We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Unable to run analytics through API

AtrayeeDutta
Regular Contributor
Regular Contributor

Hi Team,

We followed Saviynt SIEM Integration (saviyntcloud.com) Splunk documentation to enable Integration between Saviynt and Splunk and the integration is working as expected in non-prod environment. We are able to get reports from both from API and in Splunk.

However , we are facing issues with Production when we migrated same changes. The only difference between dev and prod is SSO. Prod is configured with SSO

To debug the issue for prod, we ran the get token from API for the Splunk user and we are able to get token successfully. However, when we use the token to run analytics we are seeing following result. Details are below.

1. APIhttps://domain.saviyntcloud.com/ECM/api/v5/fetchRuntimeControlsDataV2

2. Result

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
 
<head>
</head>
 
<body onload="document.forms[0].submit()">
    <noscript>
        <p>
            <strong>Note:</strong> Since your browser does not support JavaScript,
            you must press the Continue button once to proceed.
        </p>
    </noscript>
 
    <form action="https&#x3a;&#x2f;&#x2f;login.microsoftonline.com&#x2f;b5b8b483-5597-4ae7-8e27-fcc464a3b584&#x2f;saml2"
        method="post">
        <div>
 
            <input type="hidden" name="SAMLRequest" value="**************************"/>
 
            </div>
            <noscript>
                <div>
                    <input type="submit" value="Continue"/>
                </div>
            </noscript>
    </form>
</body>
 
</html>
 

Any suggestions ?

[This message has been edited by moderator to remove url]

8 REPLIES 8

SB
Saviynt Employee
Saviynt Employee

Can you share the postman payload for the call you are trying to make.

Also, can you confirm if you are able to run any other call (like get user/ accounts etc)


Regards,
Sahil

rushikeshvartak
All-Star
All-Star

Share postman screenshot


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

AtrayeeDutta
Regular Contributor
Regular Contributor

Here is the Payload:


{
"analyticsname": "Identity_Object_Splunk_Report",
 "analyticsid":"1694",
"attributes": 
{
    "timeFrame": "1440"
}
}
 
Attached Post man response screenshot
 
AtrayeeDutta_0-1700561772000.png

 

AtrayeeDutta_1-1700561834220.png

 

AtrayeeDutta
Regular Contributor
Regular Contributor

And also, when i decode the SAML request (which is in Postman response) .. it is redirecting to SSO authentication.

Following are the values for the splunk_api_user:

AtrayeeDutta_0-1700581501934.png

 

 

<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest AssertionConsumerServiceURL="https://domain.saviyntcloud.com/ECM/saml/SSO/alias/SAVIYNTPROD" Destination="https://login.microsoftonline.com/12345/saml2" ForceAuthn="false" ID="12345" IsPassive="false" IssueInstant="2023-11-21T15:38:16.145Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">SAVIYNTPROD</saml2:Issuer></saml2p:AuthnRequest>

@AtrayeeDutta : Are you able to get the token using splunk_api_user? Because I see localauthenabled is set to false.

Looking at behaviour, I believe you need to enable localauthenabled for this user


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

AtrayeeDutta
Regular Contributor
Regular Contributor

Yes,  We are able to get the token using splunk_api_user (both time when localauthenabled set to 1 or 0) .

We made localauthenabled to false for splunk_api_user in prod (initially it was true) to make sure it is matching dev since localauthenabled in dev is false and where it is working as expected.

Its working for me 

rushikeshvartak_0-1700632279479.png

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

AtrayeeDutta
Regular Contributor
Regular Contributor

Can you confirm if your environment is configured SSO and enabled.