We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Retreive the password from the token endpoint to get the latest access token in REST connection

krecpond
New Contributor III
New Contributor III

We have a requirement for the REST based integration with a target to retrieve the latest password from the target system's API. The REST connection uses basic auth to get an access token from the token endpoint and use that to authenticate with the user access management API of the target system to manage imports and provisioning. The target system will change the password to the token endpoint every 24 hrs and the latest password will be made available through a password API endpoint.

I would like to know if there is any configuration in EIC to be able to fetch the latest password at real time so that Saviynt can then use the recent password to get the access token from the token endpoint.

8 REPLIES 8

rushikeshvartak
All-Star
All-Star

You can create custom jar which will run in chain job feteching latest password/token from target updating connection json using REST API then running import/Provisioning


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

IAM_99
Regular Contributor II
Regular Contributor II

Hi ,

Can you confirm my understanding on this

"updating connection json using REST API" - We need to use Saviynt REST api to update Connection , but i dont find update connection api, or Can you share  any link or sample  code for  this  if possible

IAM_99_0-1661920521336.png

 

BW
New Contributor II
New Contributor II

Each time you run a job that uses the connection to import it should make a call out to the API to pull a new token.  We recently set this up for a connection where the token expires after 30 minutes.

Setup the token call in the connection JSON and then you can use the token in the import.
Here is our connection JSON. This was for a user import, but I'm guessing an account import would be the same. It has a lot of HTTP Params you likely won't need, just use the required ones.
{
"authentications": {
"userAuth": {
"authType": "oauth2",
"url": "",
"httpMethod": "POST",
"httpParams": {
"grant_type": "password",
"client_id": "",
"client_secret": "",
"username": "",
"password": "",
"company": "",
"device_id": ""
},
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded"
},
"httpContentType": "application/x-www-form-urlencoded",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed",
"FAILURE",
"INVALID_SESSION_ID",
"invalid_grant"
],
"timeOutError": "Read timed out",
"errorPath": "error",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer abcd",
"retryFailureStatusCode": [
401
]
}
}
}

 

Then the import JSON will use the token that was just pulled.
{
"showLogs": true,
"connection": "userAuth",
"url": "",
"httpMethod": "GET",
"httpHeaders": {
"Authorization": "${access_token}"
},
"colsToPropsMap": {
"firstname": "givenname~#~char",
"lastname": "surname~#~char",
"statuskey": "statuskey~#~char",
"displayname": "displayname~#~char",
"location": "homeoffice~#~char",
},
"userResponsePath": ""
}

BW
New Contributor II
New Contributor II

There's also a document available on freshdesk that details the difference if you need a password and/or a token. I think you would pull the password in the connection JSON and then pass that instead into the import.

IAM_99
Regular Contributor II
Regular Contributor II

IAM_99_0-1661996859555.png

 

We can write Java program to read ' password2' from external system and then

How to update ConnectionJSON ? programmatically or Configurations ?

Use Testconnection API to create connection

https://documenter.getpostman.com/view/1797923/RWaLwo21?version=latest#27f58230-b3c0-45c9-adba-77fc3... 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

krecpond
New Contributor III
New Contributor III

Is there any response to the above question? I too had the exact same question when I reviewed the available APIs to manage connection objects in Saviynt.

@krecpond 

You can create /update connection using testconnection API 

REST connector Example

https://documenter.getpostman.com/view/1797923/RWaLwo21#27f58230-b3c0-45c9-adba-77fc3447e3e6 

to check parameters go to admin - connections - connection type

rushikeshvartak_0-1662417032998.png

 

Formdata parameters needs to exact same 

Postman :

rushikeshvartak_1-1662417060589.png

 

SSM :

rushikeshvartak_2-1662417083020.png

 

Application :

rushikeshvartak_3-1662417100666.png

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.