I’m trying to test connection, aggregation to splunk application using webservices connector. I’m using the below postman api call to get token and to access endpoints.
I’m using custom authentication in identitynow where i entered my base URL, username, password and API token.
In HTTP Operation, i added test connection to one of the endpoints. test connection is success. But i’m pasting API token directly in the inow config page. what i’m looking is to configure API call to get access token from Sailpoint and to use that API token for the other endpoint requests.
below is the Postman call i use for generating API token.
Hello! If I understand your request correctly, you are looking for a way to retrieve the token before each operation is called and use that token to authenticate to the endpoint that the webservice connector is for.
If that is the case, you can use the before provisioning rule below to get you started. You will need to add this rule as a beforeProvisioningRule to any operation that needs the authentication.
The first part of the rule gets the username and password. This will be the username and password configured in the custom authentication section of the UI.
The next part creates a Webservice client to call out to your auth url to retrieve the api token. It looks like from your postman request that it needs the username/password in a form-urlencoded format.
The last part of the script converts the response received from the auth url and pulls out the token. This script assumes that the token is stored under a key token in the response object.
We then add the api token to the header of the requestEndPoint object as Authorization for the next call to access the endpoint for account aggregation, entitlement aggregation etc…
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule name="AggregationBeforeOperationRule" type="WebServiceBeforeOperationRule">
<Description>Before operation rule to retrieve token.</Description>
<Source><![CDATA[
import java.util.*;
import org.json.*;
import connector.common.JsonUtil;
import sailpoint.connector.webservices.WebServicesClient;
import sailpoint.connector.webservices.EndPoint;
try {
String username = (String) application.getAttributeValue("username");
String password = (String) application.getAttributeValue("password");
WebServicesClient client = new WebServicesClient();
String url = "https://{{lab_server}}:{{port}}/services/auth/login";
Map args = new HashMap();
args.put(WebServicesClient.ARG_URL, url);
client.configure(args);
//Configure the header
Map header = new HashMap();
header.put("Content-Type","application/x-www-form-urlencoded");
List<String> allowedStatuses = new ArrayList();
allowedStatuses.add("2**");
Map payload = new HashMap();
payload.put("username", username);
payload.put("password", password);
String response = client.executePost(url, payload, header, allowedStatuses);
// if response contains token it can be updated in the requestEndpoint header or body
// the requestEndpoint will be used for execution of the particular operation configured
log.info("response: " + response);
//Fetch the session token from the response json
JSONObject jsonResponse = new JSONObject(response);
String apiToken = jsonResponse.getString(\"token\");
log.info(\" API token : \" + apiToken);
// Information can be fetched from requestEndpoint and updated in the header and body
//Add to the requestEndPoint to Authenicate to the endpoint
requestEndPoint.addHeader(\"Authorization\", apiToken);
} catch (Exception e) {
log.error(e.getMessage(), e);
}
]]></Source>
</Rule>
You should be able to do this with Custom Authentication, without the need for a beforeOperationRule.
In Custom Authentication, add a response mapping for the Token/SessionKey/etc. Name the Schema Attribute: accesstoken_CA. The Attribute Path would be equal to the JSON key for the Token/SessionKey/etc.
After you have saved that, go into your test connection, or other operation, and add a new header. Key should be the same as the Attribute Path from the previous step. Value would be equal to $application.accesstoken_CA$.
