Saviynt Forums

karthik1 · ‎02/04/2024

Hi guys,

We want to integrate Adobe Creative Cloud but the available connector uses JWT authentication which is already deprecated by Adobe. We need to use 'OAuth Server-to-Server credential' if we want to integrate with Adobe Creative Cloud.

I have followed the REST documentation and prepared the ConnectionJSON but receiving 401 response. I am able to generate access token from Postman with the same values and subsequently hit the Adobe user management APIs. I have pasted the ConnectionJSON, log and postman screenshots with sensitive information removed. Please advise.

'testConnectionParams' parameter is added to ConnectionJSON for testing the connection.
I have tried passing credentials in URL but received the same error.

I have tried adding {"showLogs":true} as mentioned in the below link but it doesn't seem to add extra log.
https://forums.saviynt.com/t5/identity-governance/getting-401-unauthorized-error-for-accounts-import...

ConnectionJSON:
{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"url": "https://ims-na1.adobelogin.com/ims/token/v3",
"httpMethod": "POST",
"httpParams": {
"grant_type": "client_credentials",
"scope": "openid, AdobeID, user_management_sdk",
"client_secret": "<client_secret>",
"client_id": "<client_id>"
},
"ConfigJSON": {
"showLogs": true
},
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded"
},
"httpContentType": "application/json",
"expiryError": "ExpiredAuthenticationToken",
"retryFailureStatusCode": [
401
],
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"timeOutError": "Read timed out",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer abc",
"testConnectionParams": {
"http": {
"url": "https://usermanagement.adobe.io/v2/usermanagement/users/<OrgID>/0",
"httpHeaders": {
"Authorization": "${access_token}",
"x-api-key": "<x-api-key>",
"Accept": "application/json"
},
"httpMethod": "GET"
},
"successResponse": [],
"successResponsePath": "",
"errors": [
"Couldn't authenticate you"
],
"errorPath": "error"
}
}
}
}

Log:
"2024-02-04T16:10:09.515+00:00","ecm","","null-89d6h","","java.lang.Exception: Null response from the Target. Target Error Message: [:] at com.saviynt.provisoning.rest.RestProvisioningService.validateErrorResponse(RestProvisioningService.groovy:11069) at com.saviynt.provisoning.rest.RestProvisioningService.testConnectionRest(RestProvisioningService.groovy:11034) at com.saviynt.ecm.integration.ExternalConnectionCallService.testExternalConnection(ExternalConnectionCallService.groovy:947) at com.saviynt.ecm.utility.domain.EcmConfigController$_closure21.doCall(EcmConfigController.groovy:769) at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53) at com.saviynt.webservice.SaviyntRestAuthenticationFilter.doFilter(SaviyntRestAuthenticationFilter.groovy:155) at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62) at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.java:59) at com.mrhaki.grails.plugin.xframeoptions.web.XFrameOptionsFilter.doFilterInternal(XFrameOptionsFilter.java:69) at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82) at java.lang.Thread.run(Thread.java:750)"
"2024-02-04T16:10:09.006+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-232-89d6h","DEBUG","response of testConnectionRest: false"
"2024-02-04T16:10:09.007+00:00","ecm","integration.ExternalConnectionCallService","http-nio-8080-exec-232-89d6h","DEBUG","EXIT invokeExternalMethod"
"2024-02-04T16:10:09.001+00:00","ecm","services.HttpClientUtilityService","http-nio-8080-exec-232-89d6h","DEBUG","called executeGetRequestWithHeaders for api..."
"2024-02-04T16:10:09.001+00:00","ecm","services.HttpClientUtilityService","http-nio-8080-exec-232-89d6h","DEBUG","after calling executeRequestWithHeaders for api..."
"2024-02-04T16:10:09.001+00:00","ecm","services.HttpClientUtilityService","http-nio-8080-exec-232-89d6h","DEBUG","called api..."
"2024-02-04T16:10:09.001+00:00","ecm","services.HttpClientUtilityService","http-nio-8080-exec-232-89d6h","DEBUG","timeout validated for api..."
"2024-02-04T16:10:09.001+00:00","ecm","services.HttpClientUtilityService","http-nio-8080-exec-232-89d6h","DEBUG","got response for api..."
"2024-02-04T16:10:09.001+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-232-89d6h","DEBUG",""
"2024-02-04T16:10:09.001+00:00","ecm","rest.RestUtilService","http-nio-8080-exec-232-89d6h","DEBUG","pullObjectsByRest - responseStatusCode ::401"
"2024-02-04T16:10:09.001+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-232-89d6h","ERROR","Exception in pullObjectsByRest :401"
"2024-02-04T16:10:09.001+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-232-89d6h","ERROR","Inside token Expiry Exception block. connectionParamMap.refreshTryCount : 5"
"2024-02-04T16:10:09.001+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-232-89d6h","DEBUG","Incrementing connectionParamMap.refreshTryCount : 6"
"2024-02-04T16:10:09.001+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-232-89d6h","DEBUG","maxRefreshTryCount : 5"
"2024-02-04T16:10:09.001+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-232-89d6h","ERROR","Exception in token refresh : null"
"2024-02-04T16:10:09.001+00:00","ecm","rest.RestProvisioningService","http-nio-8080-exec-232-89d6h","ERROR","Error WebService call failed After retrying 5 times with responseStatusCode-null, Failed url-https://usermanagement.adobe.io/v2/usermanagement/users/<OrgID>/0, Error Message - null"

rushikeshvartak · ‎02/04/2024

Enable configjson in config json column of connector and search responseText in logs

