Solved

How to get Access Token in FSM for OAuth2.0 through configuration? for Azure

  • 13 January 2022
  • 3 replies
  • 818 views
D
Rank
Badge +4

Hi,

I have to get the access token from External system to FSM.

I have tried in two ways but it didn’t worked as expected. can someone guide me on this

First Way:

Step 1:

Message Routing Rule: with handler OAuth2ExtractHandler and connector: JsonOutboundConnector with following details

Message Routing Rule

Step 2:

Xml Maps I temporarily use Request table as Primary Table

without mappings

XML Map

Step 3:

While testing, I got below error. Same i tried with Post man and got access token. but in FSM its not working and not returning any access token instead it throws error “Bad Request”

Integration Run Log

Second Way:

Step 1:

Message Routing Rule: with handler HTTPExtractHandler and connector: JsonOutboundConnector with following details

Routing Rule

Step 2:

Xml Maps I temporarily use Request table as Primary Table

and build the request body with all the parameters need for access token mappings

XML Map

Step 3:

While testing, I got below error.  in FSM its not working and not returning any access token instead it throws error “Bad Request”

Integration Run Log

So can anyone guide me how to configure the routing rule and map get the access token from Azure.

 

icon

Best answer by Jon Reid 25 January 2022, 17:14

View original

3 replies

Saranga Amaraweera
Rank
Userlevel 7
Badge +22

Hi @Damodaran ,

Please refer below steps to setup your OAuth2.0 ExtractHandler. (Source from R&D)

In the example, we are going to send a request to "https://graph.microsoft.com/v1.0/users" REST service, to create a user which has a display name mapped to the FSM person_id, using an access token acquired through the OAuth2ExtractHandler.

Create a XML map for the outbound integration
-------------------------------------------------
1. From main menu select XML Maps screen.
2. For the map name give any name
3. Check "Allow Export" and "Allow Import" check boxes.
4. For the primary table select Person table, for primary path set //person.
5. In the Details tab - uncheck "Extract XML Declaration".
6. In the Mapping tab, for FSM column name set "PERSON_ID", for extract column name set "displayName". (according to the example)
7. Save and refresh integration cache.

 

Create integration message routing rule.
-------------------------------------------
1. For the Rule ID set any name.
2. For Routing Type select - "Send Message".
3. For the Handler select - "Metrix.Integration.Handlers.OAuth2ExtractHandler".
4. For the Dataconnector select - "Metrix.Integration.JSONOutboundConnector".
5. For the Map ID select the outbound map that we have defined earlier.
6. Save screen and it will populate with routing arguments.

7. For "AccessTokenURL" set the token endpoint URL 

8. For "AuthenticationMode" set "Bearer".
9. For "ClientId" set value of app param OPENID_WEB_APPLICATION_ID.
10. For "ClientSecret" set value of app param OPENID_SECRET.
11. For "HTTPHeaders" set "Content-Type: application/json"
12. For "HTTPMethod" set "POST".
13. For "Scope" set "https://graph.microsoft.com/.default".
14. For "URL" set "https://graph.microsoft.com/v1.0/users".
15. Save and verify that AccessTokenURL, ClientId and ClientSecret arguments are encrypted.
16. Refresh integration cache.

16. In XML poster send below message.

<perform_outbound_integration>
<parameters>
<dataconnector>Metrix.Integration.JSONOutboundConnector</dataconnector>
<extract_entity>YOUR_MAP</extract_entity>
<message_name>
</message_name>
<enable_time_constrain>N</enable_time_constrain>
<input>
<primary_table_constraints>
<person_id>ADMIN</person_id>
</primary_table_constraints>
</input>
</parameters>
</perform_outbound_integration>

17. Check for a response similar to the below response with error message - "The remote server returned an error: (400) Bad Request."

<perform_outbound_integration_result>
<response>Transaction Complete.</response>
<run_id>187377</run_id>
<run_status>EXCEPTION</run_status>
<run_message>The remote server returned an error: (400) Bad Request.</run_message>
</perform_outbound_integration_result>

18. Go to the relevant run id and check the "Transaction Result" field. It will show an error message - "no expected type is available" as the reason for the 404 Bad Request error.
19. From routing rule "ClientSecret" change the client secret, save it and refresh integration cache.
20. Resend the XML message and check for the error message - "AccessToken is required for bearer authentication."
 

Note:

Reason for the "The remote server returned an error: (400) Bad Request." error message when testing the outbound integration using "JSONOutboundConnector" is, when converting the mapped xml to JSON, "JSONOutboundConnector" does not omit the root element name.

Therefore the graph api receives a request which has content like below,
{
"person":

{ "displayName": "ADMIN" }

 

However, the expected request content for the POST request (to create a user) is,

{ "displayName": "ADMIN" }

SAAALK
D
Rank
Badge +4

Thanks, @Saranga Amaraweera 

I tried uncheck "Extract XML Declaration". but still not working.

you mentioned for create a user using an access token acquired.
but here in my situation, problem is acquiring the token.

below is information provide by client by posting this i will get access token

curl --location --request POST https://login.microsoftonline.com/c5b*****-****-****-****-**********52/oauth2/v2.0/token 
-F "grant_type=client_credentials" 
-F "client_secret=L*****************************5dEY" 
-F "client_id=6*********************************7b" 
-F "scope=https://api-stg.xyz.com/enterprise/remote/.default" 
-F "redirect_uri=https://****.ifs.cloud/Client" 
-F "content_length=836"

its working perfectly in postman, but i have tried in multiple ways but not working in FSM
i am unable to receive the access token as response

Jon Reid
Rank
Userlevel 6
Badge +17

Forwarding comment from Hirantha Malavisooriya on the LCS case:

Specified exception is thrown when you post the outbound XML message to the access token URL . You need to use a valid endpoint (as the URL of the routing rule) to post the outbound XML.  . . . 

I investigated this with the following information specified in the attached G2310385_TestStpesForSmartClientIntegration (CASE - 3022548 - 1 - A1) - 1.docx document and could NOT find any issue on obtaining the access token.

grant_type:  client_credentials

client_secret:  xxxxxxxxxxxxxxx (obscured)

scope:  https://graph.microsoft.com/.default

client_id:  68ef4c49-816d-47cf-8d73-f95f19947ef4

AccessTokenURL: Sign in to your account ".

However, it appears that the specified exception is thrown when the same access token URL is also used as the endpoint URL to post the message.

Reply


Terms & ConditionsCookie settings