SailPoint IIQ SIEM Plugin Rest API error

Hi Team,

Requesting your help for SIEM Plugin Rest API, we have installed the plugin and tried to trigger the API with user ‘siemservice’/‘spadmin’ with required Capabilities as per the SIEM plugin documentation.

While trying those APIs, it is showing CRSF token exception in System Logs.

Sharing the Curl and Logs for Postman and SailPoint IIQ logs for reference.

Curl:
curl --location 'http://localhost:8080/dentityiq/plugin/rest/SIEMPlugin/applications' \
--header 'Authorization: ••••••'
SailPoint IIQ error Log:
javax.servlet.ServletException: sailpoint.server.CsrfValidationException: CSRF validation failed
  at sailpoint.web.SailPointContextRequestFilter.doFilter(SailPointContextRequestFilter.java:85)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at sailpoint.web.SailPointPollingRequestFilter.doFilter(SailPointPollingRequestFilter.java:151)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at sailpoint.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:63)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
  at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
  at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:670)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
  at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390)
  at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
  at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:928)
  at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1794)
  at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
  at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
  at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
  at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
  at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: sailpoint.server.CsrfValidationException: CSRF validation failed
  at sailpoint.server.CsrfService.validate(CsrfService.java:79)
  at sailpoint.rest.RestCsrfValidationFilter.validateCsrfToken(RestCsrfValidationFilter.java:86)
  at sailpoint.rest.RestCsrfValidationFilter.doFilter(RestCsrfValidationFilter.java:68)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at sailpoint.rest.AuthenticationFilter.doFilter(AuthenticationFilter.java:109)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at sailpoint.web.SailPointContextRequestFilter.doFilter(SailPointContextRequestFilter.java:68)
  ... 29 more
Caused by: sailpoint.server.CsrfValidationException: CSRF validation failed
  at sailpoint.server.CsrfService.validate(CsrfService.java:79)
  at sailpoint.rest.RestCsrfValidationFilter.validateCsrfToken(RestCsrfValidationFilter.java:86)
  at sailpoint.rest.RestCsrfValidationFilter.doFilter(RestCsrfValidationFilter.java:68)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at sailpoint.rest.AuthenticationFilter.doFilter(AuthenticationFilter.java:109)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at sailpoint.web.SailPointContextRequestFilter.doFilter(SailPointContextRequestFilter.java:68)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at sailpoint.web.SailPointPollingRequestFilter.doFilter(SailPointPollingRequestFilter.java:151)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at sailpoint.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:63)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
  at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
  at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:670)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
  at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390)
  at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
  at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:928)
  at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1794)
  at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
  at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
  at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
  at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
  at java.base/java.lang.Thread.run(Thread.java:834)

Postman Error Message

We are using following Software and Plugin for this scenario.

  1. SailPoint IdentityIQ 8.4
  2. MySQL 8
  3. Apache Tomcat 9.0.83
  4. SIEM Plugin 2.1.4

Thanks
Venkata Ravinutala