SuccessFactors REST Connection not working after updating to Savyint V23

aro
Regular Contributor
Regular Contributor

Hi,

last year I developed a SuccessFactors REST Connection for version 5.5 and used it to import users.

A Saviynt update to version 23.7 has now been carried out.
We have now also received a new client_id and a new private_key for SuccessFactors. 

With Postman the new values work and we receive an Access_Token and can continue working with it.

But if we only change the new client_id and the new private_key in the ConnenctionJSON, then the import job in Saviynt no longer works. We get a 401 in the log:

aro_0-1695656106849.png

This is what the connection JSON looks like:

aro_1-1695656750701.png

Has anything changed in Saviynt?
How can we debug the REST calls in Savyint to find the problem?

As I said: only the client_id and the private_key have changed and we only changed these two values in our old code/configuration. In Postman the connection works with these new values, but not in Saviynt.

4 REPLIES 4

SB
Saviynt Employee
Saviynt Employee

can you share the complete log file. Based on the above log screenshot you got a 401 the first time but looks like the application did make any call based on the retry logic defined and the 2nd call was successful. The complete logs might share a more detailed picture of the issue. 

Also, can you check (from postman call) if the response/token path values are correct or in case they have changed 


Regards,
Sahil

aro
Regular Contributor
Regular Contributor

@SB 
The response/token path values are correct. Everything works in postman.
Here is the complete log file (anonymized):

 

Darshanjain
Saviynt Employee
Saviynt Employee

Hi @aro 

As discussed, please try to use the hard coded token from postman and see if its working.

 

Example connection json:

