Saviynt Forums

IAM_99 · ‎08/22/2022

Hi Team,

We are onboarding app using REST Connector. Its giving 401 exception while provisioning an account. Same is working as expected in POSTMAN.

Here is the provisioning comments :

{"call1":{"headers":{"date":"Mon, 22 Aug 2022 15:01:00 GMT","expires":"0","transfer-encoding":"chunked","x-content-type-options":"nosniff","x-xss-protection":"1; mode=block","vary":"origin,access-control-request-method,access-control-request-headers,accept-encoding","x-frame-options":"DENY","www-authenticate":"Basic realm=\"Realm\"","content-type":"application/json","cache-control":"no-cache, no-store, max-age=0, must-revalidate","pragma":"no-cache","strict-transport-security":"max-age=31536000 ; includeSubDomains"},"message":{"timestamp":"2022-08-22T15:01:00.994+00:00","status":401,"error":"Unauthorized","path":"/v1/ext/users"},"statusCode":401,"description":null,"status":"Failed"}}

Here is my ConnectionJSON :

{

"authentications":{

"userAuth":{

"authType": "Basic",

"url": "https://xxxxxxxxxxxxx.xxxxxx.com/idams/b2c/api/auth/token?grant_type=client_credentials&scope=readpr...",

"httpMethod": "POST",

"httpHeaders": {

"Content-Type": "application/x-www-form-urlencoded"

},

"properties":{

"userName": "xxxxxxxxxxxxx",

"password": "xxxxxxxxxxxxxxx"

},

"errorPath": "error.code",

"authError":[

"InvalidAuthenticationToken",

"AuthenticationFailed"

],

"retryFailureStatusCode":[

]

}

CreateAccountJSON

{

"accountIdPath": "accountName",

"call": [{

"name": "call1",

"connection": "userAuth",

"url": "https://xxxxxxxx.xxxxxx.com/idams/b2c/api/v1/ext/users",

"httpParams": "{\"firstName\":\"${user.firstname}\",\"lastName\":\"${user.lastname}\",\"email\":\"${user.departmentname}\",\"deptName\":\"Internal\"}",

"httpMethod": "POST",

"httpHeaders": {

"Authorization": "Bearer {access_token}",

"Host": "qa.h.sre2.ntg.xxxxxx.com"

},

"httpContentType": "application/json",

"successResponses": {

"statusCode": [

200,

201,

202,

203,

204

]

},

"unsuccessResponses": {

"statusCode": [

404,

401,

400

]

}

}]

}

Any inputs on what could have gone wrong ?

Thanks,

suresh

[This post has been edited by a moderator to remove personally identifiable information to abide by the Saviynt Community Terms of Use and Participation Guidelines.]

rushikeshvartak · ‎08/22/2022

Your connection Json have missing config

"retryFailureStatusCode": [403,401,500],"maxRefreshTryCount": 5,

Create Account JSoN update below line

Authorization": "${access_token}",

Refer https://saviynt.freshdesk.com/support/solutions/articles/43000521736-rest-connector-guide#RESTConnec...

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

IAM_99 · ‎08/23/2022

after updating above got this error -

retryFailureStatusCode":[403,401,500]

{"auditDetails":{"call1": [{"headers":null,"message":"","statusCode":null,"description":null,"status":"Failed"}]},"call1": {"headers":null,"message":"","statusCode":null,"description":null,"status":"Failed"}}

retryFailureStatusCode":[403,500] (If we remove 401 below is the error)

{"call1":{"headers":{"date":"Tue, 23 Aug 2022 13:51:01 GMT","expires":"0","transfer-encoding":"chunked","x-content-type-options":"nosniff","x-xss-protection":"1; mode=block","vary":"origin,access-control-request-method,access-control-request-headers,accept-encoding","x-frame-options":"DENY","www-authenticate":"Basic realm=\"Realm\"","content-type":"application/json","cache-control":"no-cache, no-store, max-age=0, must-revalidate","pragma":"no-cache","strict-transport-security":"max-age=31536000 ; includeSubDomains"},"message":{"timestamp":"2022-08-23T13:51:01.584+00:00","status":401,"error":"Unauthorized","path":"/v1/ext/users"},"statusCode":401,"description":null,"status":"Failed"}}

rushikeshvartak · ‎08/23/2022

can you share full logs & json after update

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

IAM_99 · ‎08/23/2022

Connection JSON

{
"authentications":{
"userAuth":{
"authType": "Basic",
"url": "https://xxxxxxxxxx.xxxxxxxxx.com/idams/b2c/api/auth/token?grant_type=client_credentials&scope=readpr...",
"httpMethod": "POST",
"httpHeaders": {
"Content-Type": "application/x-www-form-urlencoded"
},
"properties":{
"userName": "xxxxxxxx",
"password": "xxxxxxxxxxxxxxxxxxxxxxxxx"
},
"maxRefreshTryCount":5,
"errorPath": "error.code",
"authError":[
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"retryFailureStatusCode":[403,401,500]
}
}
}

