Contributor III
New Contributor III

Sorry we resolved issue. Changed this part

"listField": "",
"entKeyField": "entitlementID",
"acctIdPath": "associatedUsers",
"entIdPath":"id",
"acctKeyField": "accountID"

To this:

"listField": "associatedUsers",
"entKeyField": "entitlementID",
"acctIdPath": "",
"acctKeyField": "accountID"