shijingg
January 13, 2025, 3:50pm
1
IIQ 8.4
Error 401
Custom Authentication Operation which returns access_token to be used in other operations
Add Entitlement Operator Header calls access_token
<Source>
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.HashMap;
import sailpoint.tools.Util;
import sailpoint.object.Application;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningPlan.Operation;
import sailpoint.connector.webservices.EndPoint;
import java.net.HttpURLConnection;
import java.net.URL;
import java.io.OutputStreamWriter;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.HttpResponse;
import org.apache.http.util.EntityUtils;
import org.json.JSONObject;
public String httpRequest(String requestUrl)
{
return application.getAttributeValue("genericWebServiceBaseUrl") + requestUrl;
}
// Start of getting context url
List entitlements = new ArrayList();
String finalUrl = "";
String contextUrl = "";
// Looping through the account requests and attribute requests to get the entitlement values
for(AccountRequest accountRequest : provisioningPlan.getAccountRequests()) // Get the Account Requests
{
//emailList.add(accountRequest.getNativeIdentity());
for(AttributeRequest attributeRequest : accountRequest.getAttributeRequests()) // Get the Attribute Requests
{
String attrName = attributeRequest.getName();
Operation opName = attributeRequest.getOperation();
log.error(opName);
if(attrName.equals("groupName") && (opName.toString().equals("Add"))){
entitlements.add(attributeRequest.getValue());
}
}
}
int totalEntitlement = entitlements.size();
log.error("Total entitlement" + totalEntitlement);
int index = 0;
int lastIndex = totalEntitlement-1;
String entitlement = "";
char c = ':';
if (totalEntitlement > 1) {
for(int i=0; i<lastIndex; i++) // Looping through the entitlments to make the api calls for all records except the last
{
entitlement = entitlements.get(i);
String jsonBody = (new org.json.JSONObject(requestEndPoint.getBody())).getString("jsonBody");
index = entitlement.indexOf(c);
if (index != -1) {
entitlement = entitlement.substring(index+1, entitlement.length());
}
String response = restClient.executePut(httpRequest(entitlement + "/members"),jsonBody,requestEndPoint.getHeader(),requestEndPoint.getResponseCode());
}
}
// for only one entitlement and last entitlement, it will be executed by SailPoint
entitlement = entitlements.get(lastIndex);
Map body = requestEndPoint.getBody();
String jsonBody = (new org.json.JSONObject(requestEndPoint.getBody())).getString("jsonBody");
body.put("jsonBody", jsonBody);
requestEndPoint.setBody(body);
index = entitlement.indexOf(c);
if (index != -1) {
entitlement = entitlement.substring(index+1, entitlement.length());
}
requestEndPoint.setFullUrl(httpRequest(entitlement + "/members"));
return requestEndPoint;
</Source>
Hi all, I currently have a Web Service Connector application that uses a Custom Authentication to retrieve the access token. The add/remove entitlement operations also have a Before Operation rule which uses a for loop to loop through all entitlements other than the last entitlement. As for the last entitlement, it will be using the OOTB operation to do the call. However, I have been getting intermittent Error 401 and from my testing I noticed the access_token seems to be cached. Any method to refresh the custom authentication access_token every time an API endpoint is called?
trettkowski
January 13, 2025, 5:11pm
2
This documentation is helpful for configuring Custom Authentication:
There’s a few things I would check:
Use the variable “customaccesstoken” instead of access_token per the documentation above. I’ve seen issues with caching not working properly since accesstoken is variable that’s already used by the connector for other things.
Try removing the “Bearer” in the header values. In my experience, the “Bearer” part may not be required and just passing $application.accesstoken$ should work.
Try using “$application.accesstoken$” instead of “$application.access_token$”
If those suggestions don’t work, I would try logging the headers, URL, and json body in a before rule to confirm they look correct before being sent to the API.
shijingg
January 14, 2025, 2:24am
3
Hi Tyler, customaccesstoken constantly gives error other than when testing connection. I tried accesstoken as well, unable to do so. Logged in my rule and the $application.accesstoken$ or $application.customaccesstoken$ does not have the value. Any clue?
Am I setting it up correctly as specified in the red boxes?
Also seems this intermittent issue happens more often when raising request to add/remove entitlements in a single access request.
Arpitha1
January 14, 2025, 4:42am
4
Shi Jing Wong:
customaccesstoken
What error are you getting ? Is it 401 ?
shijingg
January 14, 2025, 4:46am
5
Hi Arpitha, yes Error 401
Arpitha1
January 14, 2025, 6:27am
6
If it’s 401, then system will take care of regenerating customaccesstoken. Can you share your application xml by masking sensitive details.
shijingg
January 14, 2025, 7:30am
7
Hi Arpitha,
I have reverted to using access_token.
Below is my application xml.
