We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

SuccessFactors: Import Users: Failed to import one or more object types.

ChrisBellobuono
New Contributor III
New Contributor III

We have setup a connection to SuccessFactors but when we try to do a User Import ( User Import via a Connection (UserImportJob) ) the job fails with the error "Failed to import one or more object types." without any details.  The logs do not provide any more than that as far as we can see.  We have tried different variations of the URL (e.g. parameters URL Encoded vs not, escaping the $ of $select, $expand, etc).  All result in the same error.

The connection details and query we are submitting have been validated as working via Postman.

The attached file contains the ConnectionJSON, ImportUserJSON, Job Log Details, and logs from the run.

Any help with this would be greatly appreciated.

7 REPLIES 7

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @ChrisBellobuono,

As per the log shared,
We can see this in the log,
ERROR rest.RestProvisioningService - Exception in getting response in pullObjectsByRest :\n","stream":"stdout","time":"2023-07-28T13:48:29.805132388Z"}"

One of the objects which you are trying to import is not valid,
Please revalidate and try again.

Thanks.

We saw that as well, but like with the message Saviynt displayed, it does not provide any information as to which "object" is invalid or why.  When we use the API directly to lookup those 3 users, everything seems fine.  Is there anyway to get Saviynt to provide more information so we can troubleshoot this?  Is there a minimum set of required attributes that Saviynt is expecting values for that could be causing this?  If so, is that documented somewhere?

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @ChrisBellobuono ,

To troubleshoot this issue further, I kindly request you begin with the minimum data in the JSON. Please utilize the following sample JSON and make modifications accordingly. The idea is to start with the first user import job and add attributes one by one. If the first userimport job is successful, continue adding attributes gradually. This approach will make it easier for you to troubleshoot any attributes that are causing the issues.

```json
{
"connection": "userAuth",
"url": "<https://*****.sapsf.com/odata/v2/User>",
"httpMethod": "GET",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"userResponsePath": "d.results",
"colsToPropsMap": {
"username": "username~#~char",
"employeeID": "empId~#~char"
},
"pagination": {
"nextUrl": {
"nextUrlPath": "${response?.completeResponseMap?.d?.__next == null ? null : response?.completeResponseMap?.d?.__next}"
}
}
}
```

Thank you!

We thought of doing just that earlier this morning and are in the process of reducing ImportUserJSON to the bare minimum.   I will post an update after we have had a chance to test.

SB
Saviynt Employee
Saviynt Employee

Can you try using the below connection JSON once. I have this working on another env

{
"authentications": {
"userAuth": {
"authType": "oauth2",
"url": "https://abc.sapsf.eu/oauth/token",
"httpMethod": "POST",
"httpParams": {
"company_id": "XXXX",
"client_id": "XXXX",
"grant_type": "urn:ietf:params:oauth:grant-type:saml2-bearer",
"assertion": "${refresh_token}",
"new_token": "true"
},
"httpHeaders": {},
"httpContentType": "application/x-www-form-urlencoded",
"authError": [
"Unable to authenticate the client",
"Invalid OAuth token Bearer",
"Unable to retrieve access token"
],
"retryFailureStatusCode": [
401,
403
],
"errorPath": "",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"refreshType": "RefreshToken",
"tokenType": "Bearer",
"accessToken": "Bearer ABCD",
"refreshToken": "<response from idp call>",
"refreshTokenAuthError": [
"Unable to retrieve SAML assertion",
"The provided SAML assertion is expired",
"Unable to retrieve access token",
"400",
"401"
],
"refreshTokenErrorPath": "errorHttpCode",
"refreshTokenCall": {
"refreshTokenResponsePath": "",
"url": "https://abc.sapsf.eu/oauth/idp",
"httpMethod": "POST",
"httpParams": {
"client_id": "XXXX",
"user_id": "XXXX",
"token_url": "https://abc.sapsf.eu/oauth/token",
"private_key": "<privatekey>"
},
"httpHeaders": {},
"httpContentType": "application/x-www-form-urlencoded"
}
}
}
}


Regards,
Sahil

ChrisBellobuono
New Contributor III
New Contributor III

I forgot to post an update on Monday when I found the problem.  At some point when we were initially configuring this connection using the field wizards we must have clicked the one for ImportAccountEntJSON by mistake and there was old/bad information in there.  When we cleared that field and retested we started seeing HTTP 401 responses in the logs.  After some additional research that was solved by switching refreshTokenErrorPath from errorMessage to errorHttpCode and adding the 40# values to the error list (similar to Sahil's response above from yesterday).  That one would have been easier to solve if Saviynt logged the actual HTTP response body and headers when a failure happens.

timchengappa
Saviynt Employee
Saviynt Employee

Hello @ChrisBellobuono 
Thanks for the confirmation.
To ensure that the SAP SF Template(for AOB) in our exchange is also accurate or if it needs to be revised, can you please let us know if the assertion generated with the call "https://XXXXXXX.sapsf.com/oauth/idp" is always going to be static value? If this is the case we need not make 2 calls in the connection JSON(a call for assertion & another for the Bearer token). Instead, we could hardcode the assertion and make just one call to generate the Bearer token.
Please let us know...
cc: @SB @mbinsale