Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unable to finish task with provisioning job for access request

Go to solution
fuko
New Contributor III
New Contributor III

‎02/15/2024 12:37 AM

Hi Saviynt forum,

As part of the access request process, I need to configure AddAccessJSON and configure a Provisioning Job (WSRETRYJOB) with that target application. The job seems to run successfully (checking from log seems no error) but the task still at the pending queue. I don't know where to look further. Could someone help shedding a light on?

For the AddAccessJSON, I already try to replace the dynamic values in param with fixed and valid values but still got nothing happen. In other words, instead of:

      "httpParams": "{\"ApplicationCode\": \"StarField\", \"UserId\": \"${account.accountID}\", \"RoleList\": [\"${entitlementValue.entitlementID}\"]}",

it becomes

      "httpParams": "{\"ApplicationCode\": \"StarField\", \"UserId\": \"phill\", \"RoleList\": [\"Admin\"]}",

To make sure that my pending task is associated with the right job, I check the task's detail and does see the number of triggered job matching with the number of times I triggered the provisioning job.

fuko_0-1707985901515.png

Attached is the log file from the last provisioning job run. The keyword to search for the AdddAccessJSON is AssignAppRole which is the target application's endpoint for assigning role.

 

Labels:
Preview file
269 KB
0 Kudos
7 REPLIES 7

Go to solution
Vedanth-BK
Regular Contributor
Regular Contributor

‎02/16/2024 01:43 AM

Hi @fuko 
Please share your add access Json and what is the Entitlement Type name in your endpoint?

Thank you
Vedanth B.K
0 Kudos

Go to solution
fuko
New Contributor III
New Contributor III

‎02/16/2024 04:19 AM

Hi @Vedanth-BK,

The AddAccessJSON looks like as below and the entitlement type (i think) is role:

{
  "call": [
    {
      "name": "Role assignment",
      "connection": "acctAuth",
      "url": "https://XXX/OSUserRoleManagement_Core/rest/UserManagementAPI/AssignAppRole",
      "httpMethod": "POST",
      "httpParams": "{\"ApplicationCode\": \"StarField\", \"UserId\": \"${account.accountID}\", \"RoleList\": [\"${entitlementValue.entitlementID}\"]}",
      "httpHeaders": {
        "appkey": "ZZZ",
        "Accept": "application/json"
      },
      "httpContentType": "application/json",
      "successResponses": {
        "statusCode": [
          200
        ]
      }
    }
  ]
}
0 Kudos

Go to solution
Vedanth-BK
Regular Contributor
Regular Contributor
In response to fuko

‎02/16/2024 05:19 AM

The entitlement type name  and the name specified in the Json should be the same. 
i.e. if its role in the endpoint then role  in the json as well

{
  "call": [
    {
      "name": "role",
Thank you
Vedanth B.K
0 Kudos

Go to solution
fuko
New Contributor III
New Contributor III
In response to Vedanth-BK

‎02/17/2024 03:39 PM

Thanks @Vedanth-BK,

But it still does not work 😞

{
  "call": [
    {
      "name": "Role",
      "connection": "acctAuth",
      "url": "https://xxx/OSUserRoleManagement_Core/rest/UserManagementAPI/AssignAppRole",
      "httpMethod": "POST",
      "httpContentType": "application/json",
      "httpParams": "{\"ApplicationCode\": \"StarField\", \"UserId\": \"devia\", \"RoleList\": [\"Award_Admin\"]}",
      "httpHeaders": {
        "Accept": "application/json",
        "appkey": "zzz"
      },
      "successResponses": {
        "statusCode": [
          200
        ]
      }
    }
  ]
}

Still the same keyword for lookup in the log: "addAccessJSON"

Preview file
425 KB
0 Kudos

Go to solution
CR
Regular Contributor III
Regular Contributor III
In response to fuko

‎02/17/2024 11:29 PM

@fuko  Logs saying 200 resp , look success try below

 

{
"call": [
{
"name": "Role",
"connection": "acctAuth",
"url": "https://XXX/OSUserRoleManagement_Core/rest/UserManagementAPI/AssignAppRole",
"httpMethod": "POST",
"httpParams": "{\"ApplicationCode\": \"StarField\", \"UserId\": \"${account.accountID}\", \"RoleList\": \"${entitlementValue.entitlementID}\"}",
"httpHeaders": {
"appkey": "ZZZ"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200
]
},
"unsuccessResponses": {
"statusCode": [400, 403, 401, 404, 409, 501, 500]
}
}
]
}

Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to fuko

‎02/18/2024 07:54 AM

Validate below

  • send Authorization 
  • check entitlement type name

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
fuko
New Contributor III
New Contributor III

‎04/01/2024 07:07 PM

Hi all, just to update on this topic.

In summary, I wanted to test the ability to assign an entitlement to an account in an application A but I never see the traffic goes out or the endpoint was invoked at the application A side. Only until playing around with another similar application, we discover that configuring only the AddAccessJSON won't get me anywhere, the other related JSON strings are also required (e.g., CreateAccountJSON, RemoveAccessJSON, RemoveAccountJSON). I didn't do the trial and error method to test whether only one specific additional JSON string or a combination of JSON string are sufficient, instead filling up all CreateAccountJSON, RemoveAccessJSON and  RemoveAccountJSON, and it works like a charm.

0 Kudos
Copyright © 2024 Khoros, LLC