Highlighted
Super Contributor.
Super Contributor.
316 views

Invoke REST Endpoint in IDM 4.8 configuration

Has anyone had success using the Invoke REST Endpoint action to connect to Microsoft Graph API?  I configure it with the proper id's and credential and headers etc using OAuth2 and watching the java https trace, I can see it connect and actually receive the access_token back but the rest endpoint URL doesn't seem to be executed.

A bigger question I have is where is the resulting JSON data that is returned put?

This is the endpoint I use : https://graph.microsoft.com/beta/users  (Its a very small tenant)

Here is the error I receive:

Error in vnd.nds.stream://IDVAULT1-TST/configuration/DriverSet/Business+Processes/Publisher/Test+Pub+Policy#XmlData:10 : Couldnt invoke rest endpoint https://graph.microsoft.com/beta/users. Error message: java.lang.NullPointerException

This is the JAVA debugging showing the returned result from the authentication as well as the access_token.  

HTTPS Result JAVA DEBUG:::::

3092449024 DVRS: [2020/09/10 11:13:45.173] 0000: 48 54 54 50 2F 31 2E 31 20 32 30 30 20 4F 4B 0D HTTP/1.1 200 OK.
3092449024 DVRS: [2020/09/10 11:13:45.173] 0010: 0A 43 61 63 68 65 2D 43 6F 6E 74 72 6F 6C 3A 20 .Cache-Control:
3092449024 DVRS: [2020/09/10 11:13:45.173] 0020: 6E 6F 2D 73 74 6F 72 65 2C 20 6E 6F 2D 63 61 63 no-store, no-cac
3092449024 DVRS: [2020/09/10 11:13:45.173] 0030: 68 65 0D 0A 50 72 61 67 6D 61 3A 20 6E 6F 2D 63 he..Pragma: no-c
3092449024 DVRS: [2020/09/10 11:13:45.173] 0040: 61 63 68 65 0D 0A 43 6F 6E 74 65 6E 74 2D 54 79 ache..Content-Ty
3092449024 DVRS: [2020/09/10 11:13:45.173] 0050: 70 65 3A 20 61 70 70 6C 69 63 61 74 69 6F 6E 2F pe: application/
3092449024 DVRS: [2020/09/10 11:13:45.173] 0060: 6A 73 6F 6E 3B 20 63 68 61 72 73 65 74 3D 75 74 json; charset=ut
3092449024 DVRS: [2020/09/10 11:13:45.173] 0070: 66 2D 38 0D 0A 45 78 70 69 72 65 73 3A 20 2D 31 f-8..Expires: -1
3092449024 DVRS: [2020/09/10 11:13:45.173] 0080: 0D 0A 53 74 72 69 63 74 2D 54 72 61 6E 73 70 6F ..Strict-Transpo
3092449024 DVRS: [2020/09/10 11:13:45.173] 0090: 72 74 2D 53 65 63 75 72 69 74 79 3A 20 6D 61 78 rt-Security: max
3092449024 DVRS: [2020/09/10 11:13:45.173] 00A0: 2D 61 67 65 3D 33 31 35 33 36 30 30 30 3B 20 69 -age=31536000; i
3092449024 DVRS: [2020/09/10 11:13:45.173] 00B0: 6E 63 6C 75 64 65 53 75 62 44 6F 6D 61 69 6E 73 ncludeSubDomains
3092449024 DVRS: [2020/09/10 11:13:45.173] 00C0: 0D 0A 58 2D 43 6F 6E 74 65 6E 74 2D 54 79 70 65 ..X-Content-Type
3092449024 DVRS: [2020/09/10 11:13:45.173] 00D0: 2D 4F 70 74 69 6F 6E 73 3A 20 6E 6F 73 6E 69 66 -Options: nosnif
3092449024 DVRS: [2020/09/10 11:13:45.173] 00E0: 66 0D 0A 50 33 50 3A 20 43 50 3D 22 44 53 50 20 f..P3P: CP="DSP
3092449024 DVRS: [2020/09/10 11:13:45.173] 00F0: 43 55 52 20 4F 54 50 69 20 49 4E 44 20 4F 54 52 CUR OTPi IND OTR
3092449024 DVRS: [2020/09/10 11:13:45.173] 0100: 69 20 4F 4E 4C 20 46 49 4E 22 0D 0A 78 2D 6D 73 i ONL FIN"..x-ms
3092449024 DVRS: [2020/09/10 11:13:45.173] 0110: 2D 72 65 71 75 65 73 74 2D 69 64 3A 20 62 39 35 -request-id: b95
3092449024 DVRS: [2020/09/10 11:13:45.173] 0120: 33 64 62 31 63 2D 37 33 33 32 2D 34 32 33 33 2D 3db1c-7332-4233-
3092449024 DVRS: [2020/09/10 11:13:45.173] 0130: 61 36 36 36 2D 36 62 65 63 31 35 35 32 38 34 30 a666-6bec1552840
3092449024 DVRS: [2020/09/10 11:13:45.173] 0140: 30 0D 0A 78 2D 6D 73 2D 65 73 74 73 2D 73 65 72 0..x-ms-ests-ser
3092449024 DVRS: [2020/09/10 11:13:45.173] 0150: 76 65 72 3A 20 32 2E 31 2E 31 31 30 30 30 2E 32 ver: 2.1.11000.2
3092449024 DVRS: [2020/09/10 11:13:45.173] 0160: 32 20 2D 20 43 48 49 20 50 72 6F 64 53 6C 69 63 2 - CHI ProdSlic
3092449024 DVRS: [2020/09/10 11:13:45.173] 0170: 65 73 0D 0A 53 65 74 2D 43 6F 6F 6B 69 65 3A 20 es..Set-Cookie:
3092449024 DVRS: [2020/09/10 11:13:45.173] 0180: 66 70 63 3D 41 69 36 6D 68 57 72 49 59 65 39 4A fpc=Ai6mhWrIYe9J.........
expires=Sat, 1
3092449024 DVRS: [2020/09/10 11:13:45.173] 01C0: 30 2D 4F 63 74 2D 32 30 32 30 20 31 36 3A 31 33 0-Oct-2020 16:13
3092449024 DVRS: [2020/09/10 11:13:45.173] 01D0: 3A 34 35 20 47 4D 54 3B 20 70 61 74 68 3D 2F 3B :45 GMT; path=/;
3092449024 DVRS: [2020/09/10 11:13:45.173] 01E0: 20 73 65 63 75 72 65 3B 20 48 74 74 70 4F 6E 6C secure; HttpOnl
3092449024 DVRS: [2020/09/10 11:13:45.173] 01F0: 79 3B 20 53 61 6D 65 53 69 74 65 3D 4E 6F 6E 65 y; SameSite=None
3092449024 DVRS: [2020/09/10 11:13:45.173] 0200: 0D 0A 53 65 74 2D 43 6F 6F 6B 69 65 3A 20 78 2D ..Set-Cookie: x-
3092449024 DVRS: [2020/09/10 11:13:45.173] 0210: 6D 73 2D 67 61 74 65 77 61 79 2D 73 6C 69 63 65 ms-gateway-slice.......
3092449024 DVRS: [2020/09/10 11:13:45.173] 02C0: 0A 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A .Content-Length:
3092449024 DVRS: [2020/09/10 11:13:45.173] 02D0: 20 31 35 32 39 0D 0A 0D 0A 7B 22 74 6F 6B 65 6E 1529....."token
3092449024 DVRS: [2020/09/10 11:13:45.173] 02E0: 5F 74 79 70 65 22 3A 22 42 65 61 72 65 72 22 2C _type":"Bearer",
3092449024 DVRS: [2020/09/10 11:13:45.173] 02F0: 22 65 78 70 69 72 65 73 5F 69 6E 22 3A 33 35 39 "expires_in":359
3092449024 DVRS: [2020/09/10 11:13:45.174] 0300: 39 2C 22 65 78 74 5F 65 78 70 69 72 65 73 5F 69 9,"ext_expires_i
3092449024 DVRS: [2020/09/10 11:13:45.174] 0310: 6E 22 3A 33 35 39 39 2C 22 61 63 63 65 73 73 5F n":3599,"access_
3092449024 DVRS: [2020/09/10 11:13:45.174] 0320: 74 6F 6B 65 6E 22 3A 22 65 79 4A 30 65 58 41 69 token":"eyJ0eXAi..........................................

