• State Verified Answer
  • Replies 12 replies
  • Answers 2 answers
  • Subscribers 94 subscribers
  • Views 13074 views
  • Users 2 members are here
Options
Related

Issues calling script using REST api

nikola.stijak
over 6 years ago

Hey everyone,
I am trying to run a PowerShell script which calls a customer One Identity Script leveraging the REST api. One Identity V7.1.2 is used. At the variable $newUri the PowerShell script throws out an Authorization Issue:

Code:
--Setting authentication--
$authdata = @{AuthString="Module=DialogUser;User=<user>;Password=<password>."}
$authJSON = ConvertTo-JSON $authdata -Depth 2

--Login against the Application server--
Invoke-RestMethod -Uri "https://<servername>/d1imappserver/auth/apphost" -Body $authJSON.ToString() -Method Post -UseDefaultCredentials -Headers @{Accept="application/json"} -SessionVariable $wsession

--> Issue starts here
$newURI = (Invoke-RestMethod -Uri "https://<servername>/D1IMAppServer/api/script/CCC_xxxx_REST_FinalizeServiceRequest" -WebSession $wsession -Method Post -ContentType application/json).uri

--Logout--
Invoke-RestMethod -Uri "https://<servername>/d1imappserver/auth/logout" -WebSession $wsession -Method Post

ErrorMessage:
Invoke-RestMethod : Snapshot of ExecuteScriptRequest generated by ServiceStack on 05.12.2017 10:44:46
view json datasource from original url: https://<servername>/D1IMAppServer/api/script/CCC_xxxx_REST_FinalizeServiceRequest? in other
formats: json xml csv jsv
This reports json data source
Close Window Response StatusError CodeUnauthorizedMessageNot authorized
At line:2 char:12
+ $newURI = (Invoke-RestMethod -Uri "https://<servername> ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand


Can anyone support in this case?

 

Thanks in advance,

Niko

Parents
  • 0 2 months ago

    The error message "Not authorized" indicates that the script is encountering an authorization issue when trying to access the URI https://<servername>/D1IMAppServer/api/script/CCC_xxxx_REST_FinalizeServiceRequest. Here are some troubleshooting steps you can try to fix the authorization problem:

    1. Verify Credentials and Permissions:

      • Ensure the username and password stored in the $authdata variable are correct for a user with appropriate permissions to access the specified script. Double-check for any typos.

      • In One Identity, verify if the user has the necessary roles assigned to run the CCC_xxxx_REST_FinalizeServiceRequest script through the REST API.

    2. Check Web Session Validity:

      • The error might occur if the web session established with Invoke-RestMethod for login becomes invalid before reaching the $newURI line. Consider these options:
          • Refresh Session: Add a line before the second Invoke-RestMethod call to refresh the session:
            PowerShell
            Invoke-RestMethod -Uri "https://<servername>/d1imappserver/auth/refresh" -WebSession $wsession -Method Post -UseDefaultCredentials -Headers @{Accept="application/json"}
            Use code with caution.
            content_copy
          • Re-establish Session: Alternatively, re-establish the session for the specific call:
            PowerShell
            $newUri = (Invoke-RestMethod -Uri "https://<servername>/d1imappserver/auth/apphost" -Body $authJSON.ToString() -Method Post -UseDefaultCredentials -Headers @{Accept="application/json"} -SessionVariable $newSession)
(Invoke-RestMethod -Uri "https://<servername>/D1IMAppServer/api/script/CCC_xxxx_REST_FinalizeServiceRequest" -WebSession $newSession -Method Post -ContentType application/json).uri
            Use code with caution.
            content_copy

    3. Review One Identity Configuration:

      • Check One Identity documentation or consult their support for any specific configuration requirements for accessing scripts through the REST API.

      • Verify if additional steps are needed to authorize users for REST API access.

    4. Inspect Server Response:

      • The error message suggests accessing the provided URL directly in a browser (replacing placeholders with actual values) might reveal additional information in the response body. This could offer clues about the specific authorization failure reason.

    By following these steps and reviewing your script configuration, you should be able to identify the cause of the authorization issue and successfully run the script.

    Additional Tips:

      • Consider using secure string variables for storing credentials to avoid storing them in plain text.

    • For troubleshooting purposes, temporarily increase logging levels in One Identity to capture more details about the authorization failure.
Reply
  • 0 2 months ago

    The error message "Not authorized" indicates that the script is encountering an authorization issue when trying to access the URI https://<servername>/D1IMAppServer/api/script/CCC_xxxx_REST_FinalizeServiceRequest. Here are some troubleshooting steps you can try to fix the authorization problem:

    1. Verify Credentials and Permissions:

      • Ensure the username and password stored in the $authdata variable are correct for a user with appropriate permissions to access the specified script. Double-check for any typos.

      • In One Identity, verify if the user has the necessary roles assigned to run the CCC_xxxx_REST_FinalizeServiceRequest script through the REST API.

    2. Check Web Session Validity:

      • The error might occur if the web session established with Invoke-RestMethod for login becomes invalid before reaching the $newURI line. Consider these options:
          • Refresh Session: Add a line before the second Invoke-RestMethod call to refresh the session:
            PowerShell
            Invoke-RestMethod -Uri "https://<servername>/d1imappserver/auth/refresh" -WebSession $wsession -Method Post -UseDefaultCredentials -Headers @{Accept="application/json"}
            Use code with caution.
            content_copy
          • Re-establish Session: Alternatively, re-establish the session for the specific call:
            PowerShell
            $newUri = (Invoke-RestMethod -Uri "https://<servername>/d1imappserver/auth/apphost" -Body $authJSON.ToString() -Method Post -UseDefaultCredentials -Headers @{Accept="application/json"} -SessionVariable $newSession)
(Invoke-RestMethod -Uri "https://<servername>/D1IMAppServer/api/script/CCC_xxxx_REST_FinalizeServiceRequest" -WebSession $newSession -Method Post -ContentType application/json).uri
            Use code with caution.
            content_copy

    3. Review One Identity Configuration:

      • Check One Identity documentation or consult their support for any specific configuration requirements for accessing scripts through the REST API.

      • Verify if additional steps are needed to authorize users for REST API access.

    4. Inspect Server Response:

      • The error message suggests accessing the provided URL directly in a browser (replacing placeholders with actual values) might reveal additional information in the response body. This could offer clues about the specific authorization failure reason.

    By following these steps and reviewing your script configuration, you should be able to identify the cause of the authorization issue and successfully run the script.

    Additional Tips:

      • Consider using secure string variables for storing credentials to avoid storing them in plain text.

    • For troubleshooting purposes, temporarily increase logging levels in One Identity to capture more details about the authorization failure.
Children
No Data