and more in a single search tool across platforms. Read the announcement here. |
08/22/2022 09:11 PM - last edited on 10/04/2022 07:59 AM by Dave
08/22/2022 09:29 PM - edited 08/22/2022 09:32 PM
Your connection Json have missing config
"retryFailureStatusCode": [403,401,500],"maxRefreshTryCount": 5,
Create Account JSoN update below line
Authorization": "${access_token}",
08/23/2022 06:41 AM - edited 08/23/2022 06:55 AM
after updating above got this error -
retryFailureStatusCode":[403,401,500]
{"auditDetails":{"call1": [{"headers":null,"message":"","statusCode":null,"description":null,"status":"Failed"}]},"call1": {"headers":null,"message":"","statusCode":null,"description":null,"status":"Failed"}}
retryFailureStatusCode":[403,500] (If we remove 401 below is the error)
08/23/2022 06:47 AM
can you share full logs & json after update
08/23/2022 07:04 AM - edited 10/04/2022 07:37 AM
Connection JSON
{
"authentications":{
"userAuth":{
"authType": "Basic",
"url": "https://xxxxxxxxxx.xxxxxxxxx.com/idams/b2c/api/auth/token?grant_type=client_credentials&scope=readpr...",
"httpMethod": "POST",
"httpHeaders": {
"Content-Type": "application/x-www-form-urlencoded"
},
"properties":{
"userName": "xxxxxxxx",
"password": "xxxxxxxxxxxxxxxxxxxxxxxxx"
},
"maxRefreshTryCount":5,
"errorPath": "error.code",
"authError":[
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"retryFailureStatusCode":[403,401,500]
}
}
}
CreateAccount JSON
{
"accountIdPath": "accountName",
"call": [{
"name": "call1",
"connection": "userAuth",
"url": "https://xxxxxxxxx.xxxxxxx.com/idams/b2c/api/v1/ext/users",
"httpParams": "{\"firstName\":\"${user.firstname}\",\"lastName\":\"${user.lastname}\",\"email\":\"${user.departmentname}\",\"deptName\":\"Internal\"}",
"httpMethod": "POST",
"httpHeaders": {
"Authorization": "{access_token}",
"Host": "qa.h.sre2.ntg.xxxxxx.com"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204
]
},
"unsuccessResponses": {
"statusCode": [
404,
401,
400
]
}
}]
}
08/23/2022 10:18 AM - edited 08/23/2022 10:20 AM
retryFailureStatusCode":[403,500,401,null] ,"tokenResponsePath": "access_token"
08/25/2022 07:10 AM
tried these combinations,Its the same exception.
Is there a way we can test whether token is generating from ConnectionJSON , Its not printing much in the logs ?
08/25/2022 08:26 AM
ContentType should be httpContentType
Sample :
{ "authentications": { "acctAuth": { "authType": "Basic", "httpMethod": "POST", "httpParams": {}, "httpHeaders": {}, "httpContentType": "text/html", "properties": { "userName":"<specify username>", "password":"<specify password>" }, "authError": [ "InvalidAuthenticationToken", “Couldn’t aunthenticate you”, "AuthenticationFailed" ], "errorPath": "error", "retryFailureStatusCode": [ 401 ], "maxRefreshTryCount": 5, "tokenType": "Basic", "accessToken": "Basic abcd" } } }
08/25/2022 09:47 AM
"auditDetails":{"call1":[{"headers":null,"message":"","statusCode":null,"description":null,"status":"Failed"}]},
08/25/2022 10:01 AM
It seems you are passing wrong param to create account json like in email you are sending dept name
08/25/2022 10:07 AM
agreed but if that is the case , it should have given 400 Bad request exception
I tried with hardcoded also
08/25/2022 10:03 AM
since saviynt REST test connection is not really validating credentials ( if we passworng username,password also it gives Test Successful) , if we can find a way to test ConnectionJSON is generating token or not , or any detailed exception
08/25/2022 10:09 AM
Connection JSON Validation: The connector supports validating authType as oauth2. To do this, populate the http parameters in the testConnectionParams attribute. It validates the connection parameters and prompts Successful or Failed status based on the provided credentials while saving the connection.
