and more in a single search tool across platforms. Read the announcement here. |
04/26/2024 01:35 AM - last edited on 04/26/2024 07:58 AM by Sunil
Hi Team,
Integration of CyberArk using Rest Connector
We are getting error while importing data using rest connector but we are able to fetch data via postman.
We are using IP only for connection and to import data as well.
PFB Error Logs, connection Json and import Json.
Error:
2024-04-26T13:51:26+05:30-ecm-worker-services.HttpClientUtilityService-quartzScheduler_Worker-1-j5kpm-DEBUG-called executeGetRequestWithHeaders for api...
2024-04-26T13:51:26+05:30-ecm-worker-services.HttpClientUtilityService-quartzScheduler_Worker-1-j5kpm-DEBUG-after calling executeRequestWithHeaders for api...
2024-04-26T13:51:26+05:30-ecm-worker-services.HttpClientUtilityService-quartzScheduler_Worker-1-j5kpm-DEBUG-called api...
2024-04-26T13:51:26+05:30-ecm-worker-services.HttpClientUtilityService-quartzScheduler_Worker-1-j5kpm-DEBUG-timeout validated for api...
2024-04-26T13:51:26+05:30-ecm-worker-services.HttpClientUtilityService-quartzScheduler_Worker-1-j5kpm-DEBUG-got response for api...
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestUtilService-quartzScheduler_Worker-1-j5kpm-DEBUG-Got showLogs = true
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestProvisioningService-quartzScheduler_Worker-1-j5kpm-DEBUG-Got Webservice API Response: [error:Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestUtilService-quartzScheduler_Worker-1-j5kpm-DEBUG-pullObjectsByRest - responseStatusCode ::null
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestUtilService-quartzScheduler_Worker-1-j5kpm-DEBUG-Got showLogs = true
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestUtilService-quartzScheduler_Worker-1-j5kpm-DEBUG-Got null response statusCode with erroMsg - [error:Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestProvisioningService-quartzScheduler_Worker-1-j5kpm-ERROR-Exception in getting response in pullObjectsByRest :
2024-04-26T13:51:27+05:30-ecm-worker--null-j5kpm--java.lang.Exception: NullResponseFromTarget at com.saviynt.provisoning.rest.RestUtilService.checkForErrorMsg(RestUtilService.groovy:1463) at com.saviynt.provisoning.rest.RestProvisioningService.pullObjectsByRest(RestProvisioningService.groovy:4539) at com.saviynt.provisoning.rest.RestProvisioningService.processAccountsByPagination(RestProvisioningService.groovy:4244) at com.saviynt.provisoning.rest.RestProvisioningService.processAccounts(RestProvisioningService.groovy:4171) at com.saviynt.provisoning.rest.RestProvisioningService.processAccountsFinal(RestProvisioningService.groovy:1681) at com.saviynt.provisoning.rest.RestProvisioningService.processAccountsFullBySequentialAndIterative(RestProvisioningService.groovy:1645) at com.saviynt.provisoning.rest.RestProvisioningService.importAccountsFull(RestProvisioningService.groovy:1473) at com.saviynt.provisoning.rest.RestProvisioningService.doImport(RestProvisioningService.groovy:138) at com.saviynt.ecm.integration.ExternalConnectionCallService.invokeExternalMethod(ExternalConnectionCallService.groovy:232) at SapImportJob.execute(SapImportJob.groovy:109) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestUtilService-quartzScheduler_Worker-1-j5kpm-DEBUG-Got showLogs = true
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestUtilService-quartzScheduler_Worker-1-j5kpm-DEBUG-Got showLogs = true
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestProvisioningService-quartzScheduler_Worker-1-j5kpm-DEBUG-Error while getting Account Import response for url- https://xx.xx.xx.xx/Password=******/api/Users is: null
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestProvisioningService-quartzScheduler_Worker-1-j5kpm-DEBUG-Getting response statusCode null, so failing Account Import Job
Connection Json:
{
"authentications": {
"acctAuth": {
"authType": "Basic",
"httpHeaders": {
"Accept": "application/xml",
"contentType": "application/json"
},
"authError": [
"ITATS366E",
"PASWS006E"
],
"url": "https://IP/PasswordVault/API/Auth/CyberArk/Logon ",
"httpMethod": "POST",
"httpContentType": "application/json",
"errorPath": "ErrorCode",
"maxRefreshTryCount": 5,
"tokenResponsePath": "string.content",
"authHeaderName": "Authorization",
"accessToken": "Basic ",
"httpParams": ": "
}
},
"username": "xxxxxxxxx",
"password": "xxxxx"
}
ImportAccountEntJSON:
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"statusColumn": "customproperty7",
"activeStatus": [
"true"
],
"deleteLinks": true,
"accountThresholdValue": 20,
"correlateInactiveAccounts": false,
"inactivateAccountsNotInFile": true,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://IP/PasswordVault/api/Users ",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpMethod": "GET",
"httpContentType": "application/json"
},
"listField": "Users",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "username~#~char"
},
"makeProcessingStatus": true
},
"call2": {
"callOrder": 1,
"stageNumber": 3,
"http": {
"url": "https://IP/PasswordVault/api/Users/${accountName }",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpMethod": "GET",
"httpContentType": "application/json"
},
"inputParams": {
"dependentCall": true
},
"listField": "",
"keyField": "accountID",
"nextApiKeyField": "accountID",
"colsToPropsMap": {
"name": "username~#~char",
"status": "enableUser~#~char",
"displayName": "username~#~char",
"accounttype": "userType~#~char",
"customproperty1": "source~#~char",
"customproperty2": "componentUser~#~char",