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Application PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Application connector="sailpoint.connector.webservices.WebServicesConnector" created="1724734668973" featuresString="PROVISIONING, SYNC_PROVISIONING, SEARCH" id="0af403fa917a11b48191923280ad0603" modified="1736833288535" name="Testing" profileClass="" significantModified="1736833288535" type="Web Services">
<AccountCorrelationConfig>
<Reference class="sailpoint.object.CorrelationConfig" id="0af403dc925c1b1b81926bb8ecbf74c1" name="Testing Correlation"/>
</AccountCorrelationConfig>
<Attributes>
<Map>
<entry key="acctAggregationEnd">
<value>
<Date>1736833288349</Date>
</value>
</entry>
<entry key="acctAggregationStart">
<value>
<Date>1736832203006</Date>
</value>
</entry>
<entry key="addRemoveEntInSingleReq">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="afterProvisioningRule"/>
<entry key="aggregationPartitioned">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="aggregationType" value="account"/>
<entry key="authenticationMethod" value="No Auth"/>
<entry key="beforeProvisioningRule"/>
<entry key="clientCertAuthEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="compositeDefinition"/>
<entry key="connectionParameters">
<value>
<List>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData">
<value>
<Map>
<entry key="client_id" value="client_id"/>
<entry key="client_secret" value="client_secret"/>
<entry key="grant_type" value="client_credentials"/>
<entry key="scope" value="scope"/>
</Map>
</value>
</entry>
<entry key="bodyFormat" value="formData"/>
<entry key="jsonBody"/>
</Map>
</value>
</entry>
<entry key="contextUrl"/>
<entry key="curlCommand"/>
<entry key="curlEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="customAuthUrl" value="https://login.microsoftonline.com/<<id>>/oauth2/v2.0/token"/>
<entry key="header">
<value>
<Map>
<entry key="Content-Type" value="application/x-www-form-urlencoded"/>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="POST"/>
<entry key="operationType" value="Custom Authentication"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj">
<value>
<Map>
<entry key="access_token" value="access_token"/>
</Map>
</value>
</entry>
<entry key="responseCode">
<value>
<List>
<String>2**</String>
</List>
</value>
</entry>
<entry key="rootPath" value="$"/>
<entry key="sequenceNumberForEndpoint" value="1"/>
<entry key="uniqueNameForEndPoint" value="Get Access Token"/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule" value="Bind Members to Group"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody" value="{
"emails": [
"$plan.nativeIdentity$"
]
}"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/namespace"/>
<entry key="curlCommand"/>
<entry key="curlEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="customAuthUrl"/>
<entry key="header">
<value>
<Map>
<entry key="Accept" value="application/json"/>
<entry key="Authorization" value="Bearer $application.access_token$"/>
<entry key="x-api-key" value="api key"/>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="PUT"/>
<entry key="operationType" value="Add Entitlement"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj">
<value>
<Map>
<entry key="email" value="emails[*]"/>
<entry key="groups" value="groups[*]"/>
</Map>
</value>
</entry>
<entry key="responseCode">
<value>
<List>
<String>200</String>
</List>
</value>
</entry>
<entry key="rootPath" value="$"/>
<entry key="sequenceNumberForEndpoint" value="2"/>
<entry key="uniqueNameForEndPoint"/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/Organisations"/>
<entry key="curlCommand"/>
<entry key="curlEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="customAuthUrl"/>
<entry key="header">
<value>
<Map>
<entry key="Accept" value="application/json"/>
<entry key="Authorization" value="Bearer $application.access_token$"/>
<entry key="x-api-key" value="api key"/>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="GET"/>
<entry key="operationType" value="Test Connection"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj"/>
<entry key="responseCode">
<value>
<List>
<String>2**</String>
</List>
</value>
</entry>
<entry key="rootPath"/>
<entry key="sequenceNumberForEndpoint" value="3"/>
<entry key="uniqueNameForEndPoint"/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/groups"/>
<entry key="curlCommand"/>
<entry key="curlEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="customAuthUrl"/>
<entry key="header">
<value>
<Map>
<entry key="Accept" value="application/json"/>
<entry key="Authorization" value="Bearer $application.access_token$"/>
<entry key="x-api-key" value="api key"/>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="GET"/>
<entry key="operationType" value="Group Aggregation"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj">
