and more in a single search tool across platforms. Read the announcement here. |
03/04/2024 07:32 PM
Hi All,
Has anyone had any experience with getting Veracode integrated with Saviynt? I know it's apparently support using the BasicWithHmac authType, but I'm not having any luck getting this working myself.
Cheers,
Ben
03/04/2024 09:48 PM
Hi @Ben
I appreciate you reaching out to Saviynt forums.
Please refer to the below connection JSON. Please test the connection first in postman and see if you are able to connect successfully. If you see any error/issues-first fix that in the postman. Once it is successful in postman please use the same values of parameters in the Connection JSON and see if it works in Saviynt EIC. If you see any error, please share the screenshot of the error.
Reference documentation:
Developers Handbook (saviyntcloud.com)
Connection JSON (BasicWithHMAC).
{
"authentications": {
"acctAuth": {
"authType": "BasicWithHmac",
"url": "<url>",
"httpMethod": "POST",
"properties": {
"IKEY": "<<IKEY>>",
"SKEY": "<<SKEY>>"
},
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed",
"Authentication_MissingOrMalformed",
"Authentication_ExpiredToken"
],
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Basic",
"accessToken": "Basic xyz"
}
}
}
Please let us know if you see any issues.
Regards,
Dhruv Sharma
03/05/2024 02:18 PM
Hi @Dhruv_S ,
I'm able to connect fine via postman (using the pre-request script). However, it doesn't seem to work with Saviynt. Details are below:
Sample Postman response:
{
"_embedded": {
"users": [
{
"user_id": "*guid*",
"user_legacy_id": "*string*",
"user_name": "John@Doe.com",
"first_name": "John",
"last_name": "Doe",
"email_address": "John@Doe.com",
"saml_user": true,
"login_enabled": true,
"_links": {
"self": {
"href": "https://api.veracode.com/api/authn/v2/users/*guid*"
}
}
}}
Connection JSON
{
"authentications": {
"acctAuth": {
"authType": "BasicWithHmac",
"url": "https://api.veracode.com/api/authn/v2/users",
"httpMethod": "POST",
"properties": {
"IKEY": "ID",
"SKEY": "KEY"
},
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed",
"Authentication_MissingOrMalformed",
"Authentication_ExpiredToken"
],
"errorPath": "http_status",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Basic",
"accessToken": "Basic xyz"
}
}
}
Importaccount JSON
{
"globalSettings": {
"dateFormat": "yyyy-MM-dd'T'HH:mm:ss"
},
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://api.veracode.com/api/authn/v2/users/?page=0&size=200",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "_embedded.users",
"keyField": "accountID",
"statusConfig": {
"active": "true",
"inactive": "false"
},
"colsToPropsMap": {
"accountID": "user_id~#~char",
"name": "email_address~#~char",
"displayName": "#CONST#${return first_name+\" \" +last_name}~#~char",
"customproperty1": "first_name~#~char",
"customproperty2": "last_name~#~char",
"customproperty3": "email~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
},
"acctEntMappings": {
}
},
"entitlementParams": {
},
"acctEntParams": {
}
}
logs
Date Timestamp (UTC) | Service Name | Class Name | Thread Name | Log Level | Message |
2024-03-05T22:04:14.482+00:00 | ecm-worker | null-hhw46 | 2024-03-05T22:04:14.108918732Z stdout F 2024-03-05 22:04:14,108 [quartzScheduler_Worker-10] DEBUG services.JobManagementGuardRailService - Only one instance is running.. Trigger Name : Veracode_Account_Import_Full | ||
