ISC Web Services Connector – Custom Authentication Endpoint Returns Raw Token (No JSON) – Need Supported Pattern

=========================

Background / Context

We are integrating SailPoint Identity Security Cloud (ISC) with a third-party REST API using the Web Services connector.
Authentication is performed via a Custom Authentication (POST) operation that returns an access token.
The authentication call succeeds and returns HTTP 200.

=========================
Problem Statement

The authentication endpoint returns the access token as a plain-text response body (raw JWT string) rather than a JSON object.

Example response: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9…

ISC Web Services Response Mapping requires a JSON response so that a schema attribute can be extracted using JSONPath. Because the response is raw text, there is no supported way to map the token into a schema attribute for reuse in downstream API calls.

=========================
What We Have Validated

-The API call works successfully in Postman using the same request body and headers

-ISC Custom Authentication configuration is correct:

–HTTP Method: POST

–Content-Type: application/json

–Success Codes: 2**

-Response Information Root Path ($.) only works for JSON payloads

-Response Mapping requires Schema Attribute + Attribute Path, which cannot be defined for a raw string

-XPath Namespace Mapping is not applicable (response is not XML)

-There is no supported response transformation or scripting hook in ISC AuthN operations to convert raw text → JSON

At this point, this appears to be a connector capability limitation, not a configuration issue.

=========================
Request / Ask for Sailors

1. I am requesting guidance and confirmation on the supported pattern for this scenario:

-. Is returning a JSON object (e.g. { “accessToken”: “” }) the required / recommended approach for ISC Web Services authentication?

-. Is there any supported ISC-native mechanism to extract or wrap a raw-text Access Token as the authentication response?

If not, can you confirm that the upstream API must be modified to return JSON for compatibility with ISC?

Hi @aomololu

I ran into that same issue integrating IdentityIQ with TeamDynamix.

The solution I ended up on is to implement a proxy resource that wraps the returned token in json.

In total, I proxied 6 endpoints to make them tractable.

Let me know if you want more information.

You just need to implement a web services after operation rule to parse the raw response into a processed response object which will allow you to get the value via the normal response mapping. Here is an example snippet I used in a similar scenario for an account creation response.

    /*
     * During the account creation, the response is just the account ID in plain text,
     * so we must process it into a proper response map
    */
    if (Util.isNotNullOrEmpty(rawResponseObject)) {
      Map accountMap = new HashMap();
      logger.debug("rawResponseObject for UserID: " + rawResponseObject);
      
      //The raw ID returned will be surronded be quotes, we need to remove them
      rawResponseObject = rawResponseObject.replaceAll("\"", "");
      
      accountMap.put("UserID", rawResponseObject);
      newResponseList.add(accountMap);
    }

Does the WebServices connector for ISC allow for an after-operation rule on the custom auth endpoint?

IIQ does not.