I’ve set up a Web Services Connector for Crowdstrike Falcon in order to get our Administrators accounts and their Entitlements. I’ve got the Account and Entitlements Aggregation Operations working well. I’m trying to set up Add/Remove Entitlements operations now, but I’m running into an issue.
The call to Crowdstrike needs to be formatted like this:
When setting this up in the connector, I’ve used $plan.role$ for the value of the “role_id”, and I’ve used $plan.nativeIdentity$ for the value of the “accountId”, like so:
When I test an access request, I’m receiving this error:
[ConnectorError] error receiving response from connector: stream client connection is broken (connector process may have crashed)
I’m suspecting an issue with the value of “role_ids” being an array, but I’m unsure if that’s it. Even if I hardcode a role id and a uuid, I receive the same error. However, I can run the call through postman and it works as intended.
I think what might be happening here is that you passing in the Role object which most likely would include name, id, and type. Where it looks like the crowd strike api is just looking for the Role name. I would do a little more digging on what $plan.role$ actually is returning.
Thanks for your response. I did some rerouting of this operation to a webhook so that I could see what that variable was actually sending, and it is pulling the appropriate value for the role_id. Here’s the body that the Webhook received.
That “falconhost_read_only” is the entitlement ID which I’ve been using in my tests. The uuid that is returned is also my own Crowdstrike Account ID. The request did make it to the webhook this time, whereas when sending it to the Crowdstrike Endpoint, the request does not seem to make it out of the connector.
After pulling the debug logs, I’m seeing this error:
[2025-11-03T23:37:52.755-05:00] ERROR | connectorMessage ︎ {“commandType”:“std:account:update”,“invocationId”:“b16fa251-53ca-4d15-bf8c-4381b2bf993f”,“message”:“/app/webpack:/saas-conn-webservices/src/connectors/webservice-connector.ts:1149\n throw new error_1.InvalidResponseError(WebserviceConnector.className + ‘KeyID cannot be empty.’);\n^\n”,“requestId”:“3b328e34fbf543c9a1a662ffb876f27c”,“version”:52}
I found that the call is actually provisioning/deprovisioning successfully on the Crowdstrike side, but the Sailpoint connector is expecting what seems like the user’s UUID in the response. The response from Crowdstrike doesn’t contain any such id, so the connector process fails to validate that the access has been added or removed.
Seems like the only next paths we have are to see if we can switch to the VA-Based connector, which we did try initially, but were getting blocked by network rules. Or reach out to Sailpoint Support and see if there’s any cloud rules that could be used to pass the uuid into the response.
︎ {“commandType”:“std:account:update”,“invocationId”:“b16fa251-53ca-4d15-bf8c-4381b2bf993f”,“message”:“/app/webpack:/saas-conn-webservices/src/connectors/webservice-connector.ts:1149\n throw new error_1.InvalidResponseError(WebserviceConnector.className + ‘KeyID cannot be empty.’);\n^\n”,“requestId”:“3b328e34fbf543c9a1a662ffb876f27c”,“version”:52}