Example:
{ "authentications": { "acctAuth": { "authType": "Basic", "url": "https://<domain name>", "httpMethod": "POST", "httpParams": {}, "httpHeaders": {}, "httpContentType": "text/html", "properties": { "userName": "username", "password": "password" }, "expiryError": "Couldn't authenticate you", "authError": [ "Couldn't authenticate you" ], "timeOutError": "Read timed out", "errorPath": "error", "maxRefreshTryCount": 5, "tokenResponsePath": "access_token", "tokenType": "Basic", "accessToken": "Basic asdfghjkl", "testConnectionParams": { "http": { "url": "https://<domain name>/api/v2/users.json", "httpHeaders": { "Authorization": "${access_token}" }, "httpContentType": "application/json", "httpMethod": "GET" }, "successReponse": [], "successResponsePath": "", "errors": [ "Couldn't authenticate you" ], "errorPath": "error" } } } }
08/25/2022 10:34 AM - last edited on 10/04/2022 08:03 AM by Dave
this is updated ConnectionJSON
{
"authentications": {
"acctAuth": {
"authType": "Basic",
"url": "https://XXXXXXXXXXXXXX/idams/b2c/api/auth1/token?grant_type=client_credentials&scope=readprofile",
"httpMethod": "POST",
"httpParams": {},
"httpHeaders": {},
"httpContentType": "application/x-www-form-urlencoded",
"properties": {
"userName": "XXXXXXX",
"password": "XXXXXX"
},
"expiryError": "Couldn't authenticate you",
"authError": [
"Couldn't authenticate you"
],
"timeOutError": "Read timed out",
"errorPath": "error",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer asdfghjkl",
"testConnectionParams": {
"http": {
"url": "https://xxxxxxxxxxx/idams/b2c/api/v1/ext/users",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"successReponse": [],
"successResponsePath": "",
"errors": [
"Couldn't authenticate you"
],
"errorPath": "error"
}
}
}
}
Logs attached upon test connections.
08/25/2022 11:22 AM
Hi @IAM_99 ,
were you able to solve this ?
if not . I would say try using GET call and import data and see if it is giving user details ?
Also Try to encode username:password and use that in connection json .
Thanks
Ankit
10/03/2022 06:14 PM - last edited on 10/04/2022 08:03 AM by Dave
Hi ,sorry couldn't respond due to other priorities
Yeah I did encoded username and password but getting invalid access token, please find my connection JSON.
{
"authentications": {
"userAuth": {
"authType":"noauth",
"url":"https://xxxxxxxxxxxxxx/idams/b2c/api/auth/token?grant_type=client_credentials&scope=readprofile",
"httpMethod":"POST",
"httpParams": {
"Content-Type":"application/json"
},
"httpHeaders": {
"Authorization":"Basic MXXXXXXXXXXXXXXXXXXXXXXXXXXXXXqd0ZSb3IyNnR5ZjR1SA==",
"Content-Type":"application/x-www-form-urlencoded"
},
"retryFailureStatusCode": [401,500,504],
"tokenResponsePath":"access_token",
"tokenType":"Bearer",
"accessToken":"Bearer ${access_token}"
}
}
}
Note: From POSTMAN its working , tried CURL in sc2 also its working so not an issue with firewall blocking
10/03/2022 06:25 PM
10/03/2022 08:26 PM
Add correct token first time from postman
accessToken":"Bearer token”
10/03/2022 09:24 PM
It worked as we hardcoded token, after that i have replaced actual token with ${access_token}, again it was throwing "invalid_token error"
10/04/2022 07:19 AM
10/04/2022 11:14 AM
share postman screenshot
10/04/2022 06:40 PM
10/04/2022 07:12 PM
Share Import JSON
10/04/2022 08:44 PM
{
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"statusColumn": "customproperty16",
"activeStatus": [
"ACTIVE",
"PROVISIONED"
],
"deleteLinks": true,
"accountThresholdValue": 100000,
"correlateInactiveAccounts": false,
"inactivateAccountsNotInFile": true,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"httpMethod": "GET",
"http": {
"url": "https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/api/v1/ext/users",
"httpHeaders": {
"Authorization": "${access_token}"
}
},
"listField": "users",
"keyField": "accountID",
"statusConfig": {
"active": [
"ACTIVE",
"PROVISIONED"
],
"inactive": ["LOCKED_OUT", "SUSPENDED"]
},
"colsToPropsMap": {
"accountID": "userName~#~char",
"name": "userName~#~char",
"customproperty16": "userStatus~#~char",
"customproperty1": "userName~#~char",
"customproperty2": "firstName~#~char",
"customproperty3": "lastName~#~char",
"customproperty5": "email~#~char",
"customproperty6": "departmentName~#~char",
"customproperty15": "organisationId~#~char",
"customproperty21": "organisationName~#~char"
}
}
}
},
"entitlementParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"Roles": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"connection": "userAuth",
"listField": "roles",
"keyField": "entitlementID",
"http": {
"url": "https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/api/v1/ext/application/DSAR/roles",
"httpMethod": "GET",
"httpContentType": "application/json",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
}
},
"colsToPropsMap": {
"customproperty1": "displayName~#~char",
"customproperty2": "roleDescription~#~char",
"customproperty4": "roleType~#~char",
"entitlementID": "roleId~#~char",
"entitlement_value": "roleId~#~char"
}
}
}
}
}
},
"acctEntParams": {
"entTypes": {
"Roles": {
"call": {
"call1": {
"processingType": "httpEntToAcct",
"connection": "userAuth",
"listField": "users",
"acctKeyField": "accountID",
"entKeyField": "entitlementID",
"acctIdPath": "userName",
"http": {
"url": "https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/api/v1/ext/users",
"httpMethod": "GET",
"httpContentType": "application/json",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
}
}
}
}
}
}
}
}
10/04/2022 07:39 AM - edited 10/04/2022 07:39 AM
Thanks , I have masked all URLS
10/12/2022 02:47 PM
Hi Team,
we see URL is printing with encoded value for & , like this in the Logs
"ecm-worker","2022-10-12T18:41:15.277+00:00","{"log":"2022-10-12 18:41:15,176 [quartzScheduler_Worker-9] DEBUG rest.RestUtilService - Calling https://xxxxxxxxxxxx/idams/b2c/api/auth1/token?grant_type=client_credentials\u0026scope=readprofile\...
