Exterro application onboarding - Account aggregation

Hi All,

We are working on Exterro application onboarding. We do see test connection is successful but account aggregation failing with below error. In postman we are generating access token which expires in X minutes, and we are passing that token in Headers to hit any API call. Appreciate how we can achieve this in SailPoint

java.lang.RuntimeException - java.lang.IllegalStateException: [ConnectorError] HttpClientWrapper.ts Response status :401 doesn’t match to allowed success codes : 200,2**,2**,2** response : “Another Session Exist” (requestId: f0c4c676e4db4ea9a038098682e5faf9) - java.lang.RuntimeException: java.lang.IllegalStateException: [ConnectorError] HttpClientWrapper.ts Response status :401 doesn’t match to allowed success codes : 200,2**,2**,2** response : “Another Session Exist” (requestId: f0c4c676e4db4ea9a038098682e5faf9) at com.sailpoint.mantis.qpoc.message.AccountAggregation.iterateResourceObjects_aroundBody6(AccountAggregation.java:660)

When you are able to do a successful test connection are you sure you are passing the required access token that is generated to this operation. Can you also validate if you are passing the required headers with access token to other operation.
Can you share the json of test connection, account aggregation, custom authentication (if you are using this) to check and suggest you better.
Also seeing the error it looks like the credentials can be used at a time at one place and it says you are using the same details at multiple sessions. Try to use it at one place starting from generating the token to completing other operations and see if that works.

@udayputta for test connection we are not passing the access token, we are just passing client ID and Secret in body. Actually, the access token expires every 30 min so new token to be generated. So, any way how we can create new token from SailPoint so that we can use it for other operations like Account aggregation?

Hello,

So, you need to integrate this application which you are trying to connect using POSTMAN using “Webservice Connector”.

Now, inside the webservice connector type application, in HTTP operations page, you have to create 2 operations,

  1. Custom Authentication
  2. Account Aggregation.

In the “Custom Authentication” method, you have to pass the details as below.

In the Body section, lets say you are creating the access token using client id and client secret, then, provide all the parameters as provided by you when you successfully connected to the respective application using POSTMAN. Example as below.

Then, capture the access token in the responses as shown below.

Once custom authentication HTTP method is configured successfully, then, in the account aggregation method, perform the following configurations. Pass the authorization token in headers as shown below.

(You need to pass the access token variable which you returned in the response section of “Custom Authentication” method)

Also, make sure that in the connection settings, you are selecting authentication type as “Custom Authentication” only for which you created the HTTP Operation named as “Custom Authentication”. Refer the below screenshot for your reference.

h

In this way, whenever the aggregation will be performed, the SailPoint ISC will call the “Custom Authentication” method only which will eventually create the “access token” using your client credentials as provided by you in body of “Custom Authentication” method.

Try the above approach and let us know.

Thank You,

Regards,
Rohit

2 Likes

You should not be using client id and secrent directly in test connection operation. As Rohit mentioned you need to configure the custom authentication operation or you can use OAuth 2.0 and generate the access token. You can use that access token in other operations. When the token expires SailPoint will generate a new access token and use it.

Thanks @rohit_wekhande! This helps a lot and its clear. Will try this

1 Like

Thanks @udayputta for your inputs. Appreciate your response

No problem.I hope you will be able to complete your use case now.

@rohit_wekhande @udayputta Account aggregation is failing with below error. Could you please help?

java.lang.RuntimeException - java.lang.IllegalStateException: [ConnectorError] HttpClientWrapper.ts Response status :400 doesn’t match to allowed success codes : 2**,2**,2**