[etc]


Driver Log Continued:::


3092449024 DVRS: [2020/09/10 11:13:45.175] \IDVAULT1-TST\configuration\DriverSet\Business Processes - Publisher, setSoTimeout(0) called
3092449024 DVRS: [2020/09/10 11:13:45.175] BusinessProcess PT:
DirXML Log Event -------------------
Driver: \IDVAULT1-TST\configuration\DriverSet\Business Processes
Channel: Publisher
Status: Error
Message: Code(-9246) Error in vnd.nds.stream://IDVAULT1-TST/configuration/DriverSet/Business+Processes/Publisher/Test+Pub+Policy#XmlData:10 : Couldnt invoke rest endpoint https://graph.microsoft.com/beta/users. Error message: java.lang.NullPointerException
3092449024 DVRS: [2020/09/10 11:13:45.185] BusinessProcess PT: Action: do-trace-message(token-local-variable("success.do-invoke-rest-endpoint")).
3092449024 DVRS: [2020/09/10 11:13:45.185] BusinessProcess PT: arg-string(token-local-variable("success.do-invoke-rest-endpoint"))
3092449024 DVRS: [2020/09/10 11:13:45.186] BusinessProcess PT: token-local-variable("success.do-invoke-rest-endpoint")
3092449024 DVRS: [2020/09/10 11:13:45.186] BusinessProcess PT: Token Value: "".
3092449024 DVRS: [2020/09/10 11:13:45.186] BusinessProcess PT: Arg Value: "".
3092449024 DVRS: [2020/09/10 11:13:45.187] BusinessProcess PT:
3092449024 DVRS: [2020/09/10 11:13:45.187] BusinessProcess PT: Action: do-trace-message(token-local-variable("error.do-invoke-rest-endpoint")).
3092449024 DVRS: [2020/09/10 11:13:45.187] BusinessProcess PT: arg-string(token-local-variable("error.do-invoke-rest-endpoint"))
3092449024 DVRS: [2020/09/10 11:13:45.188] BusinessProcess PT: token-local-variable("error.do-invoke-rest-endpoint")
3092449024 DVRS: [2020/09/10 11:13:45.188] BusinessProcess PT: Token Value: "java.lang.NullPointerException".
3092449024 DVRS: [2020/09/10 11:13:45.188] BusinessProcess PT: Arg Value: "java.lang.NullPointerException".
3092449024 DVRS: [2020/09/10 11:13:45.189] BusinessProcess PT:java.lang.NullPointerException
3092449024 DVRS: [2020/09/10 11:13:45.189] BusinessProcess PT:Policy returned:
3092449024 DVRS: [2020/09/10 11:13:45.189] BusinessProcess PT:
<nds dtdversion="4.0">

