Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

REST Connector - Pass token in a header cookie

Miha
New Contributor III
New Contributor III

‎08/27/2024 03:42 AM - edited ‎08/27/2024 04:03 AM

Hello,

We want to integrate Saviynt with Centric application and need some help with the rest connector syntax configuration, as the token must be passed in a cookie for subsequent API calls.

  • Authentication. In order to be able to initiate any GET queries, a session must be established first to authenticate in Centric server as a valid user. In Postman, this is done by hitting a POST request, as described below. In the body we have username and pwd, and the response returns a security token.

Miha_0-1724749920348.png

Response cookies:

Miha_1-1724750567099.png

  • Retrieve data. Once the above step is complete, next I can run a GET call in Postman. In the request headers - Cookie, I noticed we have the combination of the response cookies from step 1 (jsessionid, csrf token, security tokenURL).

Miha_2-1724750839868.png

In Postman, this works perfectly fine.

In Saviynt, it doesn't. I need help to configure the connector to pass the cookie(s) when making GET calls.

Furthermore, to make sure this would work, I tried some cURL queries directly from SC2 client:

  • First, I generated and stored the token to use in subsequent operations. Here I extracted just the JSESSIONID
TOKEN=$(curl -s -k -X POST https:/ABCDhost/session \
    -H "Content-Type: application/json" \
    -d '{"username": "abcduser", "password": "abcdpass"}' \
    -D - | grep -i 'Set-Cookie' | sed -n 's/.*JSESSIONID=\([^;]*\).*/\1/p')
  • Then, I ran a GET call to retrieve 2 users, using the token from previous step:
curl -k -X GET "https://ABDhost/ABCDusers?skip=0&limit=2" -H "Cookie: JSESSIONID=$TOKEN"
 

This worked in the SC2 client (with JSESSIONID only), I retrieved 2 users.

How to pass the token in a cookie in Saviynt REST Connector? (connection JSON to pass the token in a cookie + a sample of account import json would be helpful).

I know that passing multiple cookies is not supported, but can I specify at least one cookie parameter generated in the POST call response - e.g., jsessionid?

I already tried the template from rest developer guide, it is not working.

Thank you.

 

Labels:
0 Kudos
6 REPLIES 6

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎08/28/2024 11:17 PM

Hello @Miha ,
You can create the dummy connection json,
do the authentication while doing the operations ,: like the same give for createaccountjson below.
Please check the below sample: 

connectionJSON:
{
	"authentications": {
		"acctAuth": {
			"authType": "oauth2",
			"url": "****",
			"httpMethod": "POST",
			"httpParams": {
				"clientId": "****",
				"secret": "***"
			},
			"httpHeaders": {
				"Content-Type": "application/json"
			},
			"httpContentType": "application/json",
			"successResponses": {
				"statusCode": [
					200
				]
			},
			"unsuccessResponses": {
				"statusCode": [
					400,
					401,
					403,
					404,
					408,
					500
				]
			},
			"retryFailureStatusCode": [
				400,
				401,
				403,
				404,
				408,
				500
			],
			"maxRefreshTryCount": 5,
			"timeOutError": "Read timed out",
			"tokenResponsePath": "#HEADERS#Set-Cookie",
			"tokenType": "",
			"authHeaderName": "Cookie",
			"accessToken": "****"
		}
	}
}
Create account json
{
	"accountIdPath": "call1.message.user.name",
	"call": [{
		"name": "call1",
		"connection": "acctAuth",
		"url": "******",
		"httpMethod": "POST",
		"httpParams": "{****}",
		"httpHeaders": {
			"Cookie": "${access_token}",
			"x-XSRF-TOKEN": "${access_token.substring(access_token.indexOf('XSRF-TOKEN=') + 11, access_token.indexOf(';', access_token.indexOf('XSRF-TOKEN=')))}",
			"Accept": "application/json"
		},
		"httpContentType": "application/json",
		"successResponses": {
			"statusCode": [200, 201]
		},
		"unsuccessResponses": {
			"statusCode": [
				400,
				401,
				403,
				404,
				408,
				500
			]
		}
	}]
}

 Thanks

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

Miha
New Contributor III
New Contributor III
In response to sudeshjaiswal

‎09/02/2024 11:57 PM

Hi, thanks for reply.

Will that work with Basic authentication as well (not oauth)?

0 Kudos

sudeshjaiswal
Saviynt Employee
Saviynt Employee
In response to Miha

‎09/03/2024 12:02 AM

Hello @Miha,

I doubt, but you may give a try to confirm.

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

Miha
New Contributor III
New Contributor III

‎09/10/2024 12:19 AM

Hello,

It does not work (I have basic auth).

I tried to run accout import.

First, in the connection json, I retrieve the cookie, then I need to store it somehow to pass it when import runs next. 

Is that supported at all?

Thank you,

0 Kudos

sudeshjaiswal
Saviynt Employee
Saviynt Employee
In response to Miha

‎09/12/2024 12:27 AM

Hello,

Can you share your connections json for basic auth and sample postman screenshot of the first api that returns the cookie value.

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

Miha
New Contributor III
New Contributor III

‎09/26/2024 05:42 PM

Hello,

Sorry for the late reply.

I added everything in the word document attached.

This does not work; I am not able to retrieve any accounts.

Just to recap:

When running any GET operations, I must send in the Headers section of the API call>Cookie parameter, the details that were fetched in the Create session POST API call (this is the first call I am specifying the connection JSON in Saviynt).

How can I do that in Saviynt connector? How to store the cookies that must be sent every time I am trying to fetch the users?

Let me know if you need more info from my end.

Thank you.

 

Preview file
488 KB
0 Kudos
Copyright © 2024 Khoros, LLC