<value>
<Map>
<entry key="group" value="grn"/>
<entry key="groupName" value="name"/>
<entry key="id" value="id"/>
</Map>
</value>
</entry>
<entry key="responseCode">
<value>
<List>
<String>2**</String>
</List>
</value>
</entry>
<entry key="rootPath" value="$.groups[*]"/>
<entry key="sequenceNumberForEndpoint" value="4"/>
<entry key="uniqueNameForEndPoint"/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule" value="Unbind Members from Group"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/iam/namespace"/>
<entry key="curlCommand"/>
<entry key="curlEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="customAuthUrl"/>
<entry key="header">
<value>
<Map>
<entry key="Accept" value="application/json"/>
<entry key="Authorization" value="Bearer $application.access_token$"/>
<entry key="x-api-key" value="api key"/>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="DELETE"/>
<entry key="operationType" value="Remove Entitlement"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj"/>
<entry key="responseCode">
<value>
<List>
<String>2**</String>
</List>
</value>
</entry>
<entry key="rootPath"/>
<entry key="sequenceNumberForEndpoint" value="5"/>
<entry key="uniqueNameForEndPoint"/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/groups"/>
<entry key="curlCommand"/>
<entry key="curlEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="customAuthUrl"/>
<entry key="header">
<value>
<Map>
<entry key="Accept" value="application/json"/>
<entry key="Authorization" value="Bearer $application.access_token$"/>
<entry key="x-api-key" value="api key"/>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="GET"/>
<entry key="operationType" value="Account Aggregation"/>
<entry key="paginationSteps" value="TERMINATE_IF $response.nextLink$ == NULL
$endpoint.fullUrl$ = $application.baseUrl$ + "/groups/<<object id>>?size=100&nextLink=" + $response.nextLink$"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>100</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj">
<value>
<Map>
<entry key="accountType" value="accountType"/>
<entry key="description" value="description"/>
<entry key="displayName" value="displayName"/>
<entry key="email" value="email"/>
<entry key="firstName" value="firstName"/>
<entry key="id" value="id"/>
<entry key="lastName" value="lastName"/>
<entry key="status" value="status"/>
<entry key="upn" value="upn"/>
<entry key="userPrincipalName" value="userPrincipalName"/>
</Map>
</value>
</entry>
<entry key="responseCode">
<value>
<List>
<String>2**</String>
</List>
</value>
</entry>
<entry key="rootPath" value="$.users[*]"/>
<entry key="sequenceNumberForEndpoint" value="6"/>
<entry key="uniqueNameForEndPoint" value="Get List of Users"/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/$response.email$/memberOf"/>
<entry key="curlCommand"/>
<entry key="curlEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="customAuthUrl"/>
<entry key="header">
<value>
<Map>
<entry key="Accept" value="application/json"/>
<entry key="Authorization" value="Bearer $application.access_token$"/>
<entry key="x-api-key" value="api key"/>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="GET"/>
<entry key="operationType" value="Account Aggregation"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>10</Integer>
</value>
</entry>
<entry key="parentEndpointName" value="Get List of Users"/>
<entry key="resMappingObj">
<value>
<Map>
<entry key="groupCreatedAt" value="createdAt"/>
<entry key="groupDescription" value="description"/>
<entry key="groupId" value="id"/>
<entry key="groupName" value="name"/>
</Map>
</value>
</entry>
<entry key="responseCode">
<value>
<List>
<String>2**</String>
</List>
</value>
</entry>
<entry key="rootPath" value="$.groups[*]"/>
<entry key="sequenceNumberForEndpoint" value="7"/>
<entry key="uniqueNameForEndPoint" value="Get Groups"/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/users"/>
<entry key="curlCommand"/>
<entry key="curlEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="customAuthUrl"/>
<entry key="header"/>
<entry key="httpMethodType" value="POST"/>
<entry key="operationType" value="Create Account"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj"/>
<entry key="rootPath"/>
<entry key="sequenceNumberForEndpoint" value="8"/>
<entry key="uniqueNameForEndPoint"/>
<entry key="xpathNamespaces"/>
</Map>
</List>
</value>
</entry>
