Saviynt Forums

pahm · ‎08/23/2024

Hello

I created an endpoint with REST Connector, at first import, all accounts imported but the account status are all set to SUSPENDED FROM IMPORT SERVICE.

After I adjust the status mapping, next import does not process the existing entries and does not process new entries anymore although I can see the entries are in response from target according to Saviynt log file. there is no errors in log file.

What should I check in this case?

Thanks

rushikeshvartak · ‎08/23/2024

Please share basic information to debug issue
json & logs after important job in text file

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

pahm · ‎08/23/2024

Hello Rushikesh,

Attached log file contains the json settings and an import job execution. I replaced actual user information. hopefully that does not bother your review. the API response have boolean attributes, when mapping to saviynt, I use char, not sure if it is an issue.

Thank you very much!

rushikeshvartak · ‎08/24/2024

You have issue with connection json

"2024-08-24T00:49:13.989+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-1-t4n5z","DEBUG","Got Webservice API Response: [headers:[Date: Sat, 24 Aug 2024 00:49:13 GMT, Content-Type: application/json, Transfer-Encoding: chunked, Connection: keep-alive, x-redlock-status: [{"severity":"error","i18nKey":"unauthorized_access"}], trace-id: ca76b136329b71f5dcc03c9e07961386, X-Content-Type-Options: nosniff, X-XSS-Protection: 0, Cache-Control: no-cache, no-store, max-age=0, must-revalidate, Pragma: no-cache, Expires: 0, Strict-Transport-Security: max-age=31536000 ; includeSubDomains, X-Frame-Options: DENY, Vary: Origin, Vary: Access-Control-Request-Method, Vary: Access-Control-Request-Headers, Vary: accept-encoding, Vary: x-redlock-auth, Vary: Origin, Referrer-Policy: no-referrer, Content-Security-Policy: default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src https:; style-src 'self' https: 'unsafe-inline', X-Download-Options: noopen, X-Permitted-Cross-Domain-Policies: none], responseText:{"timestamp":"2024-08-24T00:49:13.956054973Z","status":401,"error":"unauthorized_access","message":"unauthorized_access","path":"GET:/api/v3/user"}, cookies:[], statusCode:401]"

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

pahm · ‎08/24/2024

Hello Rushikesh,

What you find out is line number 804 the older initial call which is because the cached access_token expired. Then it tried second time and line #481 which shows the retrieved account entries.

See the log entry timestamp and could you please help review again?

#line 481:

024-08-24T00:49:14.682+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-1-t4n5z","DEBUG","Got Webservice API Response: [headers:[Date: Sat, 24 Aug 2024 00:49:14

#line 804:

2024-08-24T00:49:13.989+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-1-t4n5z","DEBUG","Got Webservice API Response: [headers:[Date: Sat, 24 Aug 2024 00:49:13

rushikeshvartak · ‎08/24/2024

It shows connection is successful
Please find account API curl & postman response in text format
also share saviynt json for import and status threshold

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

pahm · ‎08/24/2024

Hello Rushikesh,

See CURL command below and attached files.

By the way, I use both statusConfig in importJSON and statusColulmn in ThresholdConfigJSON. not sure if there are any conflict. Or it did not use the second time call response? by the way, I use Saviynt version 24.7. looks this new release have issues if configuration is correct?

CURL:

curl --location 'https://my.rest.api/v3/user' --header 'accept: application/json; charset=UTF-8' --header 'content-type: application/json' --header 'Authorization: ••••••'

rushikeshvartak · ‎08/24/2024

What happens after account import ?
Did you tried hardcoding token in import json as well as url
Share logs if does not works

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

pahm · ‎08/24/2024

Hello Rushikesh,

I tried hardcoding token as well, it has same behavior. the API return account entries but Saviynt does not process at all with empty account list on endpoint. please check attached logs in next Post below.

Thanks,

pahm · ‎08/24/2024

Hello Rushikesh,

Attached is the log file for your review. this is the very first time to import with a new system/endpoint creation. I don't see it imported the accounts into endpoint but I do see 4 entries returned from API. I have removed the account entries from log file to remove personal information. According to the log entries. it did not generated any account results.