CreateAccount JSON

{
"accountIdPath": "accountName",
"call": [{
"name": "call1",
"connection": "userAuth",
"url": "https://xxxxxxxxx.xxxxxxx.com/idams/b2c/api/v1/ext/users",
"httpParams": "{\"firstName\":\"${user.firstname}\",\"lastName\":\"${user.lastname}\",\"email\":\"${user.departmentname}\",\"deptName\":\"Internal\"}",
"httpMethod": "POST",
"httpHeaders": {
"Authorization": "{access_token}",
"Host": "qa.h.sre2.ntg.xxxxxx.com"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204
]
},
"unsuccessResponses": {
"statusCode": [
404,
401,
400
]
}
}]
}

rushikeshvartak · ‎08/23/2022

retryFailureStatusCode":[403,500,401,null] ,"tokenResponsePath": "access_token"

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

IAM_99 · ‎08/25/2022

tried these combinations,Its the same exception.

Is there a way we can test whether token is generating from ConnectionJSON , Its not printing much in the logs ?

rushikeshvartak · ‎08/25/2022

ContentType should be httpContentType

Sample :

{
  "authentications": {
    "acctAuth": {
      "authType": "Basic",
      "httpMethod": "POST",
      "httpParams": {},
      "httpHeaders": {},
      "httpContentType": "text/html",
      "properties": {
        "userName":"<specify username>",
        "password":"<specify password>"
      },
      
      "authError": [
        "InvalidAuthenticationToken",
        “Couldn’t aunthenticate you”, 
        "AuthenticationFailed"
      ],
      "errorPath": "error",
      "retryFailureStatusCode": [
        401
      ],
      "maxRefreshTryCount": 5,
      "tokenType": "Basic",
      "accessToken": "Basic abcd"
    }
  }
}

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

IAM_99 · ‎08/25/2022

"auditDetails":{"call1":[{"headers":null,"message":"","statusCode":null,"description":null,"status":"Failed"}]},

rushikeshvartak · ‎08/25/2022

It seems you are passing wrong param to create account json like in email you are sending dept name

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

IAM_99 · ‎08/25/2022

agreed but if that is the case , it should have given 400 Bad request exception

I tried with hardcoded also

IAM_99 · ‎08/25/2022

since saviynt REST test connection is not really validating credentials ( if we passworng username,password also it gives Test Successful) , if we can find a way to test ConnectionJSON is generating token or not , or any detailed exception

rushikeshvartak · ‎08/25/2022

Connection JSON Validation: The connector supports validating authType as oauth2. To do this, populate the http parameters in the testConnectionParams attribute. It validates the connection parameters and prompts Successful or Failed status based on the provided credentials while saving the connection.
Example:

{
  "authentications": {
    "acctAuth": {
      "authType": "Basic",
      "url": "https://<domain name>",
      "httpMethod": "POST",
      "httpParams": {},
      "httpHeaders": {},
      "httpContentType": "text/html",
      "properties": {
        "userName": "username",
        "password": "password"
      },
      "expiryError": "Couldn't authenticate you",
      "authError": [
        "Couldn't authenticate you"
      ],
      "timeOutError": "Read timed out",
      "errorPath": "error",
      "maxRefreshTryCount": 5,
      "tokenResponsePath": "access_token",
      "tokenType": "Basic",
      "accessToken": "Basic asdfghjkl",
      "testConnectionParams": {
        "http": {
          "url": "https://<domain name>/api/v2/users.json",
          "httpHeaders": {
            "Authorization": "${access_token}"
          },
          "httpContentType": "application/json",
          "httpMethod": "GET"
        },
        "successReponse": [],
        "successResponsePath": "",
        "errors": [
          "Couldn't authenticate you"
        ],
        "errorPath": "error"
      }
    }
  }
}

https://saviynt.freshdesk.com/support/solutions/articles/43000521736-rest-connector-guide%C2%A0

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

IAM_99 · ‎08/25/2022

this is updated ConnectionJSON

{
"authentications": {
"acctAuth": {
"authType": "Basic",
"url": "https://XXXXXXXXXXXXXX/idams/b2c/api/auth1/token?grant_type=client_credentials&scope=readprofile",
"httpMethod": "POST",
"httpParams": {},
"httpHeaders": {},
"httpContentType": "application/x-www-form-urlencoded",
"properties": {
"userName": "XXXXXXX",
"password": "XXXXXX"
},
"expiryError": "Couldn't authenticate you",
"authError": [
"Couldn't authenticate you"
],
"timeOutError": "Read timed out",
"errorPath": "error",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer asdfghjkl",
"testConnectionParams": {
"http": {
"url": "https://xxxxxxxxxxx/idams/b2c/api/v1/ext/users",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"successReponse": [],
"successResponsePath": "",
"errors": [
"Couldn't authenticate you"
],
"errorPath": "error"
}
}
}
}

Logs attached upon test connections.