<entry key="createAccountWithEntReq">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="custom_auth_token_info" value="3:ACP:5Lp+v2Eb+8h6QRMNmz7FTeobkUYSPzX0gK4lgJ3AgUWXwv3N7+RTP6jSSEXbco7Yl6yHJOdgXQII+I0jyyUPzMuxTyR6s2Dp+5/xPqDFQVy2F8/cNoqEFBKRqVH404JJHgcnaDMYV6slXaYbthcQi/2x9dMZFlDkyGggPv17uchCGyBHjRMlC+otUPlQXYfJ1CrvoiZYzudqS7zHW5S6JJ8rCDpBHc4LtnBlD9TYPJlfH+546lCA0sVwOenMIybsDoR7VkLMxngFqsPGMDPwbQMNtenOyL5elm/R66OSvJ+7pmiFUk9C0O0OgSYYRSLRzI7nO1i6Grh4Q84QKHfff1NvbwJdPCNKmVpSWVBGeqA6/hUC9hiE4fX1hXTFVYdSf+RZeOx2PB2LerPVJ3ZirPvQb/2HoNniVSv4OLx8MOhyZ17ug0pOynghxMfA5YuqsELYKnF89R/4dLrohCfRcNhupFMGj7l5ZHPrdFcxhwDUWsp7YXi4QU0X+n8CCjK7XJuxv5HzWW0tQMIbUNTRtn4eLll3tOpi39tXGbNWGmY1DZb9ZtPCskMW9EHIPuzQ+BX1vZ6Q4Qm/r/yaWPfSj+ogZTSCkGGn1aTUqvdjkb3GbhvHWRBCkSOwz+xferI8uNp0zBj40gaaVaFo9fFqKjlASLoFOclIJi1lfJIjUI0TsX2G2YzjSFqE9WEj/m+SxOaXIC6DqzMyCBricJoJKyIofyqd1iYc2p/UkkL/IgvLHVGNUHvjH2FFpunvILGpGbmQGnJShYpip7DgDt/FS0uCuFelVG4i/ctcp3K91sf+ov0NH10DUvN8MniPSoaMlN78P/ux5VhiTZXxhFULtwZDYeVGKRzVOwhDBOTWowt3wJCQZuGUv5Q8y9x+1a7W6Rzs4Y07v2w8zvQk58dxMLVCEc5TNjhFRsdEiZ9h0xDYVVnLSJsF2ZIfPn0KNi6Dqx4kLn3sobbykJUvIwUrpAhBs+KIzQFW5mklJ0yV3+Rl0CT/+BrnCmj2QwMhwMTCv5ekxAXuzJhnQXqBo4ggOt7GFuMfVj4b2RiW2mIriYqR+gcytz8xDFiqPjZMmIb/NHBs5YfqBKGs8cdsYIeTPPab4BjyrGpELrLGqajUattCKqfXlgt/6lUC/ByskjK04/Tct6D9VxHcbLhHeeKgTfoH9bSZVuCPkISqK1tPDhBL98Ntl+5t2/zFoJqssmSGkjFKpZYemi2IiCifFxkUhIB3GHdzDC+/+tGys1F4oQW0dHOUoMB3BMf/sQwHO0XATMKhgMW1ZzpXuJ+iRD0hIZ1bJPEjenLau6nBiqotU34QmVX8BXUKIDk40ETNqvncOahuK2pgJac5qAgBsZaEzPGmPfjnMj925hid7U1+lJXPQxgLaSlbvZcz98teALW9xyR4Nwnk1/ClLpyy5gfD3xGqa4+oLKfMcZe1mhcCvHbpxJaOAK8328rEXJKCPxi1LNK5xtJPSe5Rl5FtW6LWtVSk+96lW/fKPldzrByeFUXzmd4a18tGT+1hS7UsIfWY38sk9Sctn+TRQBljyhT9v8lGb4kVei/2rHPd7if3AvoL6Mv/G2j99rLYcnGwE9e7lPzqXVZffSTOG9r2ilV4CZ3rqPFyH8oBlDtQfyPS4GOHDuQTB+Z66YcfkH0/xd/Fim2ajRTyBHVIh6wQc4IyJ9d83/Wi9thzIxENib4HKwwLzCdz/9+/re2ZVsh8IPK8KUYy23xmXK3QBbXhY42xcG/JDFQOVZeg7yhw2ZExQ2k="/>
<entry key="enableHasMore" value="true"/>
<entry key="enableStatus" value="status=enabled"/>
<entry key="encrypted" value="accesstoken,refresh_token,oauth_token_info,client_secret,private_key,private_key_password,clientCertificate,clientKeySpec,resourceOwnerPassword,custom_auth_token_info"/>
<entry key="fixedPlanMultivaluedAttribute" value="true"/>
<entry key="genericWebServiceBaseUrl" value="url"/>
<entry key="httpCookieSpecsStandard" value="true"/>
<entry key="isGetObjectRequiredForPTA">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="lastAggregationDate_account" value="2025-01-14T05:41:28Z"/>
<entry key="lastAggregationDate_group" value="2024-11-29T09:21:35Z"/>
<entry key="nativeChangeDetectionAttributeScope" value="entitlements"/>
<entry key="nativeChangeDetectionAttributes"/>
<entry key="nativeChangeDetectionEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="nativeChangeDetectionOperations"/>
<entry key="oAuthJwtHeader">
<value>
<Map>
<entry key="alg" value="RS256"/>
</Map>
</value>
</entry>
<entry key="oAuthJwtPayload">
<value>
<Map>
<entry key="aud"/>
<entry key="exp" value="15f"/>
<entry key="iss"/>
<entry key="sub"/>
</Map>
</value>
</entry>
<entry key="private_key_to_update"/>
<entry key="saml_assertion_url"/>
<entry key="saml_request_body"/>
<entry key="sysDescriptions">
<value>
<Map>
<entry key="en_GB"/>
<entry key="en_US"/>
</Map>
</value>
</entry>
<entry key="templateApplication" value="Web Services"/>
<entry key="throwProvAfterRuleException">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="throwProvBeforeRuleException">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="timeoutInSeconds"/>
<entry key="version" value="v2"/>
</Map>
</Attributes>
<Schemas>
<Schema created="1736832054502" displayAttribute="displayName" groupAttribute="" id="0af4056f946311b681946341f4e60047" identityAttribute="email" instanceAttribute="" nativeObjectType="email" objectType="account">
<AttributeDefinition name="accountType" type="string"/>
<AttributeDefinition name="displayName" type="string"/>
<AttributeDefinition name="email" type="string"/>
<AttributeDefinition name="firstName" type="string"/>
<AttributeDefinition name="id" type="string"/>
<AttributeDefinition name="lastName" type="string"/>
<AttributeDefinition name="status" type="string"/>
<AttributeDefinition name="upn" type="string"/>
<AttributeDefinition name="userPrincipalName" type="string"/>
<AttributeDefinition entitlement="true" multi="true" name="groupName" schemaObjectType="group" type="string"/>
</Schema>
<Schema created="1736832054502" descriptionAttribute="" displayAttribute="group" id="0af4056f946311b681946341f4e60046" identityAttribute="group" instanceAttribute="" nativeObjectType="group" objectType="group">
<AttributeDefinition entitlement="true" multi="true" name="group" type="string"/>
</Schema>
</Schemas>
<ApplicationScorecard created="1736832054503" id="0af4056f946311b681946341f4e70048"/>
</Application>
Arpitha1
January 14, 2025, 7:53am
8
Hi @shijingg
In documentation, it is stated that not to use access_token for custom authentication. So I just reverted values to use customaccesstoken. Can you try adding loggers to your before rule to print Endpoint headers and body, and share logs if you encounter error.
