04/05/2023 10:12 PM - edited 04/05/2023 10:13 PM
Hi Team,
We have a possibility to define custom key value pairs in connection jsons and access it in other jsons of rest connector. Something like below.
Key value pair in connection json
"myAuthToken": "xxxxxxxxxxxxxxxxxxxx"
Accessing the same in other jsons
${connection.myAuthToken}
Reference Forums Post explaining this feature: https://forums.saviynt.com/t5/application-access-governance/rest-connector-query-saving-multiple-cre...
We noticed that this variable usage seems to be not allowed in some rest connector blocks.
For example, in importAcctEntJson, if the custom defined variable (${connection.myAuthToken}) is used under acctEntParams, it's not replacing the value. Hardcoding the variable value in this block works.
Connection json Sample:
{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"httpHeaders": {
"Authorization": "Basic xxxxxxxxxxxxxxmyAuthTokenxxxxxxxxxxxxx",
"Accept": "application/json"
},
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"url": "https://myurl.mydomain.com/api/oauth/token",
"httpMethod": "POST",
"httpContentType": "application/json",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "accessToken",
"tokenType": "Bearer",
"authHeaderName": "token",
"myAuthToken": "Basic xxxxxxxxxxxxxxmyAuthTokenxxxxxxxxxxxxx",
"accessToken": "Bearer dummytoken",
"httpParams": "{\"refreshToken\": \"xxxxxxxxxxxmyRefreshTokenxxxxxxxxxxx\"}",
"retryFailureStatusCode": [
401,
400
]
}
}
}
Import Json Sample:
{
"accountParams": {
"connection": "acctAuth",
"createUsers": false,
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200
]
},
"doNotChangeIfFailed": true,
"statusAndThresholdConfig": {
"accountsNotInImportAction": "Suspend",
"accountThresholdValue": 1000,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://myurl.mydomain.com/api/v1/users",
"httpContentType": "application/json",
"httpMethod": "GET",
"httpHeaders": {
"Accept": "application/json",
"token": "${access_token}",
"Authorization": "${connection.myAuthToken}"
}
},
"listField": "",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "userName~#~char",
"name": "userName~#~char",
"customproperty2": "email~#~char",
"customproperty1": "id~#~char"
}
}
}
},
"entitlementParams": {
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200
]
},
"doNotChangeIfFailed": true,
"entTypes": {
"Role": {
"entTypeOrder": 0,
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Accept": "application/json",
"token": "${access_token}",
"Authorization": "${connection.myAuthToken}"
},
"url": "https://myurl.mydomain.com/api/v1/roles",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "organizationRoles",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "name~#~char",
"entitlement_value": "name~#~char"
},
"disableDeletedEntitlements": true
}
}
}
}
},
"acctEntParams": {
"entTypes": {
"Role": {
"acctKeyField": "accountID",
"entKeyField": "entitlementID",
"call": {
"call1": {
"processingType": "http",
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Accept": "application/json",
"token": "${access_token}",
"Authorization": "${connection.myAuthToken}"
},
"url": "https://myurl.mydomain.com/api/v1/users",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "",
"acctIdPath": "userName",
"entListField": "hierarchicalRoles.organizationRoles",
"entIdPath": "name"
}
}
}
}
}
}
CC: @sahajranajee
-Siva
04/05/2023 11:05 PM - edited 04/05/2023 11:06 PM
And it is working fine in accountparams and entitlementparams block and getting evaluated. rt?
04/05/2023 11:43 PM
Yes, it is.
04/06/2023 08:58 AM
Is the account to Entitlement mapping working with the above JSON that you are using after hardcoding the variable value.
Ideally you should not need to define the auth info again since the user's url is also listing the information of the mapping. You can try the below JSON format and it should also work
{
"accountParams": {
"connection": "acctAuth",
"createUsers": false,
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200
]
},
"doNotChangeIfFailed": true,
"statusAndThresholdConfig": {
"accountsNotInImportAction": "Suspend",
"accountThresholdValue": 1000,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://myurl.mydomain.com/api/v1/users",
"httpContentType": "application/json",
"httpMethod": "GET",
"httpHeaders": {
"Accept": "application/json",
"token": "${access_token}",
"Authorization": "${connection.myAuthToken}"
}
},
"listField": "",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "userName~#~char",
"name": "userName~#~char",
"customproperty2": "email~#~char",
"customproperty1": "id~#~char"
}
}
},
"acctEntMappings": {
"Role": {
"listField": "",
"entListField": "hierarchicalRoles.organizationRoles",
"entIdPath": "name"
}
}
},
"entitlementParams": {
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200
]
},
"doNotChangeIfFailed": true,
"entTypes": {
"Role": {
"entTypeOrder": 0,
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Accept": "application/json",
"token": "${access_token}",
"Authorization": "${connection.myAuthToken}"
},
"url": "https://myurl.mydomain.com/api/v1/roles",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "organizationRoles",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "name~#~char",
"entitlement_value": "name~#~char"
},
"disableDeletedEntitlements": true
}
}
}
}
},
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}
04/06/2023 09:49 AM
Yes, Sahil! It works after we hardcode the token in acctEntParams block.
By the way, in the sample I provided I replaced the URL's - Actual list users API URL is different from the URL mentioned in acctEntParams block and hence we didn't use acctEntMappings block within accountParams block.
We usually use acctEntMappings block itself if the list users call gives out the entitlement associated with the users as well & that's the reason why we didn't encounter the issue with using key values in connection jsons as variables so far. When we started using the acctEntParams block with the connection json key values as variables, we figured out the issue.
Hope this clarifies your question.
-Siva
04/06/2023 10:21 AM
Thanks for clarifying. So just to be sure, is it a 3rd url (different from Users and roles) that presents the mapping information?
04/06/2023 02:58 PM
Yes, @SB ! That's right!
04/12/2023 01:48 PM - edited 04/12/2023 01:48 PM
This should have worked with the json you shared. I would recommend creating a ticket with support team to get this checked.
04/12/2023 02:21 PM
We are currently in v5.5 SP 3.12.23. Can it be a bug in the version? Because, from the logs we could see that the value is not getting replaced if we use the variable under acctEntParams block
-Siva
04/14/2023 09:04 AM
This appears to be. Can you create a support ticket so they can get it checked.