Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/26/2024 01:35 AM - last edited on 04/26/2024 07:58 AM by Sunil
Hi Team,
Integration of CyberArk using Rest Connector
We are getting error while importing data using rest connector but we are able to fetch data via postman.
We are using IP only for connection and to import data as well.
PFB Error Logs, connection Json and import Json.
Error:
2024-04-26T13:51:26+05:30-ecm-worker-services.HttpClientUtilityService-quartzScheduler_Worker-1-j5kpm-DEBUG-called executeGetRequestWithHeaders for api...
2024-04-26T13:51:26+05:30-ecm-worker-services.HttpClientUtilityService-quartzScheduler_Worker-1-j5kpm-DEBUG-after calling executeRequestWithHeaders for api...
2024-04-26T13:51:26+05:30-ecm-worker-services.HttpClientUtilityService-quartzScheduler_Worker-1-j5kpm-DEBUG-called api...
2024-04-26T13:51:26+05:30-ecm-worker-services.HttpClientUtilityService-quartzScheduler_Worker-1-j5kpm-DEBUG-timeout validated for api...
2024-04-26T13:51:26+05:30-ecm-worker-services.HttpClientUtilityService-quartzScheduler_Worker-1-j5kpm-DEBUG-got response for api...
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestUtilService-quartzScheduler_Worker-1-j5kpm-DEBUG-Got showLogs = true
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestProvisioningService-quartzScheduler_Worker-1-j5kpm-DEBUG-Got Webservice API Response: [error:Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestUtilService-quartzScheduler_Worker-1-j5kpm-DEBUG-pullObjectsByRest - responseStatusCode ::null
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestUtilService-quartzScheduler_Worker-1-j5kpm-DEBUG-Got showLogs = true
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestUtilService-quartzScheduler_Worker-1-j5kpm-DEBUG-Got null response statusCode with erroMsg - [error:Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestProvisioningService-quartzScheduler_Worker-1-j5kpm-ERROR-Exception in getting response in pullObjectsByRest :
2024-04-26T13:51:27+05:30-ecm-worker--null-j5kpm--java.lang.Exception: NullResponseFromTarget at com.saviynt.provisoning.rest.RestUtilService.checkForErrorMsg(RestUtilService.groovy:1463) at com.saviynt.provisoning.rest.RestProvisioningService.pullObjectsByRest(RestProvisioningService.groovy:4539) at com.saviynt.provisoning.rest.RestProvisioningService.processAccountsByPagination(RestProvisioningService.groovy:4244) at com.saviynt.provisoning.rest.RestProvisioningService.processAccounts(RestProvisioningService.groovy:4171) at com.saviynt.provisoning.rest.RestProvisioningService.processAccountsFinal(RestProvisioningService.groovy:1681) at com.saviynt.provisoning.rest.RestProvisioningService.processAccountsFullBySequentialAndIterative(RestProvisioningService.groovy:1645) at com.saviynt.provisoning.rest.RestProvisioningService.importAccountsFull(RestProvisioningService.groovy:1473) at com.saviynt.provisoning.rest.RestProvisioningService.doImport(RestProvisioningService.groovy:138) at com.saviynt.ecm.integration.ExternalConnectionCallService.invokeExternalMethod(ExternalConnectionCallService.groovy:232) at SapImportJob.execute(SapImportJob.groovy:109) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestUtilService-quartzScheduler_Worker-1-j5kpm-DEBUG-Got showLogs = true
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestUtilService-quartzScheduler_Worker-1-j5kpm-DEBUG-Got showLogs = true
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestProvisioningService-quartzScheduler_Worker-1-j5kpm-DEBUG-Error while getting Account Import response for url- https://xx.xx.xx.xx/Password=******/api/Users is: null
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestProvisioningService-quartzScheduler_Worker-1-j5kpm-DEBUG-Getting response statusCode null, so failing Account Import Job
Connection Json:
{
"authentications": {
"acctAuth": {
"authType": "Basic",
"httpHeaders": {
"Accept": "application/xml",
"contentType": "application/json"
},
"authError": [
"ITATS366E",
"PASWS006E"
],
"url": "https://IP/PasswordVault/API/Auth/CyberArk/Logon ",
"httpMethod": "POST",
"httpContentType": "application/json",
"errorPath": "ErrorCode",
"maxRefreshTryCount": 5,
"tokenResponsePath": "string.content",
"authHeaderName": "Authorization",
"accessToken": "Basic ",
"httpParams": ": "
}
},
"username": "xxxxxxxxx",
"password": "xxxxx"
}
ImportAccountEntJSON:
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"statusColumn": "customproperty7",
"activeStatus": [
"true"
],
"deleteLinks": true,
"accountThresholdValue": 20,
"correlateInactiveAccounts": false,
"inactivateAccountsNotInFile": true,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://IP/PasswordVault/api/Users ",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpMethod": "GET",
"httpContentType": "application/json"
},
