Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

REST Connector: Two step - registration & authentication in the Connection JSON. Possible?

rohitkumarraj
Regular Contributor
Regular Contributor

Hello,

I'm working on a REST based application onboarding.

In order to establish a successful connection, It goes through two stage of registration & authentication.

Step 1: Register the application & get apiKey

-It requires username & password in the body to generate api key.

rohitkumarraj_0-1659608483164.png

 

Step 2: Authenticate with apiKey & generate SessionId

Upon registration, It generates "apikey" which is used in subsequent call to get "sessionId"

rohitkumarraj_1-1659608538293.png

 

Once we get the "sessionId" generated, We are good to make any GET/POST/PUT call.

Now the question is , Does Saviynt support two step of registration & authentication in the REST based connection JSON? Basically at first, apiKey has to be generated and that value need to be automatically pass in the next call to generate sessionId. Can this be achievable in Saviynt?

Please note, apiKey is valid for 60min only. Hence, it gets refresh after every 60min resulting to generate a new sessionId.

I did refer to REST connector guide but didn't find any example which can satisfy my use case. If anyone has any input please let me know.

Thanks

Rohit

7 REPLIES 7

sagars
Saviynt Employee
Saviynt Employee

@rohitkumarraj ,

Yes REST Connector do support two step authentication. Attached is the connection JSON for your reference.

Regards,
Sagar Srikantaiah

rohitkumarraj
Regular Contributor
Regular Contributor

Hi @sagars 

Thanks for the confirmation and sample json.

I tried building a connection JSON based on sample multicall_connection json. Connectivity is not getting successful in my case.

Here is the JSON I used:

{
"authentications": {
"acctAuth": {
"authType": " ",
"httpParamsName": "password",
"call": {
"call1": {
"callOrder": 0,
"url": "https://URL/api/v2/register",
"httpMethod": "POST",
"httpParams": "{\"username\":\"scim-api-user\",\"password\":\"xyzz\"}",
"httpHeaders": {
"contentType": "application/json"
},
"httpContentType": "application/json",
"keyPath": "${apiKey}",
"authError": [
"something wrong with the Call1", "apiKey Not generated"
],
"timeOutError": "Read timed out",
"retryFailureStatusCode": [
401,
403
],
"errorPath": "error.type",
"maxRefreshTryCount": 5,
"tokenResponsePath": "apiKey",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
}
},
"call2": {
"url": "URL/api/v2/authen",
"httpMethod": "POST",
"httpParams": "{\"username\":\"scim-api-user\",\"apikey\":\"${apiKey}\"}",
"httpHeaders": {
"contentType": "application/json"
},
"httpContentType": "application/json",
"authError": [
"something wrong with the Call2",
"Can't authenticate"
],
"timeOutError": "Read timed out",
"retryFailureStatusCode": [
401,
403
],
"errorPath": "errors.type",
"maxRefreshTryCount": 5,
"tokenResponsePath": "sessionId",
"tokenType": "Bearer",
"accessToken": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJzY2ltLWFwaS11c2VyIiwic2NvcGVzIjoiUk9MRV9TWVNURU1fQURNSU5JU1RSQVRPUiIsImlhdCI6MTY2MDczOTIyOCwiZXhwIjoxNjYwNzQyODI4fQ.9ma_iRaK70Qc92FqyvNoSHC2IqnnD2IjGgnrdYy7CeQ",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
}
},
"testConnectionParams": {
"http": {
"url": "URL/api/v2/user/E78BEA55-58-ED11-BD6E-0003FF173A4A",
"httpMethod": "GET",
"httpParams": "",
"httpHeaders": {
"Authorization": "Bearer ${sessionId}",
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
200,
204
]
},
"unsuccessResponses": {
"statusCode": [
400,
403,
401,
404,
409,
501,
500
]
}
}
}
}
}
}
}
}

But I am keep getting error in logs as:

2022-08-17/12:49:50.386 [https-jsse-nio-443-exec-30] DEBUG println.PrintlnToLogger - Println :: Authentication failed: Bad credentials
2022-08-17/12:49:50.387 [https-jsse-nio-443-exec-30] DEBUG println.PrintlnToLogger - Println :: Not authenticated. Rest authentication token not generated.

There is no any other error apart from one shared above.

> Is there anything I need to add/modify in my connection JSON in such two step authentication scenario?

Few things would like to share:

  • There is no "authType" used for this authentication in both the steps in Postman and still working fine. Customer has confirmed this API doesn't require authType. I have tried REST connection json "authType" as blank and oauth2 both ways, in both the case no success.
  • I am trying to pick apiKey generated from first call as input dynamically using  \"apikey\":\"${apiKey}\" in second call if you see above json. Is it correct binding variable for fetching the values? I tried  \"apikey\":\"${response.call1.message.apiKey}\" as well but nothing worked.

Please let me know if you could suggest something which can help me get this working.

Thanks

Rohit


 

@sagars - Another confirmation needed, Can this authentication model work even without having any "authType" mentioned in the json?

i think authType should be cookies


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

@rushikeshvartak - Hi, I tried with Cookies as well. Doesn't seems to be working!

rohitkumarraj
Regular Contributor
Regular Contributor

@sagars - Another confirmation needed, Can this authentication model work even without having any "authType" mentioned in the json?

rohitkumarraj
Regular Contributor
Regular Contributor

This issue is resolved now. 

Putting here so that others can get some help. This is what worked for me to achieve two step authentication::

 

{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"url": "URL/api/v2/authen",
"httpMethod": "POST",
"httpParams": "{\"username\":\"scim-api-user\",\"apikey\":\"${refresh_token}\"}",
"httpHeaders": {
"Content-Type": "application/json"
},
"httpContentType": "application/json",
"authError": [
"API Key Not Registered"
],
"retryFailureStatusCode": [
401,
500,
403,
502
],
"errorPath": "message",
"maxRefreshTryCount": 5,
"tokenResponsePath": "sessionId",
"refreshType": "RefreshToken",
"tokenType": "Bearer",
"accessToken": "Bearer asdsdfghjk",
"refreshToken": "<>",
"refreshTokenAuthError": [
"API Key Not Registered",
"ApiKey can Not be Blank"
],
"refreshTokenErrorPath": "message",
"refreshTokenCall": {
"refreshTokenResponsePath": "apiKey",
"url": "URL/api/v2/register",
"httpMethod": "POST",
"httpParams": "{\"username\":\"scim-api-user\",\"password\":\"xxxx\"}",
"httpHeaders": {
"Content-Type": "application/json"
},
"httpContentType": "application/json"
}
}
}
}

Thanks

Rohit