I’m trying to connect to a REST API endpoint to aggregate account data. This REST API has a non-default (custom) way of authenticating. First I have to create a call to a login endpoint which returns 2 cookies (with token details). The 2 cookies are received in the header of the response as 2 ‘Set-Cookie’ key-value pairs.
Then sequentially a second request - with the cookies included in the request header - has to be made to retrieve actual account data.
I’ve used the following code in a WebServicesAfterOperationRule to retrieve the Set-Cookie from the header of the response.
After logging the contents of the response header I found out that the problem is that the response header only contains the last ‘Set-Cookie’. The first ‘Set-Cookie’ was removed and thus I’m unable to retrieve this cookie.
Using Postman and curl I verified that the 2 Set-Cookie headers are actually send when performing the same GET request. Also changing the request to a curl request in the configuration of the webservices source does not change the response headers. What could be a possible solution to this problem?
In the before operation rule you can make a call out to your login endpoint using the executePost or executeGet from the available WebServicesClient. Then pull the cookies from the response and add them to the headers of the requestEndPoint to call out to your account aggregation endpoint with the proper authentication headers set.
See below as an example:
import java.util.*;
import org.json.*;
import connector.common.JsonUtil;
import sailpoint.connector.webservices.WebServicesClient;
import sailpoint.connector.webservices.EndPoint;
try {
WebServicesClient client = new WebServicesClient();
String url = "LOGIN_URL";
Map args = new HashMap();
args.put(WebServicesClient.ARG_URL, url);
client.configure(args);
Map header = new HashMap();
header.put("Content-Type","application/json");
List<String> allowedStatuses = new ArrayList();
allowedStatuses.add("2**");
Map payload = new HashMap();
payload.put("jsonBody","{"username":"$application.username$","password":"$application.password$"}");
String response = client.executePost(url, payload, header, allowedStatuses);
// if response contains token it can be updated in the requestEndpoint header or body
// the requestEndpoint will be used for execution of the particular operation configured
log.info("response: " + response);
//Fetch the session token from the response json
JSONObject jsonResponse = new JSONObject(response);
String session = jsonResponse.getString("session");
log.info("WSBeforeAggregation session token : " + session);
// Information can be fetched from requestEndpoint and updated in the header and body
//Add to the requestEndPoint for usage in the Aggregation Rule
requestEndPoint.addHeader("X-Authorization", session);
} catch (Exception e) {
log.error(e.getMessage(), e);
}
Thanks for your answer. I tried this method also, unfortunately with no luck. The same problem occurred (duplicate Set-Cookies in the header are filtered out). I think the WebServicesClient.getReponseHeaders() filters out all duplicate key entries of the response header.
Looking at our internal docs it looks like there is a getCookies() method on WebServicesClient you can try that out to retrieve the cookies from your first call.
Outside of that could you modify the login call to return the cookies you require for authentication as two separate keys?
Thanks very much! With the getCookies() on a WebServicesClient method in a WebServicesBeforeOperationRule was able to retrieve all cookies and solve the issue I had.
I converted the cookies to string and with a regex retrieved the sessionkey. This sessionkey I then added to the header of the requestEndPoint (for the second request).