2024-03-05T22:04:14.482+00:00 | ecm-worker | null-hhw46 | 2024-03-05T22:04:14.146520726Z stdout F url": "https://api.veracode.com/api/authn/v2/users/?page=0&size=200" | ||
2024-03-05T22:04:14.482+00:00" | ecm-worker | null-hhw46 | 2024-03-05T22:04:14.14669553Z stdout F 2024-03-05 22:04:14,146 [quartzScheduler_Worker-10] DEBUG integration.ExternalConnectionCallService - Key=connectionname Value=Veracode | ||
2024-03-05T22:04:14.482+00:00 | ecm-worker | null-hhw46 | 2024-03-05T22:04:14.146867134Z stdout F 2024-03-05 22:04:14,146 [quartzScheduler_Worker-10] DEBUG integration.ExternalConnectionCallService - Key=jobtriggername Value=Veracode_Account_Import_Full | ||
2024-03-05T22:04:14.482+00:00 | ecm-worker | null-hhw46 | 2024-03-05T22:04:14.151342028Z stdout F 2024-03-05 22:04:14,151 [quartzScheduler_Worker-10] DEBUG services.ImportUtilityService - Endpoint 'Veracode' found for the Security System 'Veracode' with Endpointkey: 152 | ||
2024-03-05T22:04:14.482+00:00 | ecm-worker | null-hhw46 | 2024-03-05T22:04:14.151355028Z stdout F 2024-03-05 22:04:14,151 [quartzScheduler_Worker-10] DEBUG integration.ExternalConnectionCallService - *******endpoint=Veracode and secSystem=Veracode****************** | ||
2024-03-05T22:04:14.482+00:00 | ecm-worker | null-hhw46 | 2024-03-05T22:04:14.153427572Z stdout F 2024-03-05 22:04:14,153 [quartzScheduler_Worker-10] DEBUG rest.RestProvisioningService - Loading Start for Security System - Veracode | ||
2024-03-05T22:04:14.482+00:00 | ecm-worker | null-hhw46 | 2024-03-05T22:04:14.153432072Z stdout F 2024-03-05 22:04:14,153 [quartzScheduler_Worker-10] DEBUG rest.RestProvisioningService - Finding Endpoint for the security System - Veracode | ||
2024-03-05T22:04:14.482+00:00 | ecm-worker | null-hhw46 | 2024-03-05T22:04:14.155864224Z stdout F 2024-03-05 22:04:14,155 [quartzScheduler_Worker-10] DEBUG services.ImportUtilityService - Endpoint 'Veracode' found for the Security System 'Veracode' with Endpointkey: 152 | ||
2024-03-05T22:03:48.267+00:00 | ecm | null-dk6dw | 2024-03-05T22:03:47.482088279Z stdout F 2024-03-05 22:03:47,481 [http-nio-8080-exec-7] DEBUG domain.FlatViewJobcontrolController - Inside fireJobAction params = [triggername:Veracode_Account_Import_Full, triggergroup:GRAILS_JOBS, jobname:SapImportJob, jobgroup:DATA, actn:6, job_name:, job_group:, controller:flatViewJobcontrol, action:fireJobAction] |
03/05/2024 06:42 PM
Please share curl command [Refer https://codingnconcepts.com/postman/how-to-generate-curl-command-from-postman/ ]
03/05/2024 06:48 PM
Hi @Ben
Thanks for the information provided above. Could you please provide complete screenshot from postman authentication request call and response (not just the response text) along with the screenshot of headers.
Regards,
Dhruv Sharma
03/05/2024 09:16 PM
Hi @Dhruv_S
There isn't an authentication endpoint for the Veracode API. The API ID and Key are encrypted as part of the pre-request script (see REST APIs quickstart | Veracode Docs & veracode-postman/Veracode Example.postman_collection.json at main · veracode/veracode-postman · GitH...), with the encrypted token passed in the authorization header to the specific end point you're calling (e.g. /v2/users). See below for postman screenshots:
Let me know if you need anything further.
Cheers,
Ben
03/08/2024 01:19 AM
Hi @Ben
Apologies for the delayed response. Does the API give any access token in the response? Without access token what are you putting in the JSON in place of xyz in below part of JSON.
