Web Service HTTP operations and custom authentication

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

Hi everyone,

We have received below requirement for Mend application and trying to integrate as web service with custom authentication. I am able to call below
API calls in Postman.

  1. We are using Getting Started with Mend SCA API 2.0
    API documentation

  2. First we call “https://test.com/api/v2.0/login” to get JWT token which is valid for 30 minutes and orgToken

  3. Secondly we call “https://test.com/api/v2.0/orgs/{orgToken}/users/self” returns information about the currently logged-in user,
    including group membership and roles as we need to pass “orgToken” as Path Variables in Postman API call

Does anyone knows how to pass above Path Variable “orgToken” value received from step 1 to call the in the above 2 step in IDN Web Services test connection/ account aggregations HTTP operation?

2

You need to follow this guide:

In short summary;

  • Set up your source to do ‘custom authentication’
  • Create an operation for ‘custom authentication’
    – In the response mapping, ensure you capture the JWT token in an attribute you chose yourself, e.g. ‘jwt_token’
  • In your other operation the url will be https://test.com/api/v2.0/orgs/$application.jwt_token$/users/self

Ensure that you set your ‘custom attribute’ to be encrypted (from the doc):

For example, if the attribute updated is a password then it must be added to the header as follows:

Before updating the encrypted list:

{“encrypted”:“accesstoken,password,refresh_token,oauth_token_info,client_secret,private_key,private_key_password,clientCertificate,clientKeySpec,resourceOwnerPassword,custom_auth_token_info”}

After updating the encrypted list:

{“encrypted”:“accesstoken,password,refresh_token,oauth_token_info,client_secret,private_key,private_key_password,clientCertificate,clientKeySpec,resourceOwnerPassword,custom_auth_token_info,password_CA”}

I hope this helps.

3

Hi @sauvee thank you for input. I am trying to call API as below but not working.

4

When performing the operation, do you actually see the custom attribute populated under the source when exporting using the ISC API? It should appear under the connectorAttributes section.

5

Its should be $application.token$. Hope you have mapped “token“as schema attribute in your first API call. Make sure first HTTP operation should be “custom authentication” type and same is configured in connection settings page.

image
image1797×391 28.4 KB

image
image886×424 15.6 KB

image
image1302×531 18.4 KB

image
image1311×490 16.4 KB

6

Hi @JackSparrow I already configured the above steps but here during the first API call we get ““orgToken”” which we need to pass here “https://test.com/api/v2.0/orgs/{orgToken}/users/self”.

The above “orgToken“ is a Path Variables in Postman API call and how to call this “orgToken“ a Path Variables which we get from first API call ?

Thanks

7

My bad. I think you have already tried calling https://test.com/api/v2.0/orgs/$application.orgToken$/users/self which is correct. Is it possible to post the exact URL from postman? Try checking ccg logs by enabling debug log levels and see if above URL is able to reference the token.

8

Hi ,

  1. First API call to get jwt token valid for 30 minutes and orgToken.

image
image975×329 21.2 KB

  1. Second API call to for test connection by passing jwttoken as Authorization and orgToken as Path Variables

image
image975×579 92.9 KB

  1. Third API call for account aggregation by passing jwttoken as Authorization and orgToken as Path Variables and page details as Query Params

image
image975×579 118 KB

Thanks

kalyan

9

This should work if the response mapping is correct and “custom authentication” is able to generate the token. So, what is the error you are getting. Is it 401?

10

Hi,

Please refer to the below screenshots configured in ISC and getting HTTP Error Code: 401 Message: 401 : Unauthorized error

  1. First we call “https://test.com/api/v2.0/login” to get JWT token which is valid for 30 minutes and orgToken

  2. Secondly we call “https://test.com/api/v2.0/orgs/{orgToken}/users/self” returns information about the currently logged-in user,
    including group membership and roles as we need to pass “orgToken” as Path Variables in Postman API call

image
image975×597 69.9 KB

image
image975×592 48.1 KB

image
image975×580 57.2 KB

image
image975×525 44.6 KB

Thanks

Kalyan

11

Try removing context URL from Custom Authentication. Only Authentication URL is required. Also, is it possible to post the response of /login URL by making the token info here?

12

Hi,

Below is the response from Postman URL for login and we need to call this login URL each and every time for JWT token.

