SailPoint IIQ SIEM Plugin Rest API error

Hi Team,

Requesting your help for SIEM Plugin Rest API, we have installed the plugin and tried to trigger the API with user ‘siemservice’/‘spadmin’ with required Capabilities as per the SIEM plugin documentation.

While trying those APIs, it is showing CRSF token exception in System Logs.

Sharing the Curl and Logs for Postman and SailPoint IIQ logs for reference.

Curl:
curl --location 'http://localhost:8080/dentityiq/plugin/rest/SIEMPlugin/applications' \
--header 'Authorization: ••••••'
SailPoint IIQ error Log:
javax.servlet.ServletException: sailpoint.server.CsrfValidationException: CSRF validation failed
  at sailpoint.web.SailPointContextRequestFilter.doFilter(SailPointContextRequestFilter.java:85)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at sailpoint.web.SailPointPollingRequestFilter.doFilter(SailPointPollingRequestFilter.java:151)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at sailpoint.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:63)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
  at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
  at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:670)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
  at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390)
  at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
  at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:928)
  at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1794)
  at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
  at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
  at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
  at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
  at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: sailpoint.server.CsrfValidationException: CSRF validation failed
  at sailpoint.server.CsrfService.validate(CsrfService.java:79)
  at sailpoint.rest.RestCsrfValidationFilter.validateCsrfToken(RestCsrfValidationFilter.java:86)
  at sailpoint.rest.RestCsrfValidationFilter.doFilter(RestCsrfValidationFilter.java:68)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at sailpoint.rest.AuthenticationFilter.doFilter(AuthenticationFilter.java:109)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at sailpoint.web.SailPointContextRequestFilter.doFilter(SailPointContextRequestFilter.java:68)
  ... 29 more
Caused by: sailpoint.server.CsrfValidationException: CSRF validation failed
  at sailpoint.server.CsrfService.validate(CsrfService.java:79)
  at sailpoint.rest.RestCsrfValidationFilter.validateCsrfToken(RestCsrfValidationFilter.java:86)
  at sailpoint.rest.RestCsrfValidationFilter.doFilter(RestCsrfValidationFilter.java:68)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at sailpoint.rest.AuthenticationFilter.doFilter(AuthenticationFilter.java:109)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at sailpoint.web.SailPointContextRequestFilter.doFilter(SailPointContextRequestFilter.java:68)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at sailpoint.web.SailPointPollingRequestFilter.doFilter(SailPointPollingRequestFilter.java:151)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at sailpoint.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:63)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
  at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
  at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:670)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
  at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390)
  at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
  at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:928)
  at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1794)
  at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
  at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
  at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
  at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
  at java.base/java.lang.Thread.run(Thread.java:834)

Postman Error Message

We are using following Software and Plugin for this scenario.

  1. SailPoint IdentityIQ 8.4
  2. MySQL 8
  3. Apache Tomcat 9.0.83
  4. SIEM Plugin 2.1.4

Thanks
Venkata Ravinutala

You are missing the “i” in identityiq in your URL. CSRF errors are prevalent with plugins and can be ignored.

Got it thanks @phodgdon, Thanks for the response.

That is my bad. Thanks for the help