We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

[REST Conn] Custom Defined Key Value Pair in Connection Json Not Accessible in acctEntParams Block

Sivagami
Valued Contributor
Valued Contributor

Hi Team,

We have a possibility to define custom key value pairs in connection jsons and access it in other jsons of rest connector. Something like below.

Key value pair in connection json 

"myAuthToken": "xxxxxxxxxxxxxxxxxxxx"

Accessing the same in other jsons

${connection.myAuthToken}

Reference Forums Post explaining this feature: https://forums.saviynt.com/t5/application-access-governance/rest-connector-query-saving-multiple-cre...

We noticed that this variable usage seems to be not allowed in some rest connector blocks.

For example, in importAcctEntJson, if the custom defined variable (${connection.myAuthToken}) is used under acctEntParams, it's not replacing the value. Hardcoding the variable value in this block works.

Connection json Sample:

 

{
    "authentications": {
        "acctAuth": {
            "authType": "oauth2",
            "httpHeaders": {
                "Authorization": "Basic xxxxxxxxxxxxxxmyAuthTokenxxxxxxxxxxxxx",
                "Accept": "application/json"
            },
            "authError": [
                "InvalidAuthenticationToken",
                "AuthenticationFailed"
            ],
            "url": "https://myurl.mydomain.com/api/oauth/token",
            "httpMethod": "POST",
            "httpContentType": "application/json",
            "errorPath": "error.code",
            "maxRefreshTryCount": 5,
            "tokenResponsePath": "accessToken",
            "tokenType": "Bearer",
            "authHeaderName": "token",
            "myAuthToken": "Basic xxxxxxxxxxxxxxmyAuthTokenxxxxxxxxxxxxx",
            "accessToken": "Bearer dummytoken",
            "httpParams": "{\"refreshToken\": \"xxxxxxxxxxxmyRefreshTokenxxxxxxxxxxx\"}",
            "retryFailureStatusCode": [
                401,
                400
            ]
        }
    }
}

 

Import Json Sample:

 

{
  "accountParams": {
    "connection": "acctAuth",
    "createUsers": false,
    "processingType": "SequentialAndIterative",
    "successResponses": {
      "statusCode": [
        200
      ]
    },
    "doNotChangeIfFailed": true,
    "statusAndThresholdConfig": {
      "accountsNotInImportAction": "Suspend",
      "accountThresholdValue": 1000,
      "deleteAccEntForActiveAccounts": true
    },
    "call": {
      "call1": {
        "callOrder": 0,
        "stageNumber": 0,
        "http": {
          "url": "https://myurl.mydomain.com/api/v1/users",
          "httpContentType": "application/json",
          "httpMethod": "GET",
          "httpHeaders": {
            "Accept": "application/json",
            "token": "${access_token}",
            "Authorization": "${connection.myAuthToken}"
          }
        },
        "listField": "",
        "keyField": "accountID",
        "colsToPropsMap": {
          "accountID": "userName~#~char",
          "name": "userName~#~char",
          "customproperty2": "email~#~char",
          "customproperty1": "id~#~char"
        }
      }
    }
  },
  "entitlementParams": {
    "processingType": "SequentialAndIterative",
    "successResponses": {
      "statusCode": [
        200
      ]
    },
    "doNotChangeIfFailed": true,
    "entTypes": {
      "Role": {
        "entTypeOrder": 0,
        "call": {
          "call1": {
            "connection": "acctAuth",
            "callOrder": 0,
            "stageNumber": 0,
            "http": {
              "httpHeaders": {
                "Accept": "application/json",
                "token": "${access_token}",
                "Authorization": "${connection.myAuthToken}"
              },
              "url": "https://myurl.mydomain.com/api/v1/roles",
              "httpContentType": "application/json",
              "httpMethod": "GET"
            },
            "listField": "organizationRoles",
            "keyField": "entitlementID",
            "colsToPropsMap": {
              "entitlementID": "name~#~char",
              "entitlement_value": "name~#~char"
            },
            "disableDeletedEntitlements": true
          }
        }
      }
    }
  },
  "acctEntParams": {
    "entTypes": {
      "Role": {
        "acctKeyField": "accountID",
        "entKeyField": "entitlementID",
        "call": {
          "call1": {
            "processingType": "http",
            "connection": "acctAuth",
            "callOrder": 0,
            "stageNumber": 0,
            "http": {
              "httpHeaders": {
                "Accept": "application/json",
                "token": "${access_token}",
                "Authorization": "${connection.myAuthToken}"
              },
              "url": "https://myurl.mydomain.com/api/v1/users",
              "httpContentType": "application/json",
              "httpMethod": "GET"
            },
            "listField": "",
            "acctIdPath": "userName",
            "entListField": "hierarchicalRoles.organizationRoles",
            "entIdPath": "name"
          }
        }
      }
    }
  }
}