"tokenType": "Basic",
"accessToken": "Basic xyz"
Regards,
Dhruv Sharma
03/10/2024 10:04 PM
{
"authentications": {
"acctAuth": {
"authType": "Basic",
"url": "@BASE_URL@",
"httpMethod": "POST",
"httpParams": {},
"httpHeaders": {},
"httpContentType": "text/html",
"properties": {
"userName": "@USERNAME@",
"password": "@PASSWORD@"
},
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"timeOutError": "Read timed out",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Basic",
"accessToken": "Basic ABCD"
}
}
}
03/11/2024 03:17 PM
Hi @Dhruv_S
No worries at all. No, no access token is returned in the response. This is what I'm trying to understand, as the documentation around the basicwithHMAC connection doesn't really explain how it works.
03/11/2024 09:59 PM
Hi @Ben
Thanks for the confirmation. We are checking internally on this and will keep you posted.
Regards,
Dhruv Sharma
03/17/2024 10:45 PM
03/18/2024 01:24 AM
Hi @Ben
Please use this JSON and update the IKEY and SKEY.
Click on save and test connection. If you get any error- please share the error screenshot and logs.
ConnectionJSON
========
{
"authentications": {
"acctAuth": {
"authType": "BasicWithHmac",
"url": "https://api.veracode.com/api/authn/v2/users",
"httpMethod": "POST",
"properties": {
"IKEY": "<<IKEY>>",
"SKEY": "<<SKEY>>"
},
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed",
"Authentication_MissingOrMalformed",
"Authentication_ExpiredToken"
],
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Basic",
"accessToken": "Basic xyz",
"testConnectionParams": {
"http": {
"url": "https://api.veracode.com/api/authn/v2/users",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"httpMethod": "GET",
"retryFailureStatusCode": [
400,
401,
403
]
}
}
}
}
}
========
Regards,
Dhruv Sharma
03/21/2024 04:42 PM
Thanks, @Dhruv_S.
I've updated the connection as requested. No errors when clicking save and test, however, it still doesn't seem to be importing any accounts. The logs for this are below
Date Timestamp (UTC) | Service Name | Class Name | Thread Name | Log Level | Message |
2024-03-21T23:37:35.761+00:00 | ecm | null-t5s2h | 2024-03-21T23:37:35.03654121Z stdout F 2024-03-21 23:37:35,036 [http-nio-8080-exec-1] DEBUG domain.JobcontrolController - qry = SELECT il.IMPORTLOGID as IMPORTLOGID,il.logDataAsXML as logDataAsXML,ecmimp.jobid as jobID,ecmimp.jobname as JOBNAME,ecmimp.jobStartDate as JOBSTARTDATE,ecmimp.coments as COMMENTS,ecmimp.jobEndDate as JOBENDDATE,il.filename as FILENAME,ecmimp.SAVRESPONSE as SAVRESPONSE,ecmimp.systemName as SYSTEMNAME,ecmimp.externalconnection as EXTERNALCONNECTION,ecmimp.updateUser as UPDATEUSER,ecmimp.triggername as TRIGGERNAME,ecmimp.jobgroup as JOBGROUP,ecmimp.triggerType as TRIGGERTYPE FROM EcmImportJob ecmimp left join ImportLog il on(ecmimp.jobid=il.jobid) where 1=1 AND (ecmimp.jobname = 'SapImportJob' OR ecmimp.jobname ='SAPIMPORTJOB' ) AND ecmimp.triggername = 'Veracode_Account_Import_Full' AND ecmimp.jobgroup = 'DATA' ORDER BY ecmimp.jobid DESC limit 0,15 | ||
2024-03-21T23:37:35.761+00:00 | ecm | null-t5s2h | 2024-03-21T23:37:35.03655821Z stdout F 2024-03-21 23:37:35,036 [http-nio-8080-exec-1] DEBUG domain.JobcontrolController - extraQry = AND (ecmimp.jobname = 'SapImportJob' OR ecmimp.jobname ='SAPIMPORTJOB' ) AND ecmimp.triggername = 'Veracode_Account_Import_Full' AND ecmimp.jobgroup = 'DATA' | ||
