Highlighted
thundercoug Absent Member.
Absent Member.
877 views

REST Driver & Azure (graph.microsoft.com)

Does anyone have an example or some pointers on how to configure a REST driver to connect to Azure via graph.microsoft.com? I am having problems getting the proper access token using the OAuth2.0 authentication method. I get the following error:

<status level="fatal" type="driver-general">Exception: Failed to obtain a access token. The request body must contain the following parameter: 'grant_type'

The only Subscriber configuration options I see allow me to add Authorization Header Fields, is there a way to add the grant_type=client_credentials to the request body in the driver configuration?

Thanks.
Labels (1)
0 Likes
7 Replies
AutomaticReply Absent Member.
Absent Member.

Re: REST Driver & Azure (graph.microsoft.com)

thundercoug,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: REST Driver & Azure (graph.microsoft.com)

thundercoug;2479979 wrote:
Does anyone have an example or some pointers on how to configure a REST driver to connect to Azure via graph.microsoft.com? I am having problems getting the proper access token using the OAuth2.0 authentication method. I get the following error:

<status level="fatal" type="driver-general">Exception: Failed to obtain a access token. The request body must contain the following parameter: 'grant_type'

The only Subscriber configuration options I see allow me to add Authorization Header Fields, is there a way to add the grant_type=client_credentials to the request body in the driver configuration?

Thanks.


Wouldn't it be easier to use the AzureAD driver for this? Is there some reason you're trying to use the REST driver instead?
0 Likes
Knowledge Partner
Knowledge Partner

Re: REST Driver & Azure (graph.microsoft.com)

On 5/2/2018 12:56 PM, dgersic wrote:
>
> thundercoug;2479979 Wrote:
>> Does anyone have an example or some pointers on how to configure a REST
>> driver to connect to Azure via graph.microsoft.com? I am having
>> problems getting the proper access token using the OAuth2.0
>> authentication method. I get the following error:
>>
>> <status level="fatal" type="driver-general">Exception: Failed to obtain
>> a access token. The request body must contain the following parameter:
>> 'grant_type'
>>
>> The only Subscriber configuration options I see allow me to add
>> Authorization Header Fields, is there a way to add the
>> grant_type=client_credentials to the request body in the driver
>> configuration?
>>
>> Thanks.

>
> Wouldn't it be easier to use the AzureAD driver for this? Is there some
> reason you're trying to use the REST driver instead?


In fact, the AzureAD driver is really a config (complicated) on top of
the REST shim. Both policy and shim code add ons.


0 Likes
thundercoug Absent Member.
Absent Member.

Re: REST Driver & Azure (graph.microsoft.com)

Yes, it would for sure be easier to use the AzureAD driver; I set up the Azure driver and had some things working within a few hours. The main reason for wanting to use the REST driver is to avoid the cost of having to license the Azure driver (already licensed for the REST driver). There are very few attributes that need to be sync'd to Azure and there is no need for any of the email (O365) or other licensing features that the Azure driver handles. Basically, the purpose of the driver is to keep names synchronized (and occasional account renames). Not synchronizing passwords, not provisioning accounts, nothing too advanced, etc.

I set up a job on the REST driver to handle the getting/renewing of the Azure Bearer token, but I cannot find a way to use that token in any of the rest calls. Is it possible to handle the authorization token external to the driver configuration?

Thanks for your help.
0 Likes
sdhaval1 Absent Member.
Absent Member.

Re: REST Driver & Azure (graph.microsoft.com)

If I understand correct, then instead of generating the token via dirxml policy calls to Rest driver, you need to mention the OAuth client id/secret and URLs in the Rest Driver parameters. This is explained in more details under "Supporting Driver Authentication" at https://www.netiq.com/documentation/identity-manager-47-drivers/generic_rest/data/b8rffe7.html
If done as suggested above, you would only then need to make the relevant calls (via dirxml policies) using <driver-operation-data> tags and the driver shim would auto fit the bearer token for you.
See "Understanding Driver operation data" https://www.netiq.com/documentation/identity-manager-47-drivers/generic_rest/data/bv5xsg5.html
0 Likes
rreid Frequent Contributor.
Frequent Contributor.

Re: REST Driver & Azure (graph.microsoft.com)

dgersic;2480279 wrote:
Wouldn't it be easier to use the AzureAD driver for this? Is there some reason you're trying to use the REST driver instead?


We use the REST driver AND the O365/Azure driver because the O365/Azure driver is very inflexible in what you can do via the Graph API. You are locked down to the built in functions.

We have @ 500 email domains in a single tenant in O365 and a simple thing like a UPN change from one domain to another kills dirsync so we do the "rename" through the graph API. There are other examples of the limitations of the Azure/O365 driver but that's a subject for a different discussion.

We primarily use the Azure/O365 driver to run custom powershell commands against Exchange Online. However, even though we are in hybrid mode we had to set the driver up in non-hybrid mode because powershell functions are disabled by the driver when the driver is configured for hybrid mode.
0 Likes
Red_Baron
Member.

Re: REST Driver & Azure (graph.microsoft.com)

Did you ever find a resolution for sending something in the body of an Authorization token request? I have a similar API that requires grant_type to be in the body (not a header).

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.