 

CC: @sahajranajee 

-Siva

9 REPLIES 9

nimitdave
Saviynt Employee
Saviynt Employee

And it is working fine in accountparams and entitlementparams block and getting evaluated. rt?

Sivagami
Valued Contributor
Valued Contributor

Yes, it is.

SB
Saviynt Employee
Saviynt Employee

Is the account to Entitlement mapping working with the above JSON that you are using after hardcoding the variable value. 

Ideally you should not need to define the auth info again since the user's url is also listing the information of the mapping. You can try the below JSON format and it should also work

{
"accountParams": {
"connection": "acctAuth",
"createUsers": false,
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200
]
},
"doNotChangeIfFailed": true,
"statusAndThresholdConfig": {
"accountsNotInImportAction": "Suspend",
"accountThresholdValue": 1000,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://myurl.mydomain.com/api/v1/users",
"httpContentType": "application/json",
"httpMethod": "GET",
"httpHeaders": {
"Accept": "application/json",
"token": "${access_token}",
"Authorization": "${connection.myAuthToken}"
}
},
"listField": "",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "userName~#~char",
"name": "userName~#~char",
"customproperty2": "email~#~char",
"customproperty1": "id~#~char"
}
}
},
"acctEntMappings": {
"Role": {
"listField": "",
"entListField": "hierarchicalRoles.organizationRoles",
"entIdPath": "name"
}
}
},
"entitlementParams": {
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200
]
},
"doNotChangeIfFailed": true,
"entTypes": {
"Role": {
"entTypeOrder": 0,
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Accept": "application/json",
"token": "${access_token}",
"Authorization": "${connection.myAuthToken}"
},
"url": "https://myurl.mydomain.com/api/v1/roles",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "organizationRoles",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "name~#~char",
"entitlement_value": "name~#~char"
},
"disableDeletedEntitlements": true
}
}
}
}
},
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}

 


Regards,
Sahil

Sivagami
Valued Contributor
Valued Contributor

Yes, Sahil! It works after we hardcode the token in acctEntParams block.

By the way, in the sample I provided I replaced the URL's - Actual list users API URL is different from the URL mentioned in acctEntParams block and hence we didn't use acctEntMappings block within accountParams block.

We usually use acctEntMappings block itself if the list users call gives out the entitlement associated with the users as well & that's the reason why we didn't encounter the issue with using key values in connection jsons as variables so far. When we started using the acctEntParams block with the connection json key values as variables, we figured out the issue.

Hope this clarifies your question.

-Siva

 

SB
Saviynt Employee
Saviynt Employee

Thanks for clarifying. So just to be sure, is it a 3rd url (different from Users and roles) that presents the mapping information?


Regards,
Sahil

Sivagami
Valued Contributor
Valued Contributor

Yes, @SB ! That's right!

SB
Saviynt Employee
Saviynt Employee

This should have worked with the json you shared. I would recommend creating a ticket with support team to get this checked.


Regards,
Sahil

Sivagami
Valued Contributor
Valued Contributor

We are currently in v5.5 SP 3.12.23. Can it be a bug in the version? Because, from the logs we could see that the value is not getting replaced if we use the variable under acctEntParams block

-Siva

SB
Saviynt Employee
Saviynt Employee

This appears to be. Can you create a support ticket so they can get it checked.


Regards,
Sahil