Webservice SaaS - Having trouble pulling Access Token to test connection

mgrant · April 15, 2025, 1:02am

Hi Team,

I am having some issues with a Webservices SaaS connector. I am unable to render a successful connection. The Access token part is failing. It seems to be working fine withy the VA connector but the SaaS connector is not liking the config. I have seen a few posts regarding SaaS connectors not supporting certain ops. Has anyone been able to get one working properly?

See below

{
    "description": "PrecisionLender",
    "owner": {
        "type": "IDENTITY",
        "id": "REDACTED",
        "name": "REDACTED"
    },
    "cluster": {
        "type": "CLUSTER",
        "id": "REDACTED",
        "name": "REDACTED"
    },
    "accountCorrelationConfig": null,
    "accountCorrelationRule": null,
    "managerCorrelationMapping": null,
    "managerCorrelationRule": null,
    "beforeProvisioningRule": null,
    "schemas": [
        {
            "type": "CONNECTOR_SCHEMA",
            "id": "REDACTED",
            "name": "account"
        },
        {
            "type": "CONNECTOR_SCHEMA",
            "id": "REDACTED",
            "name": "group"
        }
    ],
    "passwordPolicies": null,
    "features": [
        "UNLOCK",
        "PROVISIONING",
        "AUTHENTICATE",
        "PASSWORD",
        "ENABLE"
    ],
    "type": "REDACTED",
    "connector": "web-services-saas",
    "connectorClass": "",
    "connectorAttributes": {
        "healthCheckTimeout": 90,
        "idnProxyType": "sp-connect",
        "clientCertificate": null,
        "deltaAggregationEnabled": false,
        "accesstoken": null,
        "connectionType": "direct",
        "client_id": "REDACTED",
        "spConnectorInstanceId": "REDACTED",
        "password": null,
        "client_secret": "REDACTED",
        "clientKeySpec": null,
        "saml_headers_to_exclude": null,
        "saml_headers": null,
        "private_key": null,
        "slpt-source-diagnostics": "{\"connector\":\"web-services-saas\",\"status\":\"SOURCE_STATE_ERROR_SOURCE\",\"healthy\":false,\"healthcheckDisabled\":true,\"healthcheckCount\":103,\"lastHealthcheck\":1744678510475,\"statusChanged\":1744389960195}",
        "formPath": null,
        "refresh_token": null,
        "cloudCacheUpdate": 1744678481312,
        "saml_request_body": null,
        "privateKeyPassword": null,
        "authenticationMethod": "OAuth2Login",
        "connectorName": "Web Services SaaS",
        "enableStatus": null,
        "since": "2025-04-11T16:46:00.195Z",
        "status": "SOURCE_STATE_ERROR_SOURCE",
        "spConnectorSupportsCustomSchemas": true,
        "supportsDeltaAgg": true,
        "oAuthJwtHeader": null,
        "genericWebServiceBaseUrl": "https://xys/v2",
        "connectionParameters": [
            {
                "httpMethodType": "POST",
                "pagingInitialOffset": 0,
                "requestType": "API",
                "sequenceNumberForEndpoint": "1",
                "uniqueNameForEndPoint": "Authentication - Get Token",
                "curlCommand": "curl --request POST \\\n  --url https://xys/auth/token \\\n  --header 'Accept: application/json' \\\n  --header 'Authorization: Basic Og==' \\\n  --header 'Content-Type: application/json' \\\n  --header 'clientId: REDACTED' \\\n  --header 'password: REDACTED' \\\n  --header 'username: REDACTED'",
                "rootPath": null,
                "body": {
                    "bodyFormData": {
                        "password": "REDACTED",
                        "SECRET": "REDACTED"
                    },
                    "jsonBody": null,
                    "bodyFormat": "formData"
                },
                "customAuthUrl": "https://xys/auth/token",
                "graphqlVariables": null,
                "paginationSteps": null,
                "responseCode": null,
                "resMappingObj": {
                    "accessToken": null
                },
                "contextUrl": null,
                "pagingSize": 50,
                "graphqlQuery": null,
                "header": {
                    "Authorization": " Bearer $application.access_token$",
                    "Content-Type": "application/json"
                },
                "operationType": "Custom Authentication",
                "xpathNamespaces": null,
                "parentEndpointName": null
            },
            {
                "httpMethodType": "GET",
                "pagingInitialOffset": 0,
                "requestType": "API",
                "sequenceNumberForEndpoint": "2",
                "uniqueNameForEndPoint": "Test Connection",
                "curlCommand": null,
                "rootPath": null,
                "body": {
                    "bodyFormData": null,
                    "jsonBody": null,
                    "bodyFormat": null
                },
                "customAuthUrl": null,
                "graphqlVariables": null,
                "paginationSteps": null,
                "responseCode": [
                    "2**"
                ],
                "resMappingObj": {
                    "officerCodes": "$.officerCodes",
                    "firstName": "$.firstName",
                    "isLockedOut": "$.isLockedOut",
                    "lastName": "$.lastName",
                    "securityProfile": "$.securityProfile",
                    "homeRegion": "$.homeRegion",
                    "isEnabled": "$.isEnabled",
                    "id": "$.id",
                    "email": "$.email",
                    "username": "$.username"
                },
                "contextUrl": "/users",
                "pagingSize": 50,
                "graphqlQuery": null,
                "header": {
                    "Authorization": "Bearer $application.accessToken$"
                },
                "operationType": "Test Connection",
                "xpathNamespaces": null,
                "parentEndpointName": null
            }
        ],
        "lockStatus": null,
        "oauth_request_parameters": {
            "scope": "precisionlender-client"
        },
        "grant_type": "CLIENT_CREDENTIALS",
        "deltaAggregation": {
            "std:entitlement:list": null,
            "std:account:list": null
        },
        "possibleHttpErrorMessages": {
            "errorMessages": null,
            "errorCodes": null
        },
        "connectionTimeout": "60",
        "token_url": "https://xys/auth/token",
        "oauth_body_attrs_to_exclude": null,
        "spConnectorSpecId": "REDACTED",
        "deleteThresholdPercentage": 10,
        "oauth_headers": {
            "alg": "RS256"
        },
        "privateKey": null,
        "templateApplication": "Web Services SaaS",
        "apiToken": null,
        "healthy": false,
        "private_key_password": null,
        "cloudDisplayName": "PrecisionLender -SaaS",
        "oAuthJwtPayload": null,
        "oauth_headers_to_exclude": null,
        "saml_assertion_url": null,
        "beforeProvisioningRule": null,
        "username": null
    },
    "deleteThreshold": 10,
    "authoritative": false,
    "healthy": false,
    "status": "SOURCE_STATE_ERROR_SOURCE",
    "since": "2025-04-11T16:46:00.195Z",
    "connectorId": "web-services-saas",
    "connectorName": "Web Services SaaS",
    "connectionType": "direct",
    "connectorImplementationId": "web-services-saas",
    "managementWorkgroup": null,
    "credentialProviderEnabled": false,
    "category": null,
    "accountsFile": null,
    "id": "REDACTED",
    "name": "PrecisionLender -SaaS",
    "created": "2025-04-11T16:41:22.652Z",
    "modified": "2025-04-15T00:55:10.495Z"
}