Ouput data
{
“BMEDGEUSER_LIST”: [
{
“USER_STATUS”: “true”,
“USER_LOCKED”: “false”,
“ASSOCIATED_TEAM_COUNT”: “1”,
“COMPANY_CONTACT”: {
“CREATED_BY”: “Svc_xxxxx_Admin IAM”,
“LAST_UPDATED_BY”: “Svc_xxxxx_Admin_Admin IAM”,
“USER_EMAIL_ADDRESS”: “xxxxxx”,
“COMPANY_CONTACT_FIRST_NAME”: “Vijay”,
“COMPANY_CONTACT_LAST_NAME”: “xxxxx”,
“COMPANY_CONTACT_JOB_TITLE”: “xxxxx”,
“ID”: “55”,
“COMPANY_ADDRESS”: {
“ID”: “2”,
“NAME”: “xxxx”,
“LOCATION”: “xxxx”,
“FULL_ADDRESS”: “xxxx”
},
“COMPANY_CONTACT_FULL_NAME”: “”,
“USER_FAX_NUMBER”: “”
},
“GUID”: “xxxxx”,
“CREATED_ON”: “2024-09-15T23:11:42-0400”,
“LAST_UPDATED_ON”: “2024-09-15T23:11:42-0400”,
“USER_TIME_ZONE”: “xxxxx”,
“USER_NAME”: “xxxxx”,
“BMEDGE_ID”: “55”,
“COMPANY”: {
“LAST_UPDATED_BY”: “cawatkins”,
“INACTIVE_USER_COUNT”: “0”,
“IS_INTERNAL”: “true”,
“COMPANY_TYPE”: {},
“CREATED_DATE”: “2022-12-07T01:19:12-0500”,
“CREATED_BY_UID”: “System”,
“COMPANY_STATUS”: “true”,
“COMPANY_DESCRIPTION”: “Default company”,
“LAST_UPDATED_DATE”: “2023-02-09T03:28:08-0500”,
“ACTIVE_USER_COUNT”: “0”,
“COMPANY_NAME”: “xxxxx”,
“COMPANY_URL”: “xxxxxx”,
“ID”: “1”,
“ALL_USER_COUNT”: “0”,
“LISCENSED_COMPANY”: “true”
},
}

Account Schema

What is the success code that you are getting when you run this call in postman. Can you paste the screenshot from there. Also in your Response Information Root Path should be $.BMEDGEUSER_LIST[*]. Can you change this and try again.
In your general information page I see you have Requst Type field. I do not see this feild. Is this Webservice connector or a different type of web service connector?

@udayputta,
Success code is 200. I have changed the root path and tried it but still its failing.

FYI
It’s a web service Saas connector. I have tried with Web service connector as well, still no luck. I enabled debug logging for web services there I cansee its calling Account aggregation operation first which is failing and then its calling custom authentication (It was able to generate the access token successfully). In the subsequent message I can see the “No paging steps defined for endpoint ‘‘Custom Authentication’’, terminating”

Oh okay. You need to make custom authentication step as first operation. also validate
“sequenceNumberForEndpoint”: “1”, variable by pulling the source from postman

I confirm custom authentication is the first operation. Not sure where it is failing. Any idea what this is " “No paging steps defined for endpoint ‘‘Custom Authentication’’, terminating”"

Not sure about this error. After the change do you still see Account aggregation operation running first. Paging is usually required for account aggregation not for custom auth. May be the error is coming from account aggregation. Can you place the json of poth custom auth and account aggregation.

@udayputta
JSON.txt (4.1 KB)

Here is the data in txt file

In your account aggregation I hope this is correct
“Fusion-Auth”: “$application.accesstoken$”
Can you validate if you have to append Bearer

Your “rootPath”: “$.BMEDGEUSER_LIST.[*]”, is still has period before [. you can validate which would be suitable by using this tool. Copy the response which you have got from the postman and calculate the JSONPath.

Finally if this still giving an error try to fetch a single account by updating your context URL. and also attach a before operation rule and print endpoint to check if you are seeing the access token generate by custom authentication.

Thanks @udayputta . I have validated the JSON root path using the tool. It should be $.BMEDGEUSER_LIST.[*]. Let me try to aggregate single account and try