POSTMAN URL:
https://xxxxxxxxxxxx/idams/b2c/api/auth1/token?grant_type=client_credentials&scope=readprofile
is there some thing we can set at JSON level to address this ?
10/12/2022 08:21 PM
Encode & with %26
10/12/2022 09:19 PM
you mean , need to replace in URL ?
https://XXXXXXXXXXXXXX/idams/b2c/api/auth/token?grant_type=client_credentials%26scope=readprofile
tried in POSTMAN but its throwing exception below
10/13/2022 01:24 AM
Saviynt
10/13/2022 06:06 AM
sorry i didnt understand , can you elaborate?
10/13/2022 06:41 AM
10/13/2022 07:06 AM
no luck , please find logs
"ecm-worker","2022-10-13T13:49:46.809+00:00","{"log":"2022-10-13 13:49:46,475 [quartzScheduler_Worker-10] DEBUG rest.RestUtilService - Got showLogs = true\n","stream":"stdout","time":"2022-10-13T13:49:46.4758397Z"}"
"ecm-worker","2022-10-13T13:49:46.809+00:00","{"log":"2022-10-13 13:49:46,475 [quartzScheduler_Worker-10] DEBUG rest.RestProvisioningService - Got Webservice API Response: [headers:[vary: origin,access-control-request-method,access-control-request-headers,accept-encoding, cache-control: no-store, pragma: no-cache, www-authenticate: Bearer realm=\"IDAMS-B2C\", error=\"invalid_token\", error_description=\"Invalid access token\", x-content-type-options: nosniff, x-xss-protection: 1; mode=block, strict-transport-security: max-age=31536000 ; includeSubDomains, x-frame-options: DENY, content-type: application/json, transfer-encoding: chunked, date: Thu, 13 Oct 2022 13:49:46 GMT], responseText:{\"error\":\"invalid_token\",\"error_description\":\"Invalid access token\"}, cookies:[], statusCode:401]\n","stream":"stdout","time":"2022-10-13T13:49:46.475867714Z"}"
"ecm-worker","2022-10-13T13:49:46.809+00:00","{"log":"2022-10-13 13:49:46,475 [quartzScheduler_Worker-10] DEBUG rest.RestProvisioningService - pullObjectsByRest - responseStatusCode ::401\n","stream":"stdout","time":"2022-10-13T13:49:46.47588109Z"}"
"ecm-worker","2022-10-13T13:49:46.809+00:00","{"log":"2022-10-13 13:49:46,475 [quartzScheduler_Worker-10] ERROR rest.RestProvisioningService - Exception in pullObjectsByRest :401\n","stream":"stdout","time":"2022-10-13T13:49:46.475929461Z"}"
"ecm-worker","2022-10-13T13:49:46.809+00:00","{"log":"2022-10-13 13:49:46,475 [quartzScheduler_Worker-10] ERROR rest.RestProvisioningService - Inside token Expiry Exception block. connectionParamMap.refreshTryCount : 4\n","stream":"stdout","time":"2022-10-13T13:49:46.475969952Z"}"
"ecm-worker","2022-10-13T13:49:46.809+00:00","{"log":"2022-10-13 13:49:46,475 [quartzScheduler_Worker-10] DEBUG rest.RestProvisioningService - Incrementing connectionParamMap.refreshTryCount : 5\n","stream":"stdout","time":"2022-10-13T13:49:46.475982324Z"}"
"ecm-worker","2022-10-13T13:49:46.809+00:00","{"log":"2022-10-13 13:49:46,475 [quartzScheduler_Worker-10] DEBUG rest.RestProvisioningService - maxRefreshTryCount : 5\n","stream":"stdout","time":"2022-10-13T13:49:46.47599315Z"}"
"ecm-worker","2022-10-13T13:49:46.809+00:00","{"log":"2022-10-13 13:49:46,476 [quartzScheduler_Worker-10] DEBUG rest.RestUtilService - Calling https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/api/auth1/token?grant_type=client_credentials\u0026scope=readprofile\n","stream":"stdout","time":"2022-10-13T13:49:46.476