Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/23/2024 02:55 PM - edited 08/23/2024 02:56 PM
Hello
I created an endpoint with REST Connector, at first import, all accounts imported but the account status are all set to SUSPENDED FROM IMPORT SERVICE.
After I adjust the status mapping, next import does not process the existing entries and does not process new entries anymore although I can see the entries are in response from target according to Saviynt log file. there is no errors in log file.
What should I check in this case?
Thanks
Solved! Go to Solution.
08/23/2024 05:58 PM
08/23/2024 06:23 PM
Hello Rushikesh,
Attached log file contains the json settings and an import job execution. I replaced actual user information. hopefully that does not bother your review. the API response have boolean attributes, when mapping to saviynt, I use char, not sure if it is an issue.
Thank you very much!
08/24/2024 08:46 AM
You have issue with connection json
"2024-08-24T00:49:13.989+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-1-t4n5z","DEBUG","Got Webservice API Response: [headers:[Date: Sat, 24 Aug 2024 00:49:13 GMT, Content-Type: application/json, Transfer-Encoding: chunked, Connection: keep-alive, x-redlock-status: [{"severity":"error","i18nKey":"unauthorized_access"}], trace-id: ca76b136329b71f5dcc03c9e07961386, X-Content-Type-Options: nosniff, X-XSS-Protection: 0, Cache-Control: no-cache, no-store, max-age=0, must-revalidate, Pragma: no-cache, Expires: 0, Strict-Transport-Security: max-age=31536000 ; includeSubDomains, X-Frame-Options: DENY, Vary: Origin, Vary: Access-Control-Request-Method, Vary: Access-Control-Request-Headers, Vary: accept-encoding, Vary: x-redlock-auth, Vary: Origin, Referrer-Policy: no-referrer, Content-Security-Policy: default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src https:; style-src 'self' https: 'unsafe-inline', X-Download-Options: noopen, X-Permitted-Cross-Domain-Policies: none], responseText:{"timestamp":"2024-08-24T00:49:13.956054973Z","status":401,"error":"unauthorized_access","message":"unauthorized_access","path":"GET:/api/v3/user"}, cookies:[], statusCode:401]"
08/24/2024 09:32 AM
Hello Rushikesh,
What you find out is line number 804 the older initial call which is because the cached access_token expired. Then it tried second time and line #481 which shows the retrieved account entries.
See the log entry timestamp and could you please help review again?
#line 481:
024-08-24T00:49:14.682+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-1-t4n5z","DEBUG","Got Webservice API Response: [headers:[Date: Sat, 24 Aug 2024 00:49:14
#line 804:
2024-08-24T00:49:13.989+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-1-t4n5z","DEBUG","Got Webservice API Response: [headers:[Date: Sat, 24 Aug 2024 00:49:13
08/24/2024 10:04 AM
08/24/2024 11:09 AM - edited 08/24/2024 11:15 AM
Hello Rushikesh,
See CURL command below and attached files.
By the way, I use both statusConfig in importJSON and statusColulmn in ThresholdConfigJSON. not sure if there are any conflict. Or it did not use the second time call response? by the way, I use Saviynt version 24.7. looks this new release have issues if configuration is correct?
CURL:
08/24/2024 11:32 AM
08/24/2024 11:58 AM - edited 08/24/2024 02:12 PM
Hello Rushikesh,
I tried hardcoding token as well, it has same behavior. the API return account entries but Saviynt does not process at all with empty account list on endpoint. please check attached logs in next Post below.
Thanks,
08/24/2024 12:38 PM
Hello Rushikesh,
Attached is the log file for your review. this is the very first time to import with a new system/endpoint creation. I don't see it imported the accounts into endpoint but I do see 4 entries returned from API. I have removed the account entries from log file to remove personal information. According to the log entries. it did not generated any account results.
Thanks for your review and let me know what you can find.
08/25/2024 11:43 AM
Hello Rushikesh,
Could you please take a look at below with what you requested? I will have to have a PoC conclusion. I don't see any configuration change needed. nowhere to go now.
Thanks a lot!
08/25/2024 08:51 PM
Please share importaccountent json
08/26/2024 11:56 AM - edited 08/26/2024 12:32 PM
Hello Rushikesh,
Attached is the connection and import JSON for your review. thanks a lot. It would be great if you could conclude quickly it is Saviynt issue or target API issue.
From previous shared import job log, I found these two entries:
"2024-08-24T19:13:44.361+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-3-wcsnl","DEBUG","Got Webservice API Response:
responseText:
[{"email":"an...........
"2024-08-24T19:13:44.370+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-3-wcsnl","DEBUG","pullObjectsByRest - responseMap.size : 1"
"2024-08-24T19:13:44.370+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-3-wcsnl","DEBUG","pullObjectsByRest - objectList.size : null"
If this means the size of pulled account entries, it should be 4 as we have 4 account entries returned in responseText. the result is the import job does not process any entry and endpoint > accounts shows 0 accounts imported.
Best regards,
08/26/2024 01:10 PM
Please share postman screenshot and curl command [Refer https://codingnconcepts.com/postman/how-to-generate-curl-command-from-postman/ ]
⚠️‼️‼️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.‼️‼️⚠️
08/26/2024 03:53 PM
Hello Rushikesh,
We finally find the root cause with trial and error. it is because target REST API return a body of account entries as a list directly like [{acct1},{acct2}] instead of {"listField"[{acct1},{acct2}]}, there is no value for "listField"
Initially I set "listField": "responseText" and I got account entries but all set SUSPENDED FROM IMPORT SERVICE. I thought it works that way, however, now if we totally remove this line of "listField", it works out!
The AccessImport have same issue, once we remove "listFiled" setting, the import works perfectly. so instead of set it as "responseText", we should remove it.
Probably you can update another forum to avoid other people go to wrong way. I'll update my post there as well.
Thanks,
08/26/2024 05:55 PM - edited 08/27/2024 09:26 AM
So below is working JSON
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "${connection.baseUrl}/v3/user",
"httpMethod": "GET",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json"
},
"successResponses": {
"statusCode": [
200
]
},
"unsuccessResponses": {
"statusCode": [
400,
401,
403,
404,
409,
415,
416,
429,
500,
502,
503,
504
]
},
"statusConfig": {
"active": "true",
"inactive": "false"
},
"keyField": "accountID",
"colsToPropsMap": {
"CUSTOMPROPERTY1": "#CONST#${if (response.firstName == null || response.firstName == '') {return ''} else {return response.firstName}}~#~char",
"CUSTOMPROPERTY2": "#CONST#${if (response.lastName == null || response.lastName == '') {return ''} else {return response.lastName}}~#~char",
"CUSTOMPROPERTY3": "enabled~#~char",
"CUSTOMPROPERTY4": "#CONST#${if (response.email == null || response.email == '') {return ''} else {return response.email}}~#~char",
"status": "enabled~#~char",
"name": "email~#~char",
"accountID": "email~#~char"
}
}
}
},
"entitlementParams": {},
"acctEntParams": {}
}
08/27/2024 09:25 AM
No, you will have to remove the line from JSON:
"listField": "",
08/27/2024 09:26 AM
Removed