{
"authentications": {
"userAuth": {
"authType": "oauth2",
"url": "https://api12preview.sapsf.eu/oauth/token",
"httpMethod": "POST",
"httpParams": {
"company_id": "xxx",
"client_id": "xxx",
"grant_type": "urn:ietf:params:oauth:grant-type:saml2-bearer",
"assertion": "${refresh_token}",
"new_token": "true"
},
"httpHeaders": {},
"httpContentType": "application/x-www-form-urlencoded",
"authError": [
"Unable to authenticate the client",
"Invalid OAuth token Bearer",
"Unable to retrieve access token"
],
"retryFailureStatusCode": [
401,
403
],
"errorPath": "",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"refreshType": "RefreshToken",
"tokenType": "Bearer",
"accessToken": "Bearer QiOnsiYXBpS2V5IjoiTlRoaU9URmtaVEpoWkRneVl6Y3hOakJsWm1ObU1HWTBOamhsTWciLCJzZlByaW5jaXBsZSI6IlNBVklZTlQjRElWI2ZlcnJlcm9pbnRUNSIsImlzc3VlZEZvciI6IlNhdml5bnQyIiwic2NvcGUiOiIiLCJpc3N1ZWRBdCI6MTY3MDI0NjQ0OTI1MywiZXhwaXJlc0F0IjoxNjcwMzMyODQ5MjUzfSwic2lnbmF0dXJlIjoiU2RSSjN3Uk0xRExzVEl2RmJtaU5TU1FKWktrbFFOajhNRDljc014WVFqNis4MmwyTklNWUJSdk9GL0lucHFKVVQwcjJRRU9nRmU3MjJSUXJjNjVCOTY0Ym1YRmk1QjA3QW1kRG91SDc4V2s0U2NPU2IramtTcDFJS3lzSWN0WlZ3MWlUY3pYYzRVQ2hGUXZiQjBZdk9yM2NBNVpwYm",
"refreshToken": "Bearer QiOnsiYXBpS2V5IjoiTlRoaU9URmtaVEpoWkRneVl6Y3hOakJsWm1ObU1HWTBOamhsTWciLCJzZlByaW5jaXBsZSI6IlNBVklZTlQjRElWI2ZlcnJlcm9pbnRUNSIsImlzc3VlZEZvciI6IlNhdml5bnQyIiwic2NvcGUiOiIiLCJpc3N1ZWRBdCI6MTY3MDI0NjQ0OTI1MywiZXhwaXJlc0F0IjoxNjcwMzMyODQ5MjUzfSwic2lnbmF0dXJlIjoiU2RSSjN3Uk0xRExzVEl2RmJtaU5TU1FKWktrbFFOajhNRDljc014WVFqNis4MmwyTklNWUJSdk9GL0lucHFKVVQwcjJRRU9nRmU3MjJSUXJjNjVCOTY0Ym1YRmk1QjA3QW1kRG91SDc4V2s0U2NPU2IramtTcDFJS3lzSWN0WlZ3MWlUY3pYYzRVQ2hGUXZiQjBZdk9yM2NBNVpwYm",
"refreshTokenAuthError": [
"Unable to retrieve SAML assertion",
"The provided SAML assertion is expired"
],
"refreshTokenErrorPath": "errorMessage",
"refreshTokenCall": {
"refreshTokenResponsePath": "",
"url": "https://api12preview.sapsf.eu/oauth/idp",
"httpMethod": "POST",
"httpParams": {
"client_id": "xx",
"user_id": "xx",
"token_url": "https://api12preview.sapsf.eu/oauth/token",
"private_key": "lJYTBkQTZMVHBZekV2MGtoMUZQN0lDbEIxbjhiRDNpdFRWYWdGeFlLOWtIQ21BWnlpOFR0bWtHUmtEanlIaHZ2d1ZlaEprb3hHNGluSC80VzFuSGl5azFvbE5DYW0xOHN5Mk82ZVpvenBSdFZBcTZRSGw3UkdNRmRWMEdndEZGR21ub1VKdmpCYzNDczdjNTBwMkNZV0RJbEdUaXdPbko3N3o3ODNOV1R0c1FqOWEwQUlTUE1uTlc0N2MwbTdMWkszS2JaQXVBQ3QzZjNaSWpwb3UzNG9WWlhuSm9hZGVpcWwra3RpbkNpdGxmeHBZa0VhelYxQTlWbjY2V3FQMW1aNmNER2VOTWdVUWxZV05LWWhBZ01CQUFFQ2dnRUJBTGxuWHM5SHB6cDRHNmJFcy9VMXNaWm80OFBEZTdXaEpxa2RTblNHRW9KRXp6RGRsUWc0NDJIT08rc0pYTDFHMHBPMlA5MXRlZDJwRWZjUVZZN2xldFVXUUtzTEY4S0pUdHM1Y1RXTHdVYTBHakx1OUNUaEVkMWhOeHlWeXVVaDFiekp1M2h0blBRMmFXWkMweUpnUytYV0VCYzdBMTFVdC9IWWNJbFdPUDNoVDNkeXZVYTdKRThYZ1R5VUZVeUxNcUlSNTVZN0daMWFETHE1cTY3WEthWE1Yb3gxUnk4OTJQdFp2QUNhbng3K09sQ2d4OXA2RGR5K0ZRdkl5SWZKYjBjcXJvanBqTGhBQzBhbXpVa0tuYWd4em9xYlczSk9DTlNJT1IzVUlZVkRTR2c3a2crcGVnZDY1YVYwYlF4di9WN2lGdGpuQTZoRktvdE9tTXU4NlJFQ2dZRUE5UW9JRUVxYzZRQXVWMnNSTXB4U2lXbTlhYlB3WkRacFF5R2phRlByckxPUk5IY3Rmby9DUEp4dlJBMTBhTFQrV2VKR0pvZS9ERGVSUnFtMml5bks1c2ZxTDR0aHZaclFUaVFPUnNZY3AxQnVmTDdYcktnUHRDT25pY2RiZGZ5Y0M2SEUxVS9IVGR5NURVUHg2emdxSFFHaGdNY2Z6RU1wNHp1YmZsck5kV1VDZ1lFQTRBdzhzVFd3MkhOblB5Y01ycklmNnEwdDlFQWxxeUhDM1ZVbFMzcml1ME9rRTc1R0lLV1pOcWNoNTRLNWUwbjgvSlVTQWg5WTVLcFZ5b3ZZcm5KZkNXMWlCY1JUZ1h3RFNiMGJXTGM0WWo2UEw0WUhsUXV6YVN6Z1ovbTRSMklld2Yzc1o5R0pZQ01oL2tCZkRBOWIwMGh3S1BOQzl4S2NkSG1lV2pqcjhBMENnWUVBcFFpRGs4MWN6c1N6Y1djSDV5bEhvWXJZNmxjcFlhVVAwZ25XejQ0dDNWdjNRUG0vWjAwVlNkTW1VUlFxd2RhY3RCYmtubEN3eUY2b2Rvb1pDck0wRjZpdlBpUkd5UGQ2c2hZd2sxUWN1a2Mra3IvSjdGd29iMi9RQjhoLy9nQUxiUDRmM25ianlib04zRFJWdTlGUTg4WkVhc0l4MVZXcTRZTWszNzN5UU0wQ2dZQmxLaUZkZ3ZqUFE0eWpIMmJDbXZ0K1k2UVVYY0trZXlJWi9wQlFmTFJVQ2o3VUMxNXU3MWMzTGxCSTBPWWZuVkQyVy9rOXJCbmZabXBHZ3M3Y05oaGprVmhwY2pTaWl2U1JIeXB4N0lreEV6NWtId2pkYStNZTRueVJkbGlYSXQ3d2lVOXRzVmR1YVc2Mzl5anpzUnV0VTFBUnJZWFhPamdhLzY5WTNjcnJJUUtCZ0VYcnpSY0pLM2tBNkFpZFBqREx0WlVZaGdrSFVDNlk3UWZLR1pvcHg1Zy96cHhVVUlOckkzNWZaN2g2cklSS",
"new_token": "true"
},
"httpHeaders": {},
"httpContentType": "application/x-www-form-urlencoded"
}
}
}
}

 

If you still face a issue with hard coded token in connection json, please raise a support ticket with the details

 

Thanks

Darshan

aro
Regular Contributor
Regular Contributor

Hi,

we have found a solution.
You have to change the two parameters refreshTokenAuthError and refreshTokenErrorPath:

aro_0-1700127281477.png