Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/07/2023 04:32 PM
I have provided the JSON and the response from Postman below. With the JSON configured, when the Pagination parameter is included, the API throws 401 error in the Saviynt logs. Without the Pagination section specified, the Saviynt job is able to fetch only 100 accounts. Please help us understand how to FRAME THE PAGINATION parameter based on the POSTMAN response shown below..
06/08/2023 03:17 AM
Hi,
To read the response of previous page, The REST Connector provides a binding called completeResponseMap in the pagination parameter.
Please update the value for totalCountPath to completeResponseMap.metadata.total_objects and run the import.
06/08/2023 11:01 AM
Khalid - It still gives me 401 error. I included totalcountpath as you suggested, but it fails with 401 error. Without the pagination parameter in the JSON, the job runs successfully but only brings back the default number of records (in Duo's case it's 100). Pasting the latest json here:
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxx.duosecurity.com/admin/v1/users",
"basicUrl":"xxxx.duosecurity.com",
"hostUrl":"/admin/v1/users",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "response",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "user_id~#~char",
"name": "username~#~char",
"status": "status~#~char",
"customproperty1": "status~#~char"
},
"pagination":
{
"offset":{
"offsetParam": "offset",
"batchParam": "limit",
"batchSize": 10,
"totalCountPath": "completeResponseMap.metadata.total_objects"
}
}
}
}
}
}
06/08/2023 09:31 PM
Hi,
As this is for the DUO application, I do not think pagination will work because of the dynamic URL. I will recommend using the OOTB Duo connection type for import. Let me know if you have any concerns regarding the DUO Connector.
06/09/2023 07:12 AM
Khalid - I dont understand the dynamic URL. How are other rest implementations working which have similar response - where it responds back with an offset value and the total resultcount. How are those different? We cannot use OOTB Duo connector since it reconciles Admin and User accounts. We are only managing User accounts and dont want to reconcile Admin accounts, is that possible?
06/09/2023 12:12 PM
@anandinguva The issue is not with the API response but the authentication mechanism which is quite different from other applications.
In offset pagination-based import, the offset parameters get appended with the current API URL and it gets updated in the next API calls as well to traverse all the records.
In this case, DUO authentication evaluates the token only for the URL mentioned in the HTTP parameter of the import JSON. But while calling the actual URL, the final URL gets appended with pagination parameters. Hence, the API authorization will get failed due to a URL mismatch.
06/12/2023 11:44 AM
@khalidakhter Are you saying this is an issue with "Saviynt's" REST connector in handling Duo REST API? If that's the case, I will raise a defect ticket. Authentication/authorization should not be an issue since it's anyways handled through ConnectionJSON and its working fine with the "actual URL".
As you can see below from postman screenshot, I appended the offset and limit parameters, and it's not throwing a 401 error.