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Application PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Application connector="sailpoint.connector.webservices.WebServicesConnector" created="1724734668973" featuresString="PROVISIONING, SYNC_PROVISIONING, SEARCH" id="0af403fa917a11b48191923280ad0603" modified="1736833288535" name="Testing" profileClass="" significantModified="1736833288535" type="Web Services">
<AccountCorrelationConfig>
<Reference class="sailpoint.object.CorrelationConfig" id="0af403dc925c1b1b81926bb8ecbf74c1" name="Testing Correlation"/>
</AccountCorrelationConfig>
<Attributes>
<Map>
<entry key="acctAggregationEnd">
<value>
<Date>1736833288349</Date>
</value>
</entry>
<entry key="acctAggregationStart">
<value>
<Date>1736832203006</Date>
</value>
</entry>
<entry key="addRemoveEntInSingleReq">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="afterProvisioningRule"/>
<entry key="aggregationPartitioned">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="aggregationType" value="account"/>
<entry key="authenticationMethod" value="No Auth"/>
<entry key="beforeProvisioningRule"/>
<entry key="clientCertAuthEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="compositeDefinition"/>
<entry key="connectionParameters">
<value>
<List>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData">
<value>
<Map>
<entry key="client_id" value="client_id"/>
<entry key="client_secret" value="client_secret"/>
<entry key="grant_type" value="client_credentials"/>
<entry key="scope" value="scope"/>
</Map>
</value>
</entry>
<entry key="bodyFormat" value="formData"/>
<entry key="jsonBody"/>
</Map>
</value>
</entry>
<entry key="contextUrl"/>
<entry key="curlCommand"/>
<entry key="curlEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="customAuthUrl" value="https://login.microsoftonline.com/<<id>>/oauth2/v2.0/token"/>
<entry key="header">
<value>
<Map>
<entry key="Content-Type" value="application/x-www-form-urlencoded"/>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="POST"/>
<entry key="operationType" value="Custom Authentication"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj">
<value>
<Map>
<entry key="customaccesstoken" value="access_token"/>
</Map>
</value>
</entry>
<entry key="responseCode">
<value>
<List>
<String>2**</String>
</List>
</value>
</entry>
<entry key="rootPath" value="$"/>
<entry key="sequenceNumberForEndpoint" value="1"/>
<entry key="uniqueNameForEndPoint" value="Get Access Token"/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule" value="Bind Members to Group"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody" value="{
"emails": [
"$plan.nativeIdentity$"
]
}"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/namespace"/>
<entry key="curlCommand"/>
<entry key="curlEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="customAuthUrl"/>
<entry key="header">
<value>
<Map>
<entry key="Accept" value="application/json"/>
<entry key="Authorization" value="Bearer $application.customaccesstoken$"/>
<entry key="x-api-key" value="api key"/>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="PUT"/>
<entry key="operationType" value="Add Entitlement"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj">
<value>
<Map>
<entry key="email" value="emails[*]"/>
<entry key="groups" value="groups[*]"/>
</Map>
</value>
</entry>
<entry key="responseCode">
<value>
<List>
<String>200</String>
</List>
</value>
</entry>
<entry key="rootPath" value="$"/>
<entry key="sequenceNumberForEndpoint" value="2"/>
<entry key="uniqueNameForEndPoint"/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/Organisations"/>
<entry key="curlCommand"/>
<entry key="curlEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="customAuthUrl"/>
<entry key="header">
<value>
<Map>
<entry key="Accept" value="application/json"/>
<entry key="Authorization" value="Bearer $application.customaccesstoken$"/>
<entry key="x-api-key" value="api key"/>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="GET"/>
<entry key="operationType" value="Test Connection"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj"/>
<entry key="responseCode">
<value>
<List>
<String>2**</String>
</List>
</value>
</entry>
<entry key="rootPath"/>
<entry key="sequenceNumberForEndpoint" value="3"/>
<entry key="uniqueNameForEndPoint"/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/groups"/>
<entry key="curlCommand"/>
<entry key="curlEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="customAuthUrl"/>
<entry key="header">
<value>
<Map>
<entry key="Accept" value="application/json"/>
<entry key="Authorization" value="Bearer $application.customaccesstoken$"/>
<entry key="x-api-key" value="api key"/>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="GET"/>
<entry key="operationType" value="Group Aggregation"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj">
