Issues calling script using REST api

Question

Hey everyone,
I am trying to run a PowerShell script which calls a customer One Identity Script leveraging the REST api. One Identity V7.1.2 is used. At the variable $newUri the PowerShell script throws out an Authorization Issue:

Code:
--Setting authentication--
$authdata = @{AuthString="Module=DialogUser;User=<user>;Password=<password>."}
$authJSON = ConvertTo-JSON $authdata -Depth 2

--Login against the Application server--
Invoke-RestMethod -Uri "https://<servername>/d1imappserver/auth/apphost" -Body $authJSON.ToString() -Method Post -UseDefaultCredentials -Headers @{Accept="application/json"} -SessionVariable $wsession

--> Issue starts here
$newURI = (Invoke-RestMethod -Uri "https://<servername>/D1IMAppServer/api/script/CCC_xxxx_REST_FinalizeServiceRequest" -WebSession $wsession -Method Post -ContentType application/json).uri

--Logout--
Invoke-RestMethod -Uri "https://<servername>/d1imappserver/auth/logout" -WebSession $wsession -Method Post

ErrorMessage:
Invoke-RestMethod : Snapshot of ExecuteScriptRequest generated by ServiceStack on 05.12.2017 10:44:46
view json datasource from original url: https://<servername>/D1IMAppServer/api/script/CCC_xxxx_REST_FinalizeServiceRequest? in other
formats: json xml csv jsv
This reports json data source
Close Window Response StatusError CodeUnauthorizedMessageNot authorized
At line:2 char:12
+ $newURI = (Invoke-RestMethod -Uri "https://<servername> ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

Can anyone support in this case?

Markus Weiss-Ehlers · Accepted Answer

I had to trace your code by testing it line by line in PowerShell.

The reason for the acess denied lies in the fact, that you wrongly specified the SessionVariable in the initial connect. You specfied the session variable with a starting $ which is wrong.

Your login call:

Invoke-RestMethod -Uri "https://<servername>/d1imappserver/auth/apphost" -Body $authJSON.ToString() -Method Post -UseDefaultCredentials -Headers @{Accept="application/json"} -SessionVariable $wsession

Correct login call:

Invoke-RestMethod -Uri "https://<servername>/d1imappserver/auth/apphost" -Body $authJSON.ToString() -Method Post -UseDefaultCredentials -Headers @{Accept="application/json"} -SessionVariable wsession

Markus Weiss-Ehlers · Answer

When you take a look at the RestAPI documentation https://support.oneidentity.com/technical-documents/identity-manager/8.0/rest-api-reference-guide/14#TOPIC-863120 you will find that two things are wrong here. 
 First, you have to use the HTTP method PUT and not POST like you do. Secondly, the result of a script call does not contain a property uri . You can use result instead.

Markus Weiss-Ehlers · Answer

If you test your body in PowerShell (always the easiest way to confirm that your body is well-formed according to the specification) you will find the resulting JSON is wrong. 
 Your incorrect body $body = @{parameters = "[3c93f2b9-5524-4b24-9477-5ce0d5510e32]"} | ConvertTo-Json 
 is delivering the following JSON. {
 "parameters": "[3c93f2b9-5524-4b24-9477-5ce0d5510e32]"
} 
 The correct body would be $body = @{parameters = @("3c93f2b9-5524-4b24-9477-5ce0d5510e32")} | ConvertTo-Json 
 and delivers the following JSON. {
 "parameters": [
 "3c93f2b9-5524-4b24-9477-5ce0d5510e32"
 ]
} 
 Furthermore, I think you are seeing an access error when trying to call the script. Please take a look at the following post. 
 https://www.quest.com/community/products/one-identity/f/identity-manager/21567/calling-scripts-via-application-server-restful-api-using-common_startscripts-permission-not-working

Endpoint Privilege Management

Issues calling script using REST api