and more in a single search tool across platforms. Read the announcement here. |
02/04/2024 09:15 AM
Hi guys,
We want to integrate Adobe Creative Cloud but the available connector uses JWT authentication which is already deprecated by Adobe. We need to use 'OAuth Server-to-Server credential' if we want to integrate with Adobe Creative Cloud.
I have followed the REST documentation and prepared the ConnectionJSON but receiving 401 response. I am able to generate access token from Postman with the same values and subsequently hit the Adobe user management APIs. I have pasted the ConnectionJSON, log and postman screenshots with sensitive information removed. Please advise.
'testConnectionParams' parameter is added to ConnectionJSON for testing the connection.
I have tried passing credentials in URL but received the same error.
I have tried adding {"showLogs":true} as mentioned in the below link but it doesn't seem to add extra log.
https://forums.saviynt.com/t5/identity-governance/getting-401-unauthorized-error-for-accounts-import...
ConnectionJSON:
{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"url": "https://ims-na1.adobelogin.com/ims/token/v3",
"httpMethod": "POST",
"httpParams": {
"grant_type": "client_credentials",
"scope": "openid, AdobeID, user_management_sdk",
"client_secret": "<client_secret>",
"client_id": "<client_id>"
},
"ConfigJSON": {
"showLogs": true
},
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded"
},
"httpContentType": "application/json",
"expiryError": "ExpiredAuthenticationToken",
"retryFailureStatusCode": [
401
],
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"timeOutError": "Read timed out",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer abc",
"testConnectionParams": {
"http": {
"url": "https://usermanagement.adobe.io/v2/usermanagement/users/<OrgID>/0",
"httpHeaders": {
"Authorization": "${access_token}",
"x-api-key": "<x-api-key>",
"Accept": "application/json"
},
"httpMethod": "GET"
},
"successResponse": [],
"successResponsePath": "",
"errors": [
"Couldn't authenticate you"
],
"errorPath": "error"
}
}
}
}
Log:
"2024-02-04T16:10:09.515+00:00","ecm","","null-89d6h","","java.lang.Exception: Null response from the Target. Target Error Message: [:] at com.saviynt.provisoning.rest.RestProvisioningService.validateErrorResponse(RestProvisioningService.groovy:11069) at com.saviynt.provisoning.rest.RestProvisioningService.testConnectionRest(RestProvisioningService.groovy:11034) at com.saviynt.ecm.integration.ExternalConnectionCallService.testExternalConnection(ExternalConnectionCallService.groovy:947) at com.saviynt.ecm.utility.domain.EcmConfigController$_closure21.doCall(EcmConfigController.groovy:769) at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53) at com.saviynt.webservice.SaviyntRestAuthenticationFilter.doFilter(SaviyntRestAuthenticationFilter.groovy:155) at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62) at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.java:59) at com.mrhaki.grails.plugin.xframeoptions.web.XFrameOptionsFilter.doFilterInternal(XFrameOptionsFilter.java:69) at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82) at java.lang.Thread.run(Thread.java:750)"
"2024-02-04T16:10:09.006+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-232-89d6h","DEBUG","response of testConnectionRest: false"
"2024-02-04T16:10:09.007+00:00","ecm","integration.ExternalConnectionCallService","http-nio-8080-exec-232-89d6h","DEBUG","EXIT invokeExternalMethod"
"2024-02-04T16:10:09.001+00:00","ecm","services.HttpClientUtilityService","http-nio-8080-exec-232-89d6h","DEBUG","called executeGetRequestWithHeaders for api..."
"2024-02-04T16:10:09.001+00:00","ecm","services.HttpClientUtilityService","http-nio-8080-exec-232-89d6h","DEBUG","after calling executeRequestWithHeaders for api..."
"2024-02-04T16:10:09.001+00:00","ecm","services.HttpClientUtilityService","http-nio-8080-exec-232-89d6h","DEBUG","called api..."
"2024-02-04T16:10:09.001+00:00","ecm","services.HttpClientUtilityService","http-nio-8080-exec-232-89d6h","DEBUG","timeout validated for api..."
"2024-02-04T16:10:09.001+00:00","ecm","services.HttpClientUtilityService","http-nio-8080-exec-232-89d6h","DEBUG","got response for api..."
"2024-02-04T16:10:09.001+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-232-89d6h","DEBUG",""
"2024-02-04T16:10:09.001+00:00","ecm","rest.RestUtilService","http-nio-8080-exec-232-89d6h","DEBUG","pullObjectsByRest - responseStatusCode ::401"
"2024-02-04T16:10:09.001+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-232-89d6h","ERROR","Exception in pullObjectsByRest :401"
"2024-02-04T16:10:09.001+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-232-89d6h","ERROR","Inside token Expiry Exception block. connectionParamMap.refreshTryCount : 5"
"2024-02-04T16:10:09.001+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-232-89d6h","DEBUG","Incrementing connectionParamMap.refreshTryCount : 6"
"2024-02-04T16:10:09.001+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-232-89d6h","DEBUG","maxRefreshTryCount : 5"
"2024-02-04T16:10:09.001+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-232-89d6h","ERROR","Exception in token refresh : null"
"2024-02-04T16:10:09.001+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-232-89d6h","ERROR","Error WebService call failed After retrying 5 times with responseStatusCode-null, Failed url-https://usermanagement.adobe.io/v2/usermanagement/users/<OrgID>/0, Error Message - null"
Solved! Go to Solution.