<value>
<Map>
<entry key="group" value="grn"/>
<entry key="groupName" value="name"/>
<entry key="id" value="id"/>
</Map>
</value>
</entry>
<entry key="responseCode">
<value>
<List>
<String>2**</String>
</List>
</value>
</entry>
<entry key="rootPath" value="$.groups[*]"/>
<entry key="sequenceNumberForEndpoint" value="4"/>
<entry key="uniqueNameForEndPoint"/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule" value="Unbind Members from Group"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/iam/namespace"/>
<entry key="curlCommand"/>
<entry key="curlEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="customAuthUrl"/>
<entry key="header">
<value>
<Map>
<entry key="Accept" value="application/json"/>
<entry key="Authorization" value="Bearer $application.customaccesstoken$"/>
<entry key="x-api-key" value="api key"/>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="DELETE"/>
<entry key="operationType" value="Remove Entitlement"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj"/>
<entry key="responseCode">
<value>
<List>
<String>2**</String>
</List>
</value>
</entry>
<entry key="rootPath"/>
<entry key="sequenceNumberForEndpoint" value="5"/>
<entry key="uniqueNameForEndPoint"/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/groups"/>
<entry key="curlCommand"/>
<entry key="curlEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="customAuthUrl"/>
<entry key="header">
<value>
<Map>
<entry key="Accept" value="application/json"/>
<entry key="Authorization" value="Bearer $application.customaccesstoken$"/>
<entry key="x-api-key" value="api key"/>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="GET"/>
<entry key="operationType" value="Account Aggregation"/>
<entry key="paginationSteps" value="TERMINATE_IF $response.nextLink$ == NULL
$endpoint.fullUrl$ = $application.baseUrl$ + "/groups/<<object id>>?size=100&nextLink=" + $response.nextLink$"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>100</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj">
<value>
<Map>
<entry key="accountType" value="accountType"/>
<entry key="description" value="description"/>
<entry key="displayName" value="displayName"/>
<entry key="email" value="email"/>
<entry key="firstName" value="firstName"/>
<entry key="id" value="id"/>
<entry key="lastName" value="lastName"/>
<entry key="status" value="status"/>
<entry key="upn" value="upn"/>
<entry key="userPrincipalName" value="userPrincipalName"/>
</Map>
</value>
</entry>
<entry key="responseCode">
<value>
<List>
<String>2**</String>
</List>
</value>
</entry>
<entry key="rootPath" value="$.users[*]"/>
<entry key="sequenceNumberForEndpoint" value="6"/>
<entry key="uniqueNameForEndPoint" value="Get List of Users"/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/$response.email$/memberOf"/>
<entry key="curlCommand"/>
<entry key="curlEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="customAuthUrl"/>
<entry key="header">
<value>
<Map>
<entry key="Accept" value="application/json"/>
<entry key="Authorization" value="Bearer $application.customaccesstoken$"/>
<entry key="x-api-key" value="api key"/>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="GET"/>
<entry key="operationType" value="Account Aggregation"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>10</Integer>
</value>
</entry>
<entry key="parentEndpointName" value="Get List of Users"/>
<entry key="resMappingObj">
<value>
<Map>
<entry key="groupCreatedAt" value="createdAt"/>
<entry key="groupDescription" value="description"/>
<entry key="groupId" value="id"/>
<entry key="groupName" value="name"/>
</Map>
</value>
</entry>
<entry key="responseCode">
<value>
<List>
<String>2**</String>
</List>
</value>
</entry>
<entry key="rootPath" value="$.groups[*]"/>
<entry key="sequenceNumberForEndpoint" value="7"/>
<entry key="uniqueNameForEndPoint" value="Get Groups"/>
<entry key="xpathNamespaces"/>
</Map>
<Map>
<entry key="afterRule"/>
<entry key="beforeRule"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/users"/>
<entry key="curlCommand"/>
<entry key="curlEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="customAuthUrl"/>
<entry key="header"/>
<entry key="httpMethodType" value="POST"/>
<entry key="operationType" value="Create Account"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="resMappingObj"/>
<entry key="rootPath"/>
<entry key="sequenceNumberForEndpoint" value="8"/>
<entry key="uniqueNameForEndPoint"/>
<entry key="xpathNamespaces"/>
</Map>
</List>
</value>
</entry>