Ankyt19 · ‎08/25/2022

Hi @IAM_99 ,

were you able to solve this ?

if not . I would say try using GET call and import data and see if it is giving user details ?

Also Try to encode username:password and use that in connection json .

Thanks
Ankit

IAM_99 · ‎10/03/2022

Hi ,sorry couldn't respond due to other priorities

Yeah I did encoded username and password but getting invalid access token, please find my connection JSON.

{
"authentications": {
"userAuth": {
"authType":"noauth",
"url":"https://xxxxxxxxxxxxxx/idams/b2c/api/auth/token?grant_type=client_credentials&scope=readprofile",
"httpMethod":"POST",
"httpParams": {
"Content-Type":"application/json"
},
"httpHeaders": {
"Authorization":"Basic MXXXXXXXXXXXXXXXXXXXXXXXXXXXXXqd0ZSb3IyNnR5ZjR1SA==",
"Content-Type":"application/x-www-form-urlencoded"
},

"retryFailureStatusCode": [401,500,504],
"tokenResponsePath":"access_token",
"tokenType":"Bearer",
"accessToken":"Bearer ${access_token}"
}
}
}

Note: From POSTMAN its working , tried CURL in sc2 also its working so not an issue with firewall blocking

IAM_99 · ‎10/03/2022

Import job is throwing "Cannot invoke method equalsIgnoreCase() on null object" , please find logs

rushikeshvartak · ‎10/03/2022

Add correct token first time from postman

accessToken":"Bearer token”

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

IAM_99 · ‎10/03/2022

It worked as we hardcoded token, after that i have replaced actual token with ${access_token}, again it was throwing "invalid_token error"

avinashchhetri · ‎10/04/2022

@IAM_99,

Please ensure you redact customer sensitive information (including url's) when posting on forums.

@Dave FYI

Regards,
Avinash Chhetri

rushikeshvartak · ‎10/04/2022

share postman screenshot

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

IAM_99 · ‎10/04/2022

rushikeshvartak · ‎10/04/2022

Share Import JSON

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

IAM_99 · ‎10/04/2022

{
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"statusColumn": "customproperty16",
"activeStatus": [
"ACTIVE",
"PROVISIONED"
],
"deleteLinks": true,
"accountThresholdValue": 100000,
"correlateInactiveAccounts": false,
"inactivateAccountsNotInFile": true,
"deleteAccEntForActiveAccounts": true

},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"httpMethod": "GET",
"http": {
"url": "https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/api/v1/ext/users",
"httpHeaders": {
"Authorization": "${access_token}"
}

},
"listField": "users",
"keyField": "accountID",
"statusConfig": {
"active": [
"ACTIVE",
"PROVISIONED"
],
"inactive": ["LOCKED_OUT", "SUSPENDED"]
},
"colsToPropsMap": {
"accountID": "userName~#~char",
"name": "userName~#~char",
"customproperty16": "userStatus~#~char",
"customproperty1": "userName~#~char",
"customproperty2": "firstName~#~char",
"customproperty3": "lastName~#~char",
"customproperty5": "email~#~char",
"customproperty6": "departmentName~#~char",
"customproperty15": "organisationId~#~char",
"customproperty21": "organisationName~#~char"
}
}
}
},
"entitlementParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"Roles": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"connection": "userAuth",
"listField": "roles",
"keyField": "entitlementID",
"http": {
"url": "https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/api/v1/ext/application/DSAR/roles",
"httpMethod": "GET",
"httpContentType": "application/json",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
}
},
"colsToPropsMap": {
"customproperty1": "displayName~#~char",
"customproperty2": "roleDescription~#~char",
"customproperty4": "roleType~#~char",
"entitlementID": "roleId~#~char",
"entitlement_value": "roleId~#~char"
}
}
}
}
}
},
"acctEntParams": {
"entTypes": {
"Roles": {
"call": {
"call1": {
"processingType": "httpEntToAcct",
"connection": "userAuth",
"listField": "users",
"acctKeyField": "accountID",
"entKeyField": "entitlementID",
"acctIdPath": "userName",
"http": {
"url": "https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/api/v1/ext/users",
"httpMethod": "GET",
"httpContentType": "application/json",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
}
}
}
}
}
}
}
}

IAM_99 · ‎10/04/2022

Thanks , I have masked all URLS

IAM_99 · ‎10/12/2022

Hi Team,

we see URL is printing with encoded value for & , like this in the Logs

"ecm-worker","2022-10-12T18:41:15.277+00:00","{"log":"2022-10-12 18:41:15,176 [quartzScheduler_Worker-9] DEBUG rest.RestUtilService - Calling https://xxxxxxxxxxxx/idams/b2c/api/auth1/token?grant_type=client_credentials\u0026scope=readprofile\...