"listField": "Users",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "username~#~char"
},
"makeProcessingStatus": true
},
"call2": {
"callOrder": 1,
"stageNumber": 3,
"http": {
"url": "https://IP/PasswordVault/api/Users/${accountName }",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpMethod": "GET",
"httpContentType": "application/json"
},
"inputParams": {
"dependentCall": true
},
"listField": "",
"keyField": "accountID",
"nextApiKeyField": "accountID",
"colsToPropsMap": {
"name": "username~#~char",
"status": "enableUser~#~char",
"displayName": "username~#~char",
"accounttype": "userType~#~char",
"customproperty1": "source~#~char",
"customproperty2": "componentUser~#~char",
"customproperty3": "vaultAuthorization~#~char",
"customproperty5": "location~#~char",
"customproperty6": "suspended~#~char",
"customproperty7": "enableUser~#~char",
"customproperty8": "lastSuccessfulLoginDate~#~char",
"customproperty9": "unAuthorizedInterfaces~#~char",
"customproperty10": "authenticationMethod~#~char",
"customproperty11": "passwordNeverExpires~#~char",
"customproperty12": "distinguishedName~#~char",
"customproperty13": "description~#~char",
"customproperty14": "businessAddress~#~char",
"customproperty15": "internet~#~char",
"customproperty16": "phones~#~char",
"customproperty17": "personalDetails~#~char",
"accountID": "id~#~char"
}
}
}
},
"entitlementParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"Groups": {
"entTypeOrder": 0,
"entTypeLabels": {
"customproperty1": "Group Type",
"customproperty2": "Location"
},
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"url": "https://IP/PasswordVault/api/UserGroups ",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "groupName~#~char",
"displayname": "groupName~#~char",
"description": "description~#~char",
"entitlement_glossary": "description~#~char",
"customproperty1": "groupType~#~char",
"customproperty2": "location~#~char"
},
"disableDeletedEntitlements": true
}
}
},
"Safes": {
"entTypeOrder": 1,
"entTypeLabels": {
"customproperty1": "Safe URL ID",
"customproperty2": "Location"
},
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"url": "https://IP/PasswordVault/api/Safes ",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "Safes",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "SafeUrlId~#~char",
"entitlement_value": "SafeName~#~char",
"displayname": "SafeName~#~char",
"description": "Description~#~char",
"entitlement_glossary": "SafeName~#~char",
"customproperty1": "SafeUrlId~#~char",
"customproperty2": "Location~#~char"
},
"disableDeletedEntitlements": true
}
}
},
"PrivilegedAccounts": {
"entTypeOrder": 2,
"entTypeLabels": {
"customproperty1": "UserName",
"customproperty2": "Platform ID",
"customproperty3": "Safe Name",
"customproperty4": "Secret Type",
"customproperty5": "Application ID",
"customproperty6": "Active Directory ID",
"customproperty7": "automaticManagementEnabled",
"customproperty8": "Status",
"customproperty9": "lastModifiedTime",
"customproperty10": "createdTime"
},
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"url": "https://IP/PasswordVault/api/Accounts ",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "name~#~char",
"displayname": "name~#~char",
"description": "name~#~char",
"entitlement_glossary": "name~#~char",
"customproperty1": "userName~#~char",
"customproperty2": "platformId~#~char",
"customproperty3": "safeName~#~char",
"customproperty4": "secretType~#~char",
"customproperty5": "platformAccountProperties.ApplicationID~#~char",
"customproperty6": "platformAccountProperties.ActiveDirectoryID~#~char",
"customproperty7": "secretManagement.automaticManagementEnabled~#~char",
"customproperty8": "secretManagement.status~#~char",
"customproperty9": "secretManagement.lastModifiedTime~#~char",
"customproperty10": "createdTime~#~char"
},
"disableDeletedEntitlements": true
}
}
}
}
},
"acctEntParams": {
"connection": "acctAuth",
"entTypes": {
"Safes": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"showJobHistory": true,
"processingType": "httpEntToAcct",
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://IP/PasswordVault/api/Safes/${id}/Members ",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET"
},
"listField": "SafeMembers",
"entKeyField": "entitlementID",
"acctIdPath": "MemberName",
"acctKeyField": "name"
}
}
}
}
},
"entMappingParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"Safes": {
"ent1KeyField": "entitlement_value",
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://IP/PasswordVault/api/Accounts ",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"ent1IdPath": "safeName",
"ent2IdPath": "id",
"ent2KeyField": "entitlementID",
"targetEntType": "PrivilegedAccounts",
"mappingTypes": [
"ENT2"
]
}
}
}
}
}
}
[This message has been edited by moderator to mask sensitive info]
Solved! Go to Solution.