<entry key="createAccountWithEntReq">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="custom_auth_token_info" value="3:ACP:5Lp+v2Eb+8h6QRMNmz7FTeobkUYSPzX0gK4lgJ3AgUWXwv3N7+RTP6jSSEXbco7Yl6yHJOdgXQII+I0jyyUPzMuxTyR6s2Dp+5/xPqDFQVy2F8/cNoqEFBKRqVH404JJHgcnaDMYV6slXaYbthcQi/2x9dMZFlDkyGggPv17uchCGyBHjRMlC+otUPlQXYfJ1CrvoiZYzudqS7zHW5S6JJ8rCDpBHc4LtnBlD9TYPJlfH+546lCA0sVwOenMIybsDoR7VkLMxngFqsPGMDPwbQMNtenOyL5elm/R66OSvJ+7pmiFUk9C0O0OgSYYRSLRzI7nO1i6Grh4Q84QKHfff1NvbwJdPCNKmVpSWVBGeqA6/hUC9hiE4fX1hXTFVYdSf+RZeOx2PB2LerPVJ3ZirPvQb/2HoNniVSv4OLx8MOhyZ17ug0pOynghxMfA5YuqsELYKnF89R/4dLrohCfRcNhupFMGj7l5ZHPrdFcxhwDUWsp7YXi4QU0X+n8CCjK7XJuxv5HzWW0tQMIbUNTRtn4eLll3tOpi39tXGbNWGmY1DZb9ZtPCskMW9EHIPuzQ+BX1vZ6Q4Qm/r/yaWPfSj+ogZTSCkGGn1aTUqvdjkb3GbhvHWRBCkSOwz+xferI8uNp0zBj40gaaVaFo9fFqKjlASLoFOclIJi1lfJIjUI0TsX2G2YzjSFqE9WEj/m+SxOaXIC6DqzMyCBricJoJKyIofyqd1iYc2p/UkkL/IgvLHVGNUHvjH2FFpunvILGpGbmQGnJShYpip7DgDt/FS0uCuFelVG4i/ctcp3K91sf+ov0NH10DUvN8MniPSoaMlN78P/ux5VhiTZXxhFULtwZDYeVGKRzVOwhDBOTWowt3wJCQZuGUv5Q8y9x+1a7W6Rzs4Y07v2w8zvQk58dxMLVCEc5TNjhFRsdEiZ9h0xDYVVnLSJsF2ZIfPn0KNi6Dqx4kLn3sobbykJUvIwUrpAhBs+KIzQFW5mklJ0yV3+Rl0CT/+BrnCmj2QwMhwMTCv5ekxAXuzJhnQXqBo4ggOt7GFuMfVj4b2RiW2mIriYqR+gcytz8xDFiqPjZMmIb/NHBs5YfqBKGs8cdsYIeTPPab4BjyrGpELrLGqajUattCKqfXlgt/6lUC/ByskjK04/Tct6D9VxHcbLhHeeKgTfoH9bSZVuCPkISqK1tPDhBL98Ntl+5t2/zFoJqssmSGkjFKpZYemi2IiCifFxkUhIB3GHdzDC+/+tGys1F4oQW0dHOUoMB3BMf/sQwHO0XATMKhgMW1ZzpXuJ+iRD0hIZ1bJPEjenLau6nBiqotU34QmVX8BXUKIDk40ETNqvncOahuK2pgJac5qAgBsZaEzPGmPfjnMj925hid7U1+lJXPQxgLaSlbvZcz98teALW9xyR4Nwnk1/ClLpyy5gfD3xGqa4+oLKfMcZe1mhcCvHbpxJaOAK8328rEXJKCPxi1LNK5xtJPSe5Rl5FtW6LWtVSk+96lW/fKPldzrByeFUXzmd4a18tGT+1hS7UsIfWY38sk9Sctn+TRQBljyhT9v8lGb4kVei/2rHPd7if3AvoL6Mv/G2j99rLYcnGwE9e7lPzqXVZffSTOG9r2ilV4CZ3rqPFyH8oBlDtQfyPS4GOHDuQTB+Z66YcfkH0/xd/Fim2ajRTyBHVIh6wQc4IyJ9d83/Wi9thzIxENib4HKwwLzCdz/9+/re2ZVsh8IPK8KUYy23xmXK3QBbXhY42xcG/JDFQOVZeg7yhw2ZExQ2k="/>
<entry key="enableHasMore" value="true"/>
<entry key="enableStatus" value="status=enabled"/>
<entry key="encrypted" value="accesstoken,refresh_token,oauth_token_info,client_secret,private_key,private_key_password,clientCertificate,clientKeySpec,resourceOwnerPassword,custom_auth_token_info,customaccesstoken"/>
<entry key="fixedPlanMultivaluedAttribute" value="true"/>
<entry key="genericWebServiceBaseUrl" value="url"/>
<entry key="httpCookieSpecsStandard" value="true"/>
<entry key="isGetObjectRequiredForPTA">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="lastAggregationDate_account" value="2025-01-14T05:41:28Z"/>
<entry key="lastAggregationDate_group" value="2024-11-29T09:21:35Z"/>
<entry key="nativeChangeDetectionAttributeScope" value="entitlements"/>
<entry key="nativeChangeDetectionAttributes"/>
<entry key="nativeChangeDetectionEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="nativeChangeDetectionOperations"/>
<entry key="oAuthJwtHeader">
<value>
<Map>
<entry key="alg" value="RS256"/>
</Map>
</value>
</entry>
<entry key="oAuthJwtPayload">
<value>
<Map>
<entry key="aud"/>
<entry key="exp" value="15f"/>
<entry key="iss"/>
<entry key="sub"/>
</Map>
</value>
</entry>
<entry key="private_key_to_update"/>
<entry key="saml_assertion_url"/>
<entry key="saml_request_body"/>
<entry key="sysDescriptions">
<value>
<Map>
<entry key="en_GB"/>
<entry key="en_US"/>
</Map>
</value>
</entry>
<entry key="templateApplication" value="Web Services"/>
<entry key="throwProvAfterRuleException">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="throwProvBeforeRuleException">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="timeoutInSeconds"/>
<entry key="version" value="v2"/>
</Map>
</Attributes>
<Schemas>
<Schema created="1736832054502" displayAttribute="displayName" groupAttribute="" id="0af4056f946311b681946341f4e60047" identityAttribute="email" instanceAttribute="" nativeObjectType="email" objectType="account">
<AttributeDefinition name="accountType" type="string"/>
<AttributeDefinition name="displayName" type="string"/>
<AttributeDefinition name="email" type="string"/>
<AttributeDefinition name="firstName" type="string"/>
<AttributeDefinition name="id" type="string"/>
<AttributeDefinition name="lastName" type="string"/>
<AttributeDefinition name="status" type="string"/>
<AttributeDefinition name="upn" type="string"/>
<AttributeDefinition name="userPrincipalName" type="string"/>
<AttributeDefinition entitlement="true" multi="true" name="groupName" schemaObjectType="group" type="string"/>
</Schema>
<Schema created="1736832054502" descriptionAttribute="" displayAttribute="group" id="0af4056f946311b681946341f4e60046" identityAttribute="group" instanceAttribute="" nativeObjectType="group" objectType="group">
<AttributeDefinition entitlement="true" multi="true" name="group" type="string"/>
</Schema>
</Schemas>
<ApplicationScorecard created="1736832054503" id="0af4056f946311b681946341f4e70048"/>
</Application>
shijingg
January 14, 2025, 8:19am
9
Hi @Arpitha1 , after editing to use customaccesstoken as advised:
Only Test Connection operation works successfully
Account/Group Aggregation throws Error Code 400 and, in the logs, the customaccesstoken value is empty [highlighted in red box].
