Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Saviynt-CyberArk Rest Integration Error

rohanpandit
New Contributor II
New Contributor II

Hi Team,

Integration of CyberArk using Rest Connector

We are getting error while importing data using rest connector but we are able to fetch data via postman.

We are using IP only for connection and to import data as well.

PFB Error Logs, connection Json and import Json.

Error:

 

2024-04-26T13:51:26+05:30-ecm-worker-services.HttpClientUtilityService-quartzScheduler_Worker-1-j5kpm-DEBUG-called executeGetRequestWithHeaders for api...
2024-04-26T13:51:26+05:30-ecm-worker-services.HttpClientUtilityService-quartzScheduler_Worker-1-j5kpm-DEBUG-after calling executeRequestWithHeaders for api...
2024-04-26T13:51:26+05:30-ecm-worker-services.HttpClientUtilityService-quartzScheduler_Worker-1-j5kpm-DEBUG-called api...
2024-04-26T13:51:26+05:30-ecm-worker-services.HttpClientUtilityService-quartzScheduler_Worker-1-j5kpm-DEBUG-timeout validated for api...
2024-04-26T13:51:26+05:30-ecm-worker-services.HttpClientUtilityService-quartzScheduler_Worker-1-j5kpm-DEBUG-got response for api...
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestUtilService-quartzScheduler_Worker-1-j5kpm-DEBUG-Got showLogs = true
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestProvisioningService-quartzScheduler_Worker-1-j5kpm-DEBUG-Got Webservice API Response: [error:Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestUtilService-quartzScheduler_Worker-1-j5kpm-DEBUG-pullObjectsByRest - responseStatusCode ::null
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestUtilService-quartzScheduler_Worker-1-j5kpm-DEBUG-Got showLogs = true
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestUtilService-quartzScheduler_Worker-1-j5kpm-DEBUG-Got null response statusCode with erroMsg - [error:Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestProvisioningService-quartzScheduler_Worker-1-j5kpm-ERROR-Exception in getting response in pullObjectsByRest :
2024-04-26T13:51:27+05:30-ecm-worker--null-j5kpm--java.lang.Exception: NullResponseFromTarget at com.saviynt.provisoning.rest.RestUtilService.checkForErrorMsg(RestUtilService.groovy:1463) at com.saviynt.provisoning.rest.RestProvisioningService.pullObjectsByRest(RestProvisioningService.groovy:4539) at com.saviynt.provisoning.rest.RestProvisioningService.processAccountsByPagination(RestProvisioningService.groovy:4244) at com.saviynt.provisoning.rest.RestProvisioningService.processAccounts(RestProvisioningService.groovy:4171) at com.saviynt.provisoning.rest.RestProvisioningService.processAccountsFinal(RestProvisioningService.groovy:1681) at com.saviynt.provisoning.rest.RestProvisioningService.processAccountsFullBySequentialAndIterative(RestProvisioningService.groovy:1645) at com.saviynt.provisoning.rest.RestProvisioningService.importAccountsFull(RestProvisioningService.groovy:1473) at com.saviynt.provisoning.rest.RestProvisioningService.doImport(RestProvisioningService.groovy:138) at com.saviynt.ecm.integration.ExternalConnectionCallService.invokeExternalMethod(ExternalConnectionCallService.groovy:232) at SapImportJob.execute(SapImportJob.groovy:109) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestUtilService-quartzScheduler_Worker-1-j5kpm-DEBUG-Got showLogs = true
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestUtilService-quartzScheduler_Worker-1-j5kpm-DEBUG-Got showLogs = true
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestProvisioningService-quartzScheduler_Worker-1-j5kpm-DEBUG-Error while getting Account Import response for url- https://xx.xx.xx.xx/Password=******/api/Users  is: null
2024-04-26T13:51:26+05:30-ecm-worker-rest.RestProvisioningService-quartzScheduler_Worker-1-j5kpm-DEBUG-Getting response statusCode null, so failing Account Import Job

 

Connection Json:

{
"authentications": {
"acctAuth": {
"authType": "Basic",
"httpHeaders": {
"Accept": "application/xml",
"contentType": "application/json"
},
"authError": [
"ITATS366E",
"PASWS006E"
],
"url": "https://IP/PasswordVault/API/Auth/CyberArk/Logon ",
"httpMethod": "POST",
"httpContentType": "application/json",
"errorPath": "ErrorCode",
"maxRefreshTryCount": 5,
"tokenResponsePath": "string.content",
"authHeaderName": "Authorization",
"accessToken": "Basic ",
"httpParams": ": "
}
},
"username": "xxxxxxxxx",
"password": "xxxxx"
}

ImportAccountEntJSON:

 