mpotti · April 15, 2025, 8:04pm

In this case if you think it is an issue with the token I would use postman to test out each of your api calls that you are trying to make. This will let you know if the token is configured correctly and if the api endpoints and payload are formatted correctly.

Then I would validate your API response mappings to ensure that the returned response is what you expect it to be.

Please let me know if this helps.

sunnyajmera · April 15, 2025, 8:46pm

I agree with Mark that you should test the connection with postman. Do you know if the app you are trying to integrate is not accessible outside VPN or network?

mgrant · April 15, 2025, 9:11pm

Thanks Mark and Sunny,

In postman - when the password is sent in the body it sends it as it should, the problem is the API needs it in the header.

In the SaaS doc it talks about using the Update Source API call to add a _CA suffix to the password field - not sure if that will work in ISC.

system · June 14, 2025, 9:11pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to generate Access Token ISC Discussion and Questions webservice-connector , identity-security-cloud	7	814	August 16, 2024
We have detected an error from the managed system. Error Received: [ConnectorError] Exception occurred while generating access token. when trying to connect web service saas to oracle ISC Discussion and Questions identity-security-cloud	15	608	December 20, 2024
WebService Connector - OAuth with Password grant type ISC Discussion and Questions webservice-connector , identity-security-cloud	2	232	August 10, 2024
Web Services SaaS Connector - Base Config and Test Connection ISC Discussion and Questions webservice-connector , identity-security-cloud	7	51	November 20, 2025
Webservice SAAS connector custom authentication ISC Discussion and Questions identity-security-cloud	5	103	January 20, 2025

Webservice SaaS - Having trouble pulling Access Token to test connection

Related topics