Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/04/2022 12:24 AM - last edited on 08/15/2022 08:55 AM by Dave
Hello,
I'm working on a REST based application onboarding.
In order to establish a successful connection, It goes through two stage of registration & authentication.
Step 1: Register the application & get apiKey
-It requires username & password in the body to generate api key.
Step 2: Authenticate with apiKey & generate SessionId
Upon registration, It generates "apikey" which is used in subsequent call to get "sessionId"
Once we get the "sessionId" generated, We are good to make any GET/POST/PUT call.
Now the question is , Does Saviynt support two step of registration & authentication in the REST based connection JSON? Basically at first, apiKey has to be generated and that value need to be automatically pass in the next call to generate sessionId. Can this be achievable in Saviynt?
Please note, apiKey is valid for 60min only. Hence, it gets refresh after every 60min resulting to generate a new sessionId.
I did refer to REST connector guide but didn't find any example which can satisfy my use case. If anyone has any input please let me know.
Thanks
Rohit
Solved! Go to Solution.
08/15/2022 08:43 AM
Yes REST Connector do support two step authentication. Attached is the connection JSON for your reference.
Regards,
Sagar Srikantaiah
08/17/2022 06:49 AM
Hi @sagars
Thanks for the confirmation and sample json.
I tried building a connection JSON based on sample multicall_connection json. Connectivity is not getting successful in my case.
Here is the JSON I used:
{ "authentications": { "acctAuth": { "authType": " ", "httpParamsName": "password", "call": { "call1": { "callOrder": 0, "url": "https://URL/api/v2/register", "httpMethod": "POST", "httpParams": "{\"username\":\"scim-api-user\",\"password\":\"xyzz\"}", "httpHeaders": { "contentType": "application/json" }, "httpContentType": "application/json", "keyPath": "${apiKey}", "authError": [ "something wrong with the Call1", "apiKey Not generated" ], "timeOutError": "Read timed out", "retryFailureStatusCode": [ 401, 403 ], "errorPath": "error.type", "maxRefreshTryCount": 5, "tokenResponsePath": "apiKey", "successResponses": { "statusCode": [ 200, 201, 202, 203, 204, 205 ] } }, "call2": { "url": "URL/api/v2/authen", "httpMethod": "POST", "httpParams": "{\"username\":\"scim-api-user\",\"apikey\":\"${apiKey}\"}", "httpHeaders": { "contentType": "application/json" }, "httpContentType": "application/json", "authError": [ "something wrong with the Call2", "Can't authenticate" ], "timeOutError": "Read timed out", "retryFailureStatusCode": [ 401, 403 ], "errorPath": "errors.type", "maxRefreshTryCount": 5, "tokenResponsePath": "sessionId", "tokenType": "Bearer", "accessToken": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJzY2ltLWFwaS11c2VyIiwic2NvcGVzIjoiUk9MRV9TWVNURU1fQURNSU5JU1RSQVRPUiIsImlhdCI6MTY2MDczOTIyOCwiZXhwIjoxNjYwNzQyODI4fQ.9ma_iRaK70Qc92FqyvNoSHC2IqnnD2IjGgnrdYy7CeQ", "successResponses": { "statusCode": [ 200, 201, 202, 203, 204, 205 ] } }, "testConnectionParams": { "http": { "url": "URL/api/v2/user/E78BEA55-58-ED11-BD6E-0003FF173A4A", "httpMethod": "GET", "httpParams": "", "httpHeaders": { "Authorization": "Bearer ${sessionId}", "httpContentType": "application/json", "successResponses": { "statusCode": [ 200, 201, 200, 204 ] }, "unsuccessResponses": { "statusCode": [ 400, 403, 401, 404, 409, 501, 500 ] } } } } } } } } |
But I am keep getting error in logs as:
2022-08-17/12:49:50.386 [https-jsse-nio-443-exec-30] DEBUG println.PrintlnToLogger - Println :: Authentication failed: Bad credentials 2022-08-17/12:49:50.387 [https-jsse-nio-443-exec-30] DEBUG println.PrintlnToLogger - Println :: Not authenticated. Rest authentication token not generated. |
There is no any other error apart from one shared above.
> Is there anything I need to add/modify in my connection JSON in such two step authentication scenario?
Few things would like to share:
Please let me know if you could suggest something which can help me get this working.
Thanks
Rohit
08/17/2022 07:27 AM
@sagars - Another confirmation needed, Can this authentication model work even without having any "authType" mentioned in the json?
08/17/2022 07:57 AM
i think authType should be cookies
08/22/2022 12:16 AM
@rushikeshvartak - Hi, I tried with Cookies as well. Doesn't seems to be working!
08/17/2022 07:27 AM
@sagars - Another confirmation needed, Can this authentication model work even without having any "authType" mentioned in the json?
08/23/2022 01:06 AM
This issue is resolved now.
Putting here so that others can get some help. This is what worked for me to achieve two step authentication::
{ "authentications": { "acctAuth": { "authType": "oauth2", "url": "URL/api/v2/authen", "httpMethod": "POST", "httpParams": "{\"username\":\"scim-api-user\",\"apikey\":\"${refresh_token}\"}", "httpHeaders": { "Content-Type": "application/json" }, "httpContentType": "application/json", "authError": [ "API Key Not Registered" ], "retryFailureStatusCode": [ 401, 500, 403, 502 ], "errorPath": "message", "maxRefreshTryCount": 5, "tokenResponsePath": "sessionId", "refreshType": "RefreshToken", "tokenType": "Bearer", "accessToken": "Bearer asdsdfghjk", "refreshToken": "<>", "refreshTokenAuthError": [ "API Key Not Registered", "ApiKey can Not be Blank" ], "refreshTokenErrorPath": "message", "refreshTokenCall": { "refreshTokenResponsePath": "apiKey", "url": "URL/api/v2/register", "httpMethod": "POST", "httpParams": "{\"username\":\"scim-api-user\",\"password\":\"xxxx\"}", "httpHeaders": { "Content-Type": "application/json" }, "httpContentType": "application/json" } } } } |
Thanks
Rohit