2024-03-21T23:37:11.761+00:00 | ecm | null-t5s2h | 2024-03-21T23:37:10.838015837Z stdout F 2024-03-21 23:37:10,837 [http-nio-8080-exec-13] DEBUG controllers.EndpointsController - Search value : veracode | ||
2024-03-21T23:36:51.518+00:00 | ecm-worker | null-fz9jt | 2024-03-21T23:36:50.822009051Z stdout F 2024-03-21 23:36:50,821 [quartzScheduler_Worker-9] DEBUG services.JobManagementGuardRailService - Only one instance is running.. Trigger Name : Veracode_Account_Import_Full | ||
2024-03-21T23:36:51.518+00:00" | ecm-worker | null-fz9jt | 2024-03-21T23:36:50.845677602Z stdout F 2024-03-21 23:36:50,845 [quartzScheduler_Worker-9] DEBUG integration.ExternalConnectionCallService - Key=connectionname Value=Veracode | ||
2024-03-21T23:36:51.518+00:00 | ecm-worker | null-fz9jt | 2024-03-21T23:36:50.845486098Z stdout F url": "https://api.veracode.com/api/authn/v2/users?page=0&size=20" | ||
2024-03-21T23:36:51.518+00:00 | ecm-worker | null-fz9jt | 2024-03-21T23:36:50.845872606Z stdout F 2024-03-21 23:36:50,845 [quartzScheduler_Worker-9] DEBUG integration.ExternalConnectionCallService - Key=jobtriggername Value=Veracode_Account_Import_Full | ||
2024-03-21T23:36:51.518+00:00 | ecm-worker | null-fz9jt | 2024-03-21T23:36:50.85029839Z stdout F 2024-03-21 23:36:50,850 [quartzScheduler_Worker-9] DEBUG services.ImportUtilityService - Endpoint 'Veracode' found for the Security System 'Veracode' with Endpointkey: 152 | ||
2024-03-21T23:36:51.518+00:00 | ecm-worker | null-fz9jt | 2024-03-21T23:36:50.85031869Z stdout F 2024-03-21 23:36:50,850 [quartzScheduler_Worker-9] DEBUG integration.ExternalConnectionCallService - *******endpoint=Veracode and secSystem=Veracode****************** | ||
2024-03-21T23:36:51.518+00:00 | ecm-worker | null-fz9jt | 2024-03-21T23:36:50.85243843Z stdout F 2024-03-21 23:36:50,852 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService - Loading Start for Security System - Veracode | ||
2024-03-21T23:36:51.518+00:00 | ecm-worker | null-fz9jt | 2024-03-21T23:36:50.852441131Z stdout F 2024-03-21 23:36:50,852 [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService - Finding Endpoint for the security System - Veracode | ||
2024-03-21T23:36:51.518+00:00 | ecm-worker | null-fz9jt | 2024-03-21T23:36:50.855445188Z stdout F 2024-03-21 23:36:50,855 [quartzScheduler_Worker-9] DEBUG services.ImportUtilityService - Endpoint 'Veracode' found for the Security System 'Veracode' with Endpointkey: 152 | ||
2024-03-21T23:36:28.761+00:00 | ecm | null-t5s2h | 2024-03-21T23:36:28.563815227Z stdout F 2024-03-21 23:36:28,563 [http-nio-8080-exec-16] DEBUG domain.FlatViewJobcontrolController - Inside fireJobAction params = [triggername:Veracode_Account_Import_Full, triggergroup:GRAILS_JOBS, jobname:SapImportJob, jobgroup:DATA, actn:6, job_name:, job_group:, controller:flatViewJobcontrol, action:fireJobAction] | ||
2024-03-21T23:36:04.771+00:00 | ecm | null-t5s2h | 2024-03-21T23:36:04.407341794Z stdout F 2024-03-21 23:36:04,407 [http-nio-8080-exec-17] DEBUG integration.ExternalConnectionCallService - in testExternalConnection for External Connection : Veracode |
03/21/2024 06:24 PM
Can you share full logs from job start and end in file.