02/04/2024 09:17 AM - edited 02/04/2024 09:18 AM
Enable configjson in config json column of connector and search responseText in logs
02/04/2024 09:24 AM
Hi @rushikeshvartak, I have added postman screenshots as attachments earlier to reduce query length. I see that the attachments are accessible from the internet without logging in too. Anyway posting directly now.
02/04/2024 12:36 PM
Enable configjson in config json column of connector and search responseText in logs
02/04/2024 11:45 PM
@karthik1 try adding
"showLogs": true,
and check the responseText in log file
02/07/2024 11:55 PM - edited 02/08/2024 12:03 AM
@Manu269 @rushikeshvartak I see the responseText as 'Oauth token is not valid'. With the same values, I am able to generate token from Postman though.
Got Webservice API Response: [headers:[Server: openresty, Date: Thu, 08 Feb 2024 07:50:29 GMT, Content-Type: application/json, Transfer-Encoding: chunked, Connection: keep-alive, Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, PATCH, Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept, Accept-Language, Authorization, If-Modified-Since, X-Api-Key, Access-Control-Allow-Credentials: true, X-Request-Id: tCgoJHNIts31Ct599Bqmun1Cz0bKcNZL], responseText:{"error_code":"401013","message":"Oauth token is not valid"}
02/08/2024 09:41 PM
Please share curl command [Refer https://codingnconcepts.com/postman/how-to-generate-curl-command-from-postman/ ]
02/10/2024 10:49 PM
Curl command extracted from postman:
curl --location 'https://usermanagement.adobe.io/v2/usermanagement/users/<OrgID>/0' \
--header 'X-Api-Key: <x-api-key>' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ey...' \
--data ''
I have observed that copying the curl command from postman and executing directly results in '403 Forbidden' response. If I remove "--header 'Content-Type: application/json'" and "--data ''" from the curl command, I get the intended output.
Sample curl provided in the Adobe documentation doesn't have these parameters too.
https://adobe-apiplatform.github.io/umapi-documentation/en/api/getUsersWithPage.html
Curl command for generating access token is provided in the below link:
https://developer.adobe.com/developer-console/docs/guides/authentication/ServerToServerAuthenticatio...
Below curl command works for us to generate access token:
curl -X POST 'https://ims-na1.adobelogin.com/ims/token/v3' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=<clientID>&client_secret=<clientSecret>&grant_type=client_credentials&scope={openid, AdobeID, user_management_sdk}'
Screenshot for generating access token from Postman is provided earlier for reference.
02/10/2024 11:56 PM - edited 02/11/2024 12:12 AM
Change contentType to "Content-Type" under Http header & httpcontenttype to "application/x-www-form-urlencoded"
Try below-
{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"url": "https://ims-na1.adobelogin.com/ims/token/v3",
"httpMethod": "POST",
"httpParams": {
"grant_type": "client_credentials",
"scope": "openid, AdobeID, user_management_sdk",
"client_secret": "<client_secret>",
"client_id": "<client_id>"
},
"httpHeaders": {
"Content-Type": "application/x-www-form-urlencoded"
},
"httpContentType": "application/x-www-form-urlencoded",
"expiryError": "ExpiredAuthenticationToken",
"retryFailureStatusCode": [
401
],
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"timeOutError": "Read timed out",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer abc",
"testConnectionParams": {
"http": {
"url": "https://usermanagement.adobe.io/v2/usermanagement/users/<OrgID>/0",
"httpHeaders": {
"Authorization": "${access_token}",
"x-api-key": "<x-api-key>",
"Accept": "application/json"
},
"httpMethod": "GET"
},
"successResponse": [],
"successResponsePath": "",
"errors": [
"Couldn't authenticate you"
],
"errorPath": "error"
}
}
}
}
02/12/2024 04:22 AM
Thanks @NM for the solution. I tried to import the accounts after resolving the connection issue but the job failed with below errors. Accounts and access is imported but the job status is failure. If you have any idea about it, please advise.
"DEBUG","Got Webservice API Response: [error:Error Illegal character in path at index 1: ${response?.objectList?.size()>0?'https://usermanagement.adobe.io/v2/usermanagement/users/<OrgID>/'+Math.addExact(headers?.X-Curren...}]"
"DEBUG","Got null response statusCode with erroMsg - [error:Error Illegal character in path at index 1: ${response?.objectList?.size()>0?'https://usermanagement.adobe.io/v2/usermanagement/users/<OrgID>/'+Math.addExact(headers?.X-Curren...}]"
"ERROR","Exception in getting response in pullObjectsByRest :"
"2024-02-12T12:06:17.298+00:00","ecm-worker","","null-c2gxl","","java.lang.Exception: NullResponseFromTarget at com.saviynt.provisoning.rest.RestUtilService.checkForErrorMsg(RestUtilService.groovy:1456)
"DEBUG","Error while getting Account Import response for url- ${response?.objectList?.size()>0?'https://usermanagement.adobe.io/v2/usermanagement/users/<OrgID>/'+Math.addExact(headers?.X-Curren...} is: null"