Adding Entitlement throws Error Code 400 and, in the logs, the customaccesstoken value is empty [highlighted in red box].
Arpitha1
January 14, 2025, 8:25am
10
Can you check Application xml now in debug, see customaccesstoken value has been stored or not.
shijingg
January 14, 2025, 8:27am
11
sorry how do I check if it has been stored?
Arpitha1
January 14, 2025, 8:32am
12
You can see customaccesstoken entry key in application xml at debug page.
So, by default whenever test connection happens, application stores this value and try to use same. If 401 error occurs, it tries to regenerate and store it again.
However I see error code 400, So, can you recheck your configuration once.
shijingg
January 14, 2025, 8:39am
13
Nope in the application xml I do not see any entry key for customaccesscode
Arpitha1
January 14, 2025, 8:59am
14
Error code 401 is for authentication failed, however since the error code is 400 you need to check your configuration. You can disable pagination and try once.
shijingg
January 14, 2025, 9:42am
15
Arpitha Halaguru Kunne Gowda:
So, by default whenever test connection happens, application stores this value and try to use same. If 401 error occurs, it tries to regenerate and store it again.
You mentioned regenerating and storing again. Is this process automatically done by SailPoint? Is there any settings I need to setup for this?
Arpitha1
January 14, 2025, 9:54am
16
Yes, for 401 it is handled automatically. You can customize it, for other error codes. You can refer this link
But since it is 400, I don’t think it is related to authentication issue.
You can try to re-create this issue in postman, in your header just pass Bearer and see what error code it returns.
shijingg
January 14, 2025, 10:03am
17
can I check if the order of the operations matter? Because I managed to do a test where I clicked test connection manually once (I kept the application open) and proceeded to run all other operations and managed to get all of them to work successfully.
However, if I do not run the test connection manually, I hit Error 400 again. Any chance I need to declare Custom Authentication multiple times?
Arpitha1
January 14, 2025, 10:26am
18
Ideally it wouldn’t be.
You can perform test connection once, save it and try some operations.
Later on, if it fails, try to add below entry in your endpoint (Eg: Add Entitlement) and try to perform the operation again.
<entry key="possibleHttpErrors">
<value>
<Map>
<entry key="errorCodes">
<value>
<List>
<Integer>400</Integer>
</List>
</value>
</entry>
</Map>
</value>
</entry>
shijingg
January 14, 2025, 12:54pm
19
I tried saving the application then executing now back to Error 401. Also tried adding possibleHttpErrors as advised, now constantly hitting Error 401. Am I placing the possibleHttpErrors codes in the right place?
<Map>
<entry key="afterRule"/>
<entry key="beforeRule" value="Bind Members to Group"/>
<entry key="body">
<value>
<Map>
<entry key="bodyFormData"/>
<entry key="bodyFormat" value="raw"/>
<entry key="jsonBody" value="{
"emails": [
"$plan.nativeIdentity$"
]
}"/>
</Map>
</value>
</entry>
<entry key="contextUrl" value="/namespace"/>
<entry key="curlCommand"/>
<entry key="curlEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="customAuthUrl"/>
<entry key="header">
<value>
<Map>
<entry key="Accept" value="application/json"/>
<entry key="Authorization" value="Bearer $application.customaccesstoken$"/>
<entry key="x-api-key" value="api key"/>
</Map>
</value>
</entry>
<entry key="httpMethodType" value="PUT"/>
<entry key="operationType" value="Add Entitlement"/>
<entry key="paginationSteps"/>
<entry key="pagingInitialOffset">
<value>
<Integer>0</Integer>
</value>
</entry>
<entry key="pagingSize">
<value>
<Integer>50</Integer>
</value>
</entry>
<entry key="parentEndpointName"/>
<entry key="possibleHttpErrors">
<value>
<Map>
<entry key="errorCodes">
<value>
<List>
<Integer>400</Integer>
<Integer>401</Integer>
</List>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="resMappingObj">
<value>
<Map>
<entry key="email" value="emails[*]"/>
<entry key="groups" value="groups[*]"/>
</Map>
</value>
</entry>
<entry key="responseCode">
<value>
<List>
<String>2**</String>
</List>
</value>
</entry>
<entry key="rootPath" value="$"/>
<entry key="sequenceNumberForEndpoint" value="3"/>
<entry key="uniqueNameForEndPoint"/>
<entry key="xpathNamespaces"/>
</Map>
shijingg
January 15, 2025, 4:21am
20
Hi Arpitha, keeping the application open after testing connection seem to persist the customaccesstoken. Any refresh happens in the background that causes it to not work the moment the application is saved? Or anything I can add for a retryable mechanism?
