Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

SSL connection to Windows server (SaviyntPSapp)

smitg
Regular Contributor III
Regular Contributor III

Hi Team,

We have installed SaviyntPS agent on windows server and attached a SSL cert also.
I am able to run test connection script from postman on SSL port 443.
To make this work from Saviynt rest connector. What needs to be done?


Note: I am able to connect to on non ssl port 80 from Saviynt and PS scripts are triggered.

Can someone help me with steps and pre-requisites

Thanks,
Smitha

9 REPLIES 9

stalluri
Valued Contributor II
Valued Contributor II

@smitg 

We can use two type of connectors.

1. WINCONNECTOR

Connection Parameters

The connector uses the following connection parameters to connect to the target application:

Parameter Description Mandatory{ "TESTCOMMAND": "SCRIPT=Test-NetConnection <Computername>", "RESPONSE": { "OBJECTTOREAD": "get(0).PingSucceeded", "SUCCESSVALUE": "TRUE" } }
 

Yes

Connection Name 

Specify the name to identify the connection.

Yes

Connection Description

Specify the description for the connection.

Yes

Connection Type

Select the connection type as WINCONNECTOR.

Yes

Default SAV Role 

Specify this parameter to assign the SAV role for the connection.

The SAV role is a role in EIC that assigns specific access to users.

This parameter is valid only for importing users.

Sample value: User assigned with the ROLE_ADMIN role, has access to all the sections of EIC.

No

Email Template

Specify this parameter to select an email template for sending notifications.

Email templates provide immediate trigger of emails to a user based on actions performed. Email informs user about the action performed and if critical, needs immediate action from the user.

Yes

URL

Specify the path to invoke SaviyntApp deployed in the Windows IIS Server.

Syntax: http://<hostname>/<ApplicationName>/PS/ExecutePSScript

Example: http://WIN-2KRUL98QLS1/FIMDemo/PS/ExecutePSScript

Yes

USERNAME

Specify the username for the Windows IIS Server authentication.

Yes

PASSWORD

Specify the password to connect to the Windows IIS Server.

Yes

TESTCONNECTIONJSON

Specify the JSON to test the Win-PS connector endpoint.

To define this parameter, use a format similar to the following:

JSON
 

 


2. REST:

 

Connection Json:

{
"authentications": {
"acctAuth": {
"authType": "Basic",
"url": "http://XXXXXX.com/SaviyntApp/PS/ExecutePSScript",
"httpMethod": "POST",
"httpParams": {},
"httpHeaders": {
"Accept": "application/json"
},
"httpContentType": "application/json",
"properties": {
"userName": "XXXXXXXXX",
"password": "xxxx"
},
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed",
"Authentication_MissingOrMalformed",
"Authentication_ExpiredToken"
],
"retryFailureStatusCode": [
403,
401,
500
],
"timeOutError": "Read timed out",
"errorPath": "errors.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "token",
"tokenType": "Basic",
"accessToken": "Basic abcd"
}
}
}

Create Account JSON:

{
"accountIdPath": "accountName",
"responseColsToPropsMap": {},
"call": [{
"name": "call1",
"connection": "acctAuth",
"showResponse": true,
"url": "http://XXXXXXXX.com/SaviyntApp/PS/ExecutePSScript",
"httpMethod": "POST",
"httpParams": "{\"Script\":\"Powershell.exe -File D:\/test\/run.ps1 \"}",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"successResponses":[
{
"message": "ProfileID Created Successfully"
},
{
"message": "ProfileID Updated Successfully"
}
],
"unsuccessResponses": {
"statusCode": [
400,
401,
null
]
}
}]
}

 

 

 

 


Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.

smitg
Regular Contributor III
Regular Contributor III

@stalluri , I have all this working through non ssl connection. I want the same through SSL connection https over 443 port. 
Can you provide details on how to configure that in Saviynt via rest connector

Upload SSL certificate in connection and keep URL as https also restart with help of support team so ssl certificate will be picked by connection. UI restart does not work for SSL


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

smitg
Regular Contributor III
Regular Contributor III

@stalluri @rushikeshvartak ,

Thanks for your inputs

I have done these steps. As am using Rest connector can I somehow make sure the connection is established between Saviynt and winPS without running provisioning job. I believe REst connection always shows connection successful and it wont actally tries to establish the connection to target.

Use testconnectionparams block in connection json

 

https://forums.saviynt.com/t5/identity-governance/when-the-save-amp-test-connection-actually-tests-c...


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

stalluri
Valued Contributor II
Valued Contributor II

@smitg 

You can't test it via the Rest connector. 

Try using the Connectiontype as WINCONNECTOR and you can test the test-netconnection on 
TESTCONNECTIONJSON block.

https://docs.saviyntcloud.com/bundle/WinPS-v24x/page/Content/Creating_a_Connection.htm




Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.

smitg
Regular Contributor III
Regular Contributor III

@stalluri @rushikeshvartak , is there a way to test the soap connection in similar way?

Try to create always new thread it become easy to search in future 

https://forums.saviynt.com/t5/saviynt-knowledge-base/how-to-perform-save-and-test-connection-in-soap...


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

stalluri
Valued Contributor II
Valued Contributor II

@smitg 

  • Get the certificate from the IIS server.
  • Upload it under Admin->Certificate Management. 
  • Restart the instance.
  • Select the cert under the connections and change the URL to HTTPS.



Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.