Thanks a lot for the reply.
Main Issue- Old Secure tokens at Azure AD sites has expired. So I need to provide new Access token to reenable the SCIM for pushing users to SAS Viya.
I followed 5 steps in the manual Client registration. New issue raised now.
Viya Site- https://sasviyxxx.xxxxweb.xxxxx.com
This is the site which our Viya users & myself have access & do admin work.
When I used above site in the 3rd & 5th steps I am getting Bearer Token & Access token. I gave these 2 tokens to Azure AD team for Reauthorizing our SAS Viya through SCIM. But when he click on Test connection in Azure portal with these tokens it is showing invalid credentials.
Configure SCIM Provisioning in Azure AD
In the Admin Credentials section, complete the following steps:
- In the Tenant URL field, specify the base URL to SAS Viya and append
/identities/scim/v2/.
Note: HTTPS is required. In other words, the ingress controller for your SAS Viya environment is configured for TLS and is using a certificate that is issued by one of the public certificate authorities that are supported by Microsoft Authentication Services.
- In the Secret Token field, paste the Bearer token that was created when you followed the process for Manual Client Registration.
- Click Test Connection.
If you configured the system correctly, you will receive a successful response.
Here, AD team using -https://sasviyxxx.xxxxglobal.xxxx.com at Tenant URL field in Azure portal and doing Test connection.
[sas@zneuxx34 sas_viya_playbook]$ ACCESS_TOKEN=`curl -skX POST "https://sasviyxxx.xxxxweb.bp.com/SASLogon/oauth/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials" \
-u "idp-client-id:idp-client-secret"| awk -F: '{print $2}'|awk -F\" '{print $2}'`; echo "The client access-token is: " ${ACCESS_TOKEN};
The client access-token is: eyJhbGciOifgfgffd......
Here I am getting Access token successfully.
Note- I used idp-client-id & idp-client-secrent as it is & it worked fine. FYI I dont know old Client ID & secrets.
Viya SIte - https://sasviyxxx.xxxxglobal.xxxx.com
We don't have access to this site & as Azure AD team using above site at their end, I tried to register this site at my end.
But in the 3rd step only, I am not getting any access token as shown below.
[sas@zneuxxxx34 sas_viya_playbook]$ ACCESS_TOKEN=`curl -skX POST "https://sasviyxxx.xxxxglobal.xxxx.com/SASLogon/oauth/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials" \
-u "idp-client-id:idp-client-secret"| awk -F: '{print $2}'|awk -F\" '{print $2}'`; echo "The client access-token is: " ${ACCESS_TOKEN};
The client access-token is:
[sas@zneuxx34 sas_viya_playbook]$
Here No access token generated.
Fyi - we don't have access to - https://sasviyxxx.xxxxglobal.xxxx.com
When I tried to access above site, it is throwing error- Site cannot be reached & ....server IP address could not be found.
Query:
How can I get the access token for ....global.xxx.com site which is used at Azure side for testing connectivity?
Is this ...global.xxx.com should be accessible from my Virtaul machine then only I can get access token?
I saw one email in which old Admin asked AD team to test the ..global.xxx.com site by providing access token in the email.And that's why I guess AD team is using Global website instead of ..xxxweb.xxx.com.
Could you please help me on this?
Thanks
RaviSPR