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

karthik1 · ‎02/04/2024

Hi @rushikeshvartak, I have added postman screenshots as attachments earlier to reduce query length. I see that the attachments are accessible from the internet without logging in too. Anyway posting directly now.

rushikeshvartak · ‎02/04/2024

Enable configjson in config json column of connector and search responseText in logs

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Manu269 · ‎02/04/2024

@karthik1 try adding

 "showLogs": true,

and check the responseText in log file

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

karthik1 · ‎02/07/2024

@Manu269 @rushikeshvartak I see the responseText as 'Oauth token is not valid'. With the same values, I am able to generate token from Postman though.

Got Webservice API Response: [headers:[Server: openresty, Date: Thu, 08 Feb 2024 07:50:29 GMT, Content-Type: application/json, Transfer-Encoding: chunked, Connection: keep-alive, Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, PATCH, Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept, Accept-Language, Authorization, If-Modified-Since, X-Api-Key, Access-Control-Allow-Credentials: true, X-Request-Id: tCgoJHNIts31Ct599Bqmun1Cz0bKcNZL], responseText:{"error_code":"401013","message":"Oauth token is not valid"}

rushikeshvartak · ‎02/08/2024

Please share curl command [Refer https://codingnconcepts.com/postman/how-to-generate-curl-command-from-postman/ ]

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

karthik1 · ‎02/10/2024

@rushikeshvartak

Curl command extracted from postman:

curl --location 'https://usermanagement.adobe.io/v2/usermanagement/users/<OrgID>/0' \
--header 'X-Api-Key: <x-api-key>' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ey...' \
--data ''

I have observed that copying the curl command from postman and executing directly results in '403 Forbidden' response. If I remove "--header 'Content-Type: application/json'" and "--data ''" from the curl command, I get the intended output.

Sample curl provided in the Adobe documentation doesn't have these parameters too.
https://adobe-apiplatform.github.io/umapi-documentation/en/api/getUsersWithPage.html

Curl command for generating access token is provided in the below link:
https://developer.adobe.com/developer-console/docs/guides/authentication/ServerToServerAuthenticatio...

Below curl command works for us to generate access token:

curl -X POST 'https://ims-na1.adobelogin.com/ims/token/v3' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=<clientID>&client_secret=<clientSecret>&grant_type=client_credentials&scope={openid, AdobeID, user_management_sdk}'

Screenshot for generating access token from Postman is provided earlier for reference.

NM · ‎02/10/2024

Change contentType to "Content-Type" under Http header & httpcontenttype to "application/x-www-form-urlencoded"

Try below-

{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"url": "https://ims-na1.adobelogin.com/ims/token/v3",
"httpMethod": "POST",
"httpParams": {
"grant_type": "client_credentials",
"scope": "openid, AdobeID, user_management_sdk",
"client_secret": "<client_secret>",
"client_id": "<client_id>"
},
"httpHeaders": {
"Content-Type": "application/x-www-form-urlencoded"
},
"httpContentType": "application/x-www-form-urlencoded",
"expiryError": "ExpiredAuthenticationToken",
"retryFailureStatusCode": [
401
],
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"timeOutError": "Read timed out",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer abc",
"testConnectionParams": {
"http": {
"url": "https://usermanagement.adobe.io/v2/usermanagement/users/<OrgID>/0",
"httpHeaders": {
"Authorization": "${access_token}",
"x-api-key": "<x-api-key>",
"Accept": "application/json"
},
"httpMethod": "GET"
},
"successResponse": [],
"successResponsePath": "",
"errors": [
"Couldn't authenticate you"
],
"errorPath": "error"
}
}
}
}

karthik1 · ‎02/12/2024

Thanks @NM for the solution. I tried to import the accounts after resolving the connection issue but the job failed with below errors. Accounts and access is imported but the job status is failure. If you have any idea about it, please advise.

"DEBUG","Got Webservice API Response: [error:Error Illegal character in path at index 1: ${response?.objectList?.size()>0?'https://usermanagement.adobe.io/v2/usermanagement/users/<OrgID>/'+Math.addExact(headers?.X-Curren...}]"

"DEBUG","Got null response statusCode with erroMsg - [error:Error Illegal character in path at index 1: ${response?.objectList?.size()>0?'https://usermanagement.adobe.io/v2/usermanagement/users/<OrgID>/'+Math.addExact(headers?.X-Curren...}]"

"ERROR","Exception in getting response in pullObjectsByRest :"
"2024-02-12T12:06:17.298+00:00","ecm-worker","","null-c2gxl","","java.lang.Exception: NullResponseFromTarget at com.saviynt.provisoning.rest.RestUtilService.checkForErrorMsg(RestUtilService.groovy:1456)

"DEBUG","Error while getting Account Import response for url- ${response?.objectList?.size()>0?'https://usermanagement.adobe.io/v2/usermanagement/users/<OrgID>/'+Math.addExact(headers?.X-Curren...} is: null"

Saviynt Forums

REST - Getting 401 response for connection