{
“additionalData”: {},
“supportToken”: “203c0713dfbd844d6825ba213468a2578654204675364”,
“retVal”: {
“correlationId”: “1fc8fe2713b2c48a456789klfb36a0c6”,
“userUuid”: “1e397cb3-44b9-44b5-9c1b-1245aa72a25d8”,
“userName”: “test-access-mgmt-sa”,
“email”: “test-access-mgmt-sa@test.com”,
“refreshToken”: “eyJhhFdiOiwelcomeiJ9.testdWIiOiJzYWlscG9pbnQtYWNjZXNzLW1nbXQtc2EiLCJlbWFpbCI6InNhaWxwb2ludC1hY2Nlc3MtbWdtdC1zYUBmNS5jb20iLCJ1dWlkIjoiMWUzOTdjYjMtNDRiOS00NGI1LTljMWItOTAzYWE3MmEyNWQ4Iiwib3JnTmFtZSI6IkY1IE5ldHdvcmtzIiwib3JnVXVpZCI6ImJhZTk4NTg1LTRhZWQtNGEwNy05NDA1LWEyY2U3N2ZmYWRhMiIsImRvbWFpbk5hbWUiOiJGNSBOZXR3b3JrcyIsImRvbWFpblV1aWQiOiJiYWU5ODU4NS00YWVkLTRhMDctOTQwNS1hMmNlNzdmZmFkYTIiLCJhY2NvdW50TmFtZSI6Imdsb2JhbF9mNSIsImFjY291bnRVdWlkIjoiMGUzYTA2NzAtMjY1MS00ZDAyLWJjMzktODg0ZDQwOWMwODc4IiwidGllciI6ImRlZmF1bHQiLCJzZXNzaW9uU3RhcnRUaW1lIjoxNzYxMDQxMzE0NTU3LCJjb3JyZWxhdGlvbklkIjoiMWZjOGZlMjcxM2IyYzQ4YTRiZGYxNTQ4OWZiMzZhMGM2IiwiaWF0IjoxNzYxMDQxMzE0LCJleHAiOjE3NjExMjc3MTR9.aiHy_tLrk4t49k2DS1GHiEGiJuS2RN7jP1rLtNRujguqpWrkt4cU7SLm8mwfDfc1wUK2jV8YNAZnRj1i1aDb6A”,
“jwtToken”: “eyJhwelcomeciOiJSUzI1NiJ9.eyabcdDIiOiJzYtestG9pbnQtYWNjZXNzLW1nbXQtc2EiLCJlbWFpbCI6InNhaWxwb2ludC1hY2Nlc3MtbWdtdC1zYUBmNS5jb20iLCJ1dWlkIjoiMWUzOTdjYjMtNDRiOS00NGI1LTljMWItOTAzYWE3MmEyNWQ4Iiwib3JnTmFtZSI6IkY1IE5ldHdvcmtzIiwib3JnVXVpZCI6ImJhZTk4NTg1LTRhZWQtNGEwNy05NDA1LWEyY2U3N2ZmYWRhMiIsImRvbWFpbk5hbWUiOiJGNSBOZXR3b3JrcyIsImRvbWFpblV1aWQiOiJiYWU5ODU4NS00YWVkLTRhMDctOTQwNS1hMmNlNzdmZmFkYTIiLCJhY2NvdW50TmFtZSI6Imdsb2JhbF9mNSIsImFjY291bnRVdWlkIjoiMGUzYTA2NzAtMjY1MS00ZDAyLWJjMzktODg0ZDQwOWMwODc4IiwidGllciI6ImRlZmF1bHQiLCJzZXNzaW9uU3RhcnRUaW1lIjoxNzYxMDQxMzE0NTU3LCJjb3JyZWxhdGlvbklkIjoiMWZjOGZlMjcxM2IyYzQ4YTRiZGYxNTQ4OWZiMzZhMGM2IiwiaWF0IjoxNzYxMDQxMzE0LCJleHAiOjE3NjEwNDE5MTR9.UpulACMpH9uFO3694tiUFeLx_Bbm9fG8UNZ1ra08lfcxt7pDOQx7XoZaUwyrl24BC7MXfCcoQ-CKkliMDxtPaLPHaQaECQH5XEGPwchKbthtrcxYhRwF4mDe8RIE1bplfu8hbzmTk_-bR4l5Nk_ie57DYH0dm9B7Ozrq8OnN6vxrl60HZyv1FvKIdbdeqeRBFVfRWVsC7I7nV8RDgiTEgVRWo1VMznEWWbPQEkA1ehwyaZO3Tk3KXabwKFJN0UF2_7dlbrTdAm1c-uBlRuvvGiyy_-YpSvbBW4txDpvLoio3ARdlaLNnhDAUO55pS8pept7MpDmUZ4flWMqvoj_HzslK7WrtjxIZoTsJj9GZzDbkEWhrVhNpBSRT7XmytRaKlAm739Zl_ODv7jYGuMyxWciDSNFhcza2-ZQvSBNw_gPFHmYDD0_io-obNYKf1UdQZPYNBFpopMnzLI-3DhnjtestrzrYrZxv2DTlqTv88IQxE72Q9cqriRBk1wNjqyBtQ7jQShCPOBeoUSZxRl4iRzW6FLpKIUys8UUML1usg5wsVMvN-GOfCGDtEBeTRiRc1JfrVOpgzjuZpXz8cdFRmZbQxSmoxH4-8XB7tGSq_Lew42sAS2Qex2n87nHOUyIhZwaQaOFTDz8Id0S5w6fNLIqT3cL6C-sX8puubzqZiQ0MY”,
“orgName”: “Test”,
“orgUuid”: “bae923457-4aed-4a07-9405-a2ce77ffada2”,
“domainName”: “Test”,
“domainUuid”: “bae9765432-4aed-4a07-1234-a2ce675ffada2”,
“accountName”: “global_test”,
“accountUuid”: “0e3a0670-2651-2aced02-4567-884d409c0878”,
“tier”: “default”,
“jwtTTL”: 600000,
“sessionStartTime”: 1761041314557
}
}

Thanks

1 Like
13

Hi @kalyannambi2010 ,

In the response I don’t see orgToken and access_token, instead it is refreshToken and jwtToken. So in the response mapping tab, please change attribute path as refreshToken and jwtToken.

14

Hi Theja, I have changed as below bit getting same error Error Received:
Exception occurred in Test Connection.Url: https://test.com/api/v2.0/orgs//users/self, Message: 401 : Unauthorized : {“timestamp”:“2025-10-21T14:45:28Z”,“status”:401,“error”:“Unauthorized”,“message”:“”,“path”:“/api/v2.0/orgs/users/self”}, HTTP Error Code: 401

image
image690×327 13.5 KB

Thanks

15

Hope the root path in response information tab is $.retVal

16

I was also getting a 401 and found out it wasn’t authenticatuing using the username and password from the connection settings when using $authenticate.username$ and $authenticate.password$. I had to use $application.username$ and $application.password$.

18

Hi Theja, it is working with $.retVal for test connection and now working on account and entitlement aggregations for the same.

Thanks

1 Like
19

That should work for account and entitlement aggregation as well

20

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.