"customproperty3": "vaultAuthorization~#~char",
"customproperty5": "location~#~char",
"customproperty6": "suspended~#~char",
"customproperty7": "enableUser~#~char",
"customproperty8": "lastSuccessfulLoginDate~#~char",
"customproperty9": "unAuthorizedInterfaces~#~char",
"customproperty10": "authenticationMethod~#~char",
"customproperty11": "passwordNeverExpires~#~char",
"customproperty12": "distinguishedName~#~char",
"customproperty13": "description~#~char",
"customproperty14": "businessAddress~#~char",
"customproperty15": "internet~#~char",
"customproperty16": "phones~#~char",
"customproperty17": "personalDetails~#~char",
"accountID": "id~#~char"
}
}
}
},
"entitlementParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"Groups": {
"entTypeOrder": 0,
"entTypeLabels": {
"customproperty1": "Group Type",
"customproperty2": "Location"
},
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"url": "https://IP/PasswordVault/api/UserGroups ",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "groupName~#~char",
"displayname": "groupName~#~char",
"description": "description~#~char",
"entitlement_glossary": "description~#~char",
"customproperty1": "groupType~#~char",
"customproperty2": "location~#~char"
},
"disableDeletedEntitlements": true
}
}
},
"Safes": {
"entTypeOrder": 1,
"entTypeLabels": {
"customproperty1": "Safe URL ID",
"customproperty2": "Location"
},
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"url": "https://IP/PasswordVault/api/Safes ",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "Safes",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "SafeUrlId~#~char",
"entitlement_value": "SafeName~#~char",
"displayname": "SafeName~#~char",
"description": "Description~#~char",
"entitlement_glossary": "SafeName~#~char",
"customproperty1": "SafeUrlId~#~char",
"customproperty2": "Location~#~char"
},
"disableDeletedEntitlements": true
}
}
},
"PrivilegedAccounts": {
"entTypeOrder": 2,
"entTypeLabels": {
"customproperty1": "UserName",
"customproperty2": "Platform ID",
"customproperty3": "Safe Name",
"customproperty4": "Secret Type",
"customproperty5": "Application ID",
"customproperty6": "Active Directory ID",
"customproperty7": "automaticManagementEnabled",
"customproperty8": "Status",
"customproperty9": "lastModifiedTime",
"customproperty10": "createdTime"
},
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"url": "https://IP/PasswordVault/api/Accounts ",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "name~#~char",
"displayname": "name~#~char",
"description": "name~#~char",
"entitlement_glossary": "name~#~char",
"customproperty1": "userName~#~char",
"customproperty2": "platformId~#~char",
"customproperty3": "safeName~#~char",
"customproperty4": "secretType~#~char",
"customproperty5": "platformAccountProperties.ApplicationID~#~char",
"customproperty6": "platformAccountProperties.ActiveDirectoryID~#~char",
"customproperty7": "secretManagement.automaticManagementEnabled~#~char",
"customproperty8": "secretManagement.status~#~char",
"customproperty9": "secretManagement.lastModifiedTime~#~char",
"customproperty10": "createdTime~#~char"
},
"disableDeletedEntitlements": true
}
}
}
}
},
"acctEntParams": {
"connection": "acctAuth",
"entTypes": {
"Safes": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"showJobHistory": true,
"processingType": "httpEntToAcct",
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://IP/PasswordVault/api/Safes/${id}/Members ",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET"
},
"listField": "SafeMembers",
"entKeyField": "entitlementID",
"acctIdPath": "MemberName",
"acctKeyField": "name"
}
}
}
}
},
"entMappingParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"Safes": {
"ent1KeyField": "entitlement_value",
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://IP/PasswordVault/api/Accounts ",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"ent1IdPath": "safeName",
"ent2IdPath": "id",
"ent2KeyField": "entitlementID",
"targetEntType": "PrivilegedAccounts",
"mappingTypes": [
"ENT2"
]
}
}
}
}
}
}
[This message has been edited by moderator to mask sensitive info]
04/26/2024 01:31 PM
Please share curl command [Refer https://codingnconcepts.com/postman/how-to-generate-curl-command-from-postman/ ]
04/28/2024 11:53 PM
Here it is:
curl --location --request POST 'https://IP/PasswordVault/API/auth/Cyberark/Logon' \
--header 'Content-Type: application/json' \
--header 'Cookie: CA11111=000000025DF01CEDFAAF905368378478668997C7E210688BC5F583F7D0724011562E814500000000; CA22222=8E55308ABB06549236C2699008955052A5328F7DC426AEF34EB8272422F37462; CA55555=cyberark' \
--data-raw '{
"username": "xxxxxxxxx",
"password": "xxxx"
}'
04/29/2024 08:56 PM
Did you imported certificate?
04/30/2024 01:26 AM
I am not sure what certificate we need to import. Can you please provide more information which certificate we need to import.
Also, We are using REST Connection for integration.
Regards,
Rohan Pandit
04/30/2024 09:58 PM
Application SSL certifcate
05/15/2024 12:27 PM
@rushikeshvartak certificate issue is resolved. Now, i am getting this error.
responseText:{"ErrorCode":"CAWS00001E","ErrorMessage":"Connection to the Vault was terminated."}, cookies:[], statusCode:401]
Regards,
Rohan Pandit
05/15/2024 04:23 PM
did you restarted server using support ticket ? If not please do certificate install need backend restart
05/16/2024 12:29 AM
05/16/2024 07:07 PM - edited 05/16/2024 07:08 PM
Raise support ticket to restart connector pod
05/21/2024 03:25 AM
05/21/2024 11:06 PM
Did they restarted connector pod ?