Above logs are of test connection. Share logs when you run import Job
03/24/2024 08:50 PM
@rushikeshvartak Those logs are from the job run, I've attached the csv from the run which i just I did
03/26/2024 12:30 AM
Hi @Ben
I have opened a FS ticket (INC-2023645) on your behalf and would be contacting you on the same.
Regards,
Dhruv Sharma
04/02/2024 04:46 AM
04/02/2024 08:40 AM
Hi @Amar_Simha
You can refer to the connection JSON in my previous comments. It is not giving any error. Please validate by save and test connection.
However the import is not happening, seems some issue with ImportJSON. We are working on it.
Regards,
Dhruv Sharma
04/02/2024 09:26 AM
@Dhruv_S : Thank you for the update, will try the same.
04/03/2024 01:38 AM
Hi @Amar_Simha,
Dhruv and I are still working through this one via the support ticket. If/when we can get it working, i'll update here with the solution. If you're able to get this working on your side before then, please let me know what you've done.
Cheers,
Ben
04/03/2024 02:01 AM
Thank you @Ben for your response, appreciate it.
04/02/2024 11:55 AM
Disclaimer - This is an AI generated response and feedback on this thread will be used to fine tune.
Integrating Veracode with Saviynt and using BasicWithHmac for authentication should indeed be supported. Let's address the issue you're facing by revising the connection JSON based on the provided details and ensuring all necessary fields are included as per Saviynt's requirements.
Considering the Postman response, you've provided information that we can use to construct a Saviynt connection JSON. Based on the screenshots and your example JSON for Connection and ImportAccount, here is an example of what the Connection JSON with BasicWithHmac authentication might look like for Saviynt:
{
"authentications": {
"acctAuth": {
"authType": "BasicWithHmac",
"url": "https://api.veracode.com/api/authn/v2/users",
"httpMethod": "GET",
"properties": {
"AccessKeyID": "YOUR_ACCESS_KEY_ID",
"SecretKey": "YOUR_SECRET_KEY"
},
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed",
"Authentication_MissingOrMalformed",
"Authentication_ExpiredToken"
],
"errorPath": "message",
"maxRefreshTryCount": 3,
"tokenResponsePath": "token",
"tokenType": "Hmac",
"accessToken": "GENERATED_HMAC_TOKEN",
"expiryError": ["TokenExpired"],
"timeOutError": ["ConnectionTimeout"],
"retryFailureStatusCode": [429, 500, 503]
}
}
}
Here’s how the Importaccount JSON can be structured, including the error handling parameters:
{
"globalSettings": {
"dateFormat": "yyyy-MM-dd'T'HH:mm:ss"
},
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://api.veracode.com/api/authn/v2/users/?page=0&size=200",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "_embedded.users",
"keyField": "user_id",
"statusConfig": {
"active": "login_enabled",
"inactive": "not(login_enabled)"
},
"colsToPropsMap": {
"accountID": "user_id~#~char",
"name": "user_name~#~char",
"displayName": "#CONST#${first_name} ${last_name}~#~char",
"customproperty1": "first_name~#~char",
"customproperty2": "last_name~#~char",
"customproperty3": "email_address~#~char"
},
"expiryError": ["TokenExpired"],
"authError": ["InvalidAuthenticationToken", "AuthenticationFailed"],
"timeOutError": ["ConnectionTimeout"],
"retryFailureStatusCode": [429, 500, 503],
"errorPath": "message",
"maxRefreshTryCount": 3
}
}
},
"entitlementParams": {},
"acctEntParams": {}
}
In the JSON:
Please replace "YOUR_ACCESS_KEY_ID", "YOUR_SECRET_KEY", and "GENERATED_HMAC_TOKEN" with your actual credentials and generated token. The ${access_token} is a variable that Saviynt would replace with the actual access token when making the API call.
Make sure to test these JSON configurations in a development environment before applying them in production. Adjust the properties, url, and any other parameters as needed to match your actual setup.
If you encounter further issues, you might need to dive into the details of the error messages you receive and check if there are additional configuration settings required by Veracode that need to be incorporated into your Saviynt configuration.