POSTMAN URL:

https://xxxxxxxxxxxx/idams/b2c/api/auth1/token?grant_type=client_credentials&scope=readprofile

is there some thing we can set at JSON level to address this ?

rushikeshvartak · ‎10/12/2022

Encode & with %26

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

IAM_99 · ‎10/12/2022

you mean , need to replace in URL ?

https://XXXXXXXXXXXXXX/idams/b2c/api/auth/token?grant_type=client_credentials%26scope=readprofile

tried in POSTMAN but its throwing exception below

{

"error": "Duplicate parameter provided in request. Duplicated parameters: [scope].",

"code": 400

}

rushikeshvartak · ‎10/13/2022

Saviynt

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

IAM_99 · ‎10/13/2022

sorry i didnt understand , can you elaborate?

rushikeshvartak · ‎10/13/2022

"url": "https://xxxxxxxxxxxxx.xxxxxx.com/idams/b2c/api/auth/token?grant_type=client_credentials%26scope=read...",

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

IAM_99 · ‎10/13/2022

no luck , please find logs

"ecm-worker","2022-10-13T13:49:46.809+00:00","{"log":"2022-10-13 13:49:46,475 [quartzScheduler_Worker-10] DEBUG rest.RestUtilService - Got showLogs = true\n","stream":"stdout","time":"2022-10-13T13:49:46.4758397Z"}"
"ecm-worker","2022-10-13T13:49:46.809+00:00","{"log":"2022-10-13 13:49:46,475 [quartzScheduler_Worker-10] DEBUG rest.RestProvisioningService - Got Webservice API Response: [headers:[vary: origin,access-control-request-method,access-control-request-headers,accept-encoding, cache-control: no-store, pragma: no-cache, www-authenticate: Bearer realm=\"IDAMS-B2C\", error=\"invalid_token\", error_description=\"Invalid access token\", x-content-type-options: nosniff, x-xss-protection: 1; mode=block, strict-transport-security: max-age=31536000 ; includeSubDomains, x-frame-options: DENY, content-type: application/json, transfer-encoding: chunked, date: Thu, 13 Oct 2022 13:49:46 GMT], responseText:{\"error\":\"invalid_token\",\"error_description\":\"Invalid access token\"}, cookies:[], statusCode:401]\n","stream":"stdout","time":"2022-10-13T13:49:46.475867714Z"}"
"ecm-worker","2022-10-13T13:49:46.809+00:00","{"log":"2022-10-13 13:49:46,475 [quartzScheduler_Worker-10] DEBUG rest.RestProvisioningService - pullObjectsByRest - responseStatusCode ::401\n","stream":"stdout","time":"2022-10-13T13:49:46.47588109Z"}"
"ecm-worker","2022-10-13T13:49:46.809+00:00","{"log":"2022-10-13 13:49:46,475 [quartzScheduler_Worker-10] ERROR rest.RestProvisioningService - Exception in pullObjectsByRest :401\n","stream":"stdout","time":"2022-10-13T13:49:46.475929461Z"}"
"ecm-worker","2022-10-13T13:49:46.809+00:00","{"log":"2022-10-13 13:49:46,475 [quartzScheduler_Worker-10] ERROR rest.RestProvisioningService - Inside token Expiry Exception block. connectionParamMap.refreshTryCount : 4\n","stream":"stdout","time":"2022-10-13T13:49:46.475969952Z"}"
"ecm-worker","2022-10-13T13:49:46.809+00:00","{"log":"2022-10-13 13:49:46,475 [quartzScheduler_Worker-10] DEBUG rest.RestProvisioningService - Incrementing connectionParamMap.refreshTryCount : 5\n","stream":"stdout","time":"2022-10-13T13:49:46.475982324Z"}"
"ecm-worker","2022-10-13T13:49:46.809+00:00","{"log":"2022-10-13 13:49:46,475 [quartzScheduler_Worker-10] DEBUG rest.RestProvisioningService - maxRefreshTryCount : 5\n","stream":"stdout","time":"2022-10-13T13:49:46.47599315Z"}"
"ecm-worker","2022-10-13T13:49:46.809+00:00","{"log":"2022-10-13 13:49:46,476 [quartzScheduler_Worker-10] DEBUG rest.RestUtilService - Calling https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/api/auth1/token?grant_type=client_credentials\u0026scope=readprofile\n","stream":"stdout","time":"2022-10-13T13:49:46.476

Saviynt Forums

REST Connector - throwing 401 exception ( unauthorized path)