000037389 - Form control type 'Drop Down Select with Web Service' displays Unauthorized error in RSA Identity Governance & Lifecycle 7.1.1

Document created by RSA Customer Support Employee on Apr 24, 2019Last modified by RSA Customer Support Employee on Oct 11, 2020
Version 41Show Document
  • View in full screen mode

Article Content

Article Number000037389
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.1.1, 7.2.x
  1. When designing a custom form in RSA Identity Governance & Lifecycle (go to Requests > Configuration > Request Forms tab> {Request form name} Fields > New > General tab), if the Control Type Drop Down Select with Web Service is used to return a response from a Web Service command as in the example below:
    User-added image

    The Admin API call returns the WebService Result response of Unauthorized.

    User-added image

  2. When attempting to call a WebSerivce command from within a workflow the following error occurs.

"Error 401: The token is required for the command {command name}"
CauseThis is a known issue in RSA Identity Governance & Lifecycle 7.1.1 and has been reported in engineering ticket ACM-97280.

In RSA Identity Governance & Lifecycle 7.1.1, the RSA Admin API Web Service commands now require that a token be passed for authentication. The Control Type Drop Down Select with Web Service dialog does not currently have a method to pass a token to the Web Service command. 

More information about the token requirement can be found in the online Web Services documentation under Admin > Web Services > under Admin Commands > about:

The command expects the following parameters where a * denotes a required parameter:
token* - Session token, retrieved from loginUser. This token must be valid and unexpired.


This issue is resolved in the following RSA Identity Governance & Lifecycle versions and/or patch levels:

  • RSA Identify Governance & Lifecycle 7.1.1 P02
  • RSA Identity Governance & Lifecycle 7.2.0
  • RSA Identity Governance & Lifecycle 7.2.1
The product now allows you to define granular access to specific Admin API Web Service commands without a token if they are called from a Request Form. In the user interface, go to Admin > Web Services > Admin tab and select the Configure button for your Admin API command. Check the checkbox next to Request Forms and Workflows (no token) to allow access to this Admin API Web Services command without a token. 

User-added image