Thanks for your review and let me know what you can find.

pahm · ‎08/25/2024

Hello Rushikesh,

Could you please take a look at below with what you requested? I will have to have a PoC conclusion. I don't see any configuration change needed. nowhere to go now.

Thanks a lot!

rushikeshvartak · ‎08/25/2024

Please share importaccountent json

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

pahm · ‎08/26/2024

Hello Rushikesh,

Attached is the connection and import JSON for your review. thanks a lot. It would be great if you could conclude quickly it is Saviynt issue or target API issue.

From previous shared import job log, I found these two entries:

"2024-08-24T19:13:44.361+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-3-wcsnl","DEBUG","Got Webservice API Response:
responseText:
[{"email":"an...........

"2024-08-24T19:13:44.370+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-3-wcsnl","DEBUG","pullObjectsByRest - responseMap.size : 1"
"2024-08-24T19:13:44.370+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-3-wcsnl","DEBUG","pullObjectsByRest - objectList.size : null"

If this means the size of pulled account entries, it should be 4 as we have 4 account entries returned in responseText. the result is the import job does not process any entry and endpoint > accounts shows 0 accounts imported.

Best regards,

rushikeshvartak · ‎08/26/2024

Please share postman screenshot and curl command [Refer https://codingnconcepts.com/postman/how-to-generate-curl-command-from-postman/ ]

⚠️‼️‼️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.‼️‼️⚠️

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

pahm · ‎08/26/2024

Hello Rushikesh,

We finally find the root cause with trial and error. it is because target REST API return a body of account entries as a list directly like [{acct1},{acct2}] instead of {"listField"[{acct1},{acct2}]}, there is no value for "listField"

Initially I set "listField": "responseText" and I got account entries but all set SUSPENDED FROM IMPORT SERVICE. I thought it works that way, however, now if we totally remove this line of "listField", it works out!

The AccessImport have same issue, once we remove "listFiled" setting, the import works perfectly. so instead of set it as "responseText", we should remove it.

Probably you can update another forum to avoid other people go to wrong way. I'll update my post there as well.

Thanks,

rushikeshvartak · ‎08/26/2024

So below is working JSON

{
  "accountParams": {
    "connection": "acctAuth",
    "processingType": "SequentialAndIterative",
    "call": {
      "call1": {
        "callOrder": 0,
        "stageNumber": 0,
        "http": {
          "url": "${connection.baseUrl}/v3/user",
          "httpMethod": "GET",
          "httpHeaders": {
            "Authorization": "${access_token}"
          },
          "httpContentType": "application/json"
        },
        "successResponses": {
          "statusCode": [
            200
          ]
        },
        "unsuccessResponses": {
          "statusCode": [
            400,
            401,
            403,
            404,
            409,
            415,
            416,
            429,
            500,
            502,
            503,
            504
          ]
        },
        "statusConfig": {
          "active": "true",
          "inactive": "false"
        },
        "keyField": "accountID",
        "colsToPropsMap": {
          "CUSTOMPROPERTY1": "#CONST#${if (response.firstName == null || response.firstName == '') {return ''} else {return response.firstName}}~#~char",
          "CUSTOMPROPERTY2": "#CONST#${if (response.lastName == null || response.lastName == '') {return ''} else {return response.lastName}}~#~char",
          "CUSTOMPROPERTY3": "enabled~#~char",
          "CUSTOMPROPERTY4": "#CONST#${if (response.email == null || response.email == '') {return ''} else {return response.email}}~#~char",
          "status": "enabled~#~char",
          "name": "email~#~char",
          "accountID": "email~#~char"
        }
      }
    }
  },
  "entitlementParams": {},
  "acctEntParams": {}
}

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

pahm · ‎08/27/2024

No, you will have to remove the line from JSON:

        "listField": "",

rushikeshvartak · ‎08/27/2024

Removed

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Saviynt Forums

Why AccountImport job does not process the entries although it get all accounts from target system?