0 Likes
7 Replies
Highlighted
Contributor.
Contributor.

Not an actual response to your question since i haven't had the chance to use the new invoke rest endpoint action yet. It is however possible to get an access token by ecmascript if that is an option? I used the following code and called it in policy:

 

importClass(java.net.HttpURLConnection);
importClass(java.net.URL);
importPackage(java.lang);
importPackage(java.io);


function genToken(clientID,clientSecret){

url = "https://login.microsoftonline.com/<catalog-ID>/oauth2/v2.0/token"; //token endpoint for oauth 2
scope = "https://graph.microsoft.com/.default";
grantType = "client_credentials";

body = "grant_type=" + grantType
+ "&client_id=" + clientID
+ "&client_secret=" + clientSecret
+ "&scope=" + scope;

response = sendPostRequest(url, body);

result = JSON.parse(response);

if(result.access_token){ //access_token available in response
return result.access_token;
} else {
debugMessage(response);
return "Error generating token, response in itp";
}
}

function sendPostRequest(url, payload) {
try {
url = new java.net.URL(url);
conn = url.openConnection();
conn.setDoInput(true);
conn.setDoOutput(true);
conn.setInstanceFollowRedirects(false);
conn.setRequestMethod("POST");
conn.setRequestProperty( "Content-Type", "application/x-www-form-urlencoded");
conn.setRequestProperty( "charset", "utf-8");
conn.setUseCaches(false);
payload = new java.lang.String(payload);

wr = new java.io.OutputStreamWriter(conn.getOutputStream(), "utf-8");
wr.write(new java.lang.String(body));
wr.flush();
wr.close();
status = conn.getResponseCode();

if(status == 200){
response = conn.getInputStream();
} else {
response = conn.getErrorStream();
}

sb = new StringBuilder();
br = new java.io.BufferedReader(new java.io.InputStreamReader(response, "utf-8"));
line = null;

while((line = br.readLine()) != null) {
sb.append(line + "\n");
}

br.close();
return sb.toString();

} catch (e){
return e.toString();
}
}

​function debugMessage(message) {
if (Packages.com.novell.nds.dirxml.engine.DirXML.isExternal()){
Packages.javax.swing.JOptionPane.showMessageDialog(null,message.toString()); // Print debug message to the trace during Policy Simulation instead popup message box
} else{
tracer = new Packages.com.novell.nds.dirxml.driver.Trace("ECMAScript");
tracer.trace(message, 3);
}
}

Highlighted
Outstanding Contributor.
Outstanding Contributor.

I got no clue about what is going on, but have you updated to the latest version of the REST driver, which does give some more human readable information than the old one did.

 

 

Highlighted
Knowledge Partner
Knowledge Partner

Casper, the original question was about using the Invoke Rest endpoint token, new in 4.8 not using the REST driver itself. 

0 Likes
Highlighted
Outstanding Contributor.
Outstanding Contributor.

I can read you know ... there has been a number of changes to the new rest driver which could help - which is why I suggested that.

From what I gather they rewrote some of the token handling in the new driver.

But as you know how to fix this problem, I'll let you come up with a solution 😉

Highlighted
Knowledge Partner
Knowledge Partner

That is interesting. Are you suggesting that the engine uses the classes inthe REST Shim for the Invoke REST endpoint token?  If so, that is an interesting tidbit.  Previously, all the tokens were defined in the dirxml.jar file for the most part. 

I suppose that gets us back to the xcd-all.jar problem with LDAP territory again.  I did not look at the classes it calls, do you happen to know?

0 Likes
Highlighted
Super Contributor.
Super Contributor.

Thanks for the suggestion but I don't see what how the REST driver has anything to do with an action in the engine.  I am not using the REST driver.  I'm actually testing with a null service driver.  I have also tested with the VERY latest AzureAD driver with the latest REST patches.  Same exact issue.

It seems to me that this action is a bit half baked.  The parameters/fields in designer don't even match those documented in the DTD,

Highlighted
Outstanding Contributor.
Outstanding Contributor.

I am terrible sorry, but I assume that people use the REST driver when they say REST - or at least mention which other driver they are using.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.