04/26/2024 01:31 PM
Please share curl command [Refer https://codingnconcepts.com/postman/how-to-generate-curl-command-from-postman/ ]
04/28/2024 11:53 PM
Here it is:
curl --location --request POST 'https://IP/PasswordVault/API/auth/Cyberark/Logon' \
--header 'Content-Type: application/json' \
--header 'Cookie: CA11111=000000025DF01CEDFAAF905368378478668997C7E210688BC5F583F7D0724011562E814500000000; CA22222=8E55308ABB06549236C2699008955052A5328F7DC426AEF34EB8272422F37462; CA55555=cyberark' \
--data-raw '{
"username": "xxxxxxxxx",
"password": "xxxx"
}'
04/29/2024 08:56 PM
Did you imported certificate?
04/30/2024 01:26 AM
I am not sure what certificate we need to import. Can you please provide more information which certificate we need to import.
Also, We are using REST Connection for integration.
Regards,
Rohan Pandit
04/30/2024 09:58 PM
Application SSL certifcate
05/15/2024 12:27 PM
@rushikeshvartak certificate issue is resolved. Now, i am getting this error.
responseText:{"ErrorCode":"CAWS00001E","ErrorMessage":"Connection to the Vault was terminated."}, cookies:[], statusCode:401]
Regards,
Rohan Pandit
05/15/2024 04:23 PM
did you restarted server using support ticket ? If not please do certificate install need backend restart
05/16/2024 12:29 AM
05/16/2024 07:07 PM - edited 05/16/2024 07:08 PM
Raise support ticket to restart connector pod
06/10/2024 06:41 AM
Hello Rohan,
How did you resolve this error?
We are facing the same error. What is the cause and remediation.
Warm Regards,
Sai
05/21/2024 03:25 AM
05/21/2024 11:06 PM
Did they restarted connector pod ?
06/19/2024 12:13 AM
Hello all,
A code change was needed to accommodate a format change on the CyberArk refresh token (they started returning the value in double quotes). This appears to be an issue only in CyberArk's "Gen 2" API. The ultimate solution is to upgrade to 24.5 or will be need a released in a minor version update for your current version. Look for "CONN-16378" in the 24.5 release notes:
https://docs.saviyntcloud.com/bundle/Release-Notes/page/Content/v24x/Release-Notes-24-5.htm
As a workaround, you may want to try using the "Gen 1" CyberArk API for authentication: https://docs.cyberark.com/pam-self-hosted/latest/en/Content/SDK/CyberArk%20Authentication%20-%20Logo...
07/11/2024 12:34 AM
Hello
Issue has been resolved post upgrading to 24.5. Attaching the connection Json for the future reference need to be used in order to
{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"httpParamsName": "password",
"url": "https://<<url>>>>>>/PasswordVault/API/Auth/CyberArk/Logon",
"httpMethod": "POST",
"httpParams": {
"username": "username",
"password": "password",
"concurrentSession": "True"
},
"httpHeaders": {
"contentType": "application/json"
},
"httpContentType": "application/json",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed",
"FAILURE",
"INVALID_SESSION_ID",
"ExpiredAuthenticationToken",
"Read timed out",
"PASWS013E",
401
],
"retryFailureStatusCode": [
401
],
"timeOutError": "Read timed out",
"errorPath": "error.type",
"maxRefreshTryCount": 5,
"accessToken": "abcd"
}
}
}
Warm Regards,
Sai Phani Vemulapally.