Closed bama19942000 closed 4 years ago
It looks like I missed a step in the doco. Before generating the Personal Access Token (and after creating the $adminCreds and $v3Creds credential sets), set the credentials so that they can be used.
Set-IdentityNowCredential -AdminCredential $adminCreds -v3APIKey $v3Creds
Then generate the Personal Access Token
# IdentityNow Personal Access Token
$personalAccessToken = New-IdentityNowPersonalAccessToken -name "IDN Automation"
$patCreds = [pscredential]::new("$($personalAccessToken.id)", ($personalAccessToken.secret | ConvertTo-SecureString -AsPlainText -Force))
Set them and then save them all to the config
Set-IdentityNowCredential -AdminCredential $adminCreds -v3APIKey $v3Creds -PersonalAccessToken $patCreds
Save-IdentityNowConfiguration
Darren,
The same issue is happening. I confirmed it with another colleague that is trying it as well using another tenant.
Invoke-RestMethod : {"error":"invalid_grant","error_description":"Bad Credentials"} At C:\Program Files\WindowsPowerShell\Modules\SailPointIdentityNow\1.1.2\scripts\Get-IdentityNowAuth.ps1:241 char:20
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
Write-Verbose : Cannot bind argument to parameter 'Message' because it is null.
At C:\Program Files\WindowsPowerShell\Modules\SailPointIdentityNow\1.1.2\scripts\Get-IdentityNowAuth.ps1:270 char:27
+ CategoryInfo : InvalidData: (:) [Write-Verbose], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.WriteVerboseCommand
Write-Verbose : Cannot bind argument to parameter 'Message' because it is null. At C:\Program Files\WindowsPowerShell\Modules\SailPointIdentityNow\1.1.2\scripts\Get-IdentityNowAuth.ps1:277 char:19
+ CategoryInfo : InvalidData: (:) [Write-Verbose], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.WriteVerboseCommand
New-IdentityNowPersonalAccessToken : Authentication Failed. Check your AdminCredential and v3 API ClientID and ClientSecret. At C:\THIS\partner004oauthnewmatttotty1.ps1:15 char:28
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,New-IdentityNowPersonalAccessToken
ConvertTo-SecureString : Cannot bind argument to parameter 'String' because it is null. At C:\THIS\myscript.ps1:16 char:98
+ CategoryInfo : InvalidData: (:) [ConvertTo-SecureString], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertToSecureStringCommand
Exception calling ".ctor" with "2" argument(s): "Cannot process argument because the value of argument "userName" is not valid. Change the value of the "userName" argument and run the operation again." At C:\THIS\partner004oauthnewmatttotty1.ps1:16 char:40
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : PSArgumentException
Are you sure you have your correct Admin Account UserID and Password and v3 Credentials configured?
Invoke-RestMethod : {"error":"invalid_grant","error_description":"**Bad Credentials**"}
Keep in mind also, depending on your Account Lockout configuration (if it is default) the auth process and cmdlets such as Test-IdentityNowCredentials can quickly lockout your account if you have the incorrect account/password, clientID/secret.
Update, I've finally been able to reproduce the error. I'm looking into the root cause and a fix.
v1.1.3 published to the PS Gallery here Update to that version and you should be all good. My apologies for the bug.
I am unable to set credentials using the new reference you posted.
$orgName = "mypartnerorg" Set-IdentityNowOrg -orgName $orgName
Here is the error output
Invoke-RestMethod : {"error":"invalid_grant","error_description":"Bad Credentials"} At C:\Program Files\WindowsPowerShell\Modules\SailPointIdentityNow\1.1.2\scripts\Get-IdentityNowAuth.ps1:241 char:20
Write-Verbose : Cannot bind argument to parameter 'Message' because it is null. At C:\Program Files\WindowsPowerShell\Modules\SailPointIdentityNow\1.1.2\scripts\Get-IdentityNowAuth.ps1:277 char:19
New-IdentityNowPersonalAccessToken : Authentication Failed. Check your AdminCredential and v3 API ClientID and ClientSecret. At line:15 char:28
ConvertTo-SecureString : Cannot bind argument to parameter 'String' because it is null. At line:16 char:98
Exception calling ".ctor" with "2" argument(s): "Cannot process argument because the value of argument "userName" is not valid. Change the value of the "userName" argument and run the operation again." At line:16 char:40