{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"statusColumn": "customproperty7",
"activeStatus": [
"true"
],
"deleteLinks": true,
"accountThresholdValue": 20,
"correlateInactiveAccounts": false,
"inactivateAccountsNotInFile": true,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://IP/PasswordVault/api/Users ",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpMethod": "GET",
"httpContentType": "application/json"
},
"listField": "Users",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "username~#~char"
},
"makeProcessingStatus": true
},
"call2": {
"callOrder": 1,
"stageNumber": 3,
"http": {
"url": "https://IP/PasswordVault/api/Users/${accountName }",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpMethod": "GET",
"httpContentType": "application/json"
},
"inputParams": {
"dependentCall": true
},
"listField": "",
"keyField": "accountID",
"nextApiKeyField": "accountID",
"colsToPropsMap": {
"name": "username~#~char",
"status": "enableUser~#~char",
"displayName": "username~#~char",
"accounttype": "userType~#~char",
"customproperty1": "source~#~char",
"customproperty2": "componentUser~#~char",
"customproperty3": "vaultAuthorization~#~char",
"customproperty5": "location~#~char",
"customproperty6": "suspended~#~char",
"customproperty7": "enableUser~#~char",
"customproperty8": "lastSuccessfulLoginDate~#~char",
"customproperty9": "unAuthorizedInterfaces~#~char",
"customproperty10": "authenticationMethod~#~char",
"customproperty11": "passwordNeverExpires~#~char",
"customproperty12": "distinguishedName~#~char",
"customproperty13": "description~#~char",
"customproperty14": "businessAddress~#~char",
"customproperty15": "internet~#~char",
"customproperty16": "phones~#~char",
"customproperty17": "personalDetails~#~char",
"accountID": "id~#~char"
}
}
}
},
"entitlementParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"Groups": {
"entTypeOrder": 0,
"entTypeLabels": {
"customproperty1": "Group Type",
"customproperty2": "Location"
},
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"url": "https://IP/PasswordVault/api/UserGroups ",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "groupName~#~char",
"displayname": "groupName~#~char",
"description": "description~#~char",
"entitlement_glossary": "description~#~char",
"customproperty1": "groupType~#~char",
"customproperty2": "location~#~char"
},
"disableDeletedEntitlements": true
}
}
},
"Safes": {
"entTypeOrder": 1,
"entTypeLabels": {
"customproperty1": "Safe URL ID",
"customproperty2": "Location"
},
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"url": "https://IP/PasswordVault/api/Safes ",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "Safes",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "SafeUrlId~#~char",
"entitlement_value": "SafeName~#~char",
"displayname": "SafeName~#~char",
"description": "Description~#~char",
"entitlement_glossary": "SafeName~#~char",
"customproperty1": "SafeUrlId~#~char",
"customproperty2": "Location~#~char"
},
"disableDeletedEntitlements": true
}
}
},
"PrivilegedAccounts": {
"entTypeOrder": 2,
"entTypeLabels": {
"customproperty1": "UserName",
"customproperty2": "Platform ID",
"customproperty3": "Safe Name",
"customproperty4": "Secret Type",
"customproperty5": "Application ID",
"customproperty6": "Active Directory ID",
"customproperty7": "automaticManagementEnabled",
"customproperty8": "Status",
"customproperty9": "lastModifiedTime",
"customproperty10": "createdTime"
},
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"url": "https://IP/PasswordVault/api/Accounts ",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "name~#~char",
"displayname": "name~#~char",
"description": "name~#~char",
"entitlement_glossary": "name~#~char",
"customproperty1": "userName~#~char",
"customproperty2": "platformId~#~char",
"customproperty3": "safeName~#~char",
"customproperty4": "secretType~#~char",
"customproperty5": "platformAccountProperties.ApplicationID~#~char",
"customproperty6": "platformAccountProperties.ActiveDirectoryID~#~char",
"customproperty7": "secretManagement.automaticManagementEnabled~#~char",
"customproperty8": "secretManagement.status~#~char",
"customproperty9": "secretManagement.lastModifiedTime~#~char",
"customproperty10": "createdTime~#~char"
},
"disableDeletedEntitlements": true
}
}
}
}
},
"acctEntParams": {
"connection": "acctAuth",
"entTypes": {
"Safes": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"showJobHistory": true,
"processingType": "httpEntToAcct",
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://IP/PasswordVault/api/Safes/${id}/Members ",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET"
},
"listField": "SafeMembers",
"entKeyField": "entitlementID",
"acctIdPath": "MemberName",
"acctKeyField": "name"
}
}
}
}
},
"entMappingParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"Safes": {
"ent1KeyField": "entitlement_value",
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://IP/PasswordVault/api/Accounts ",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"ent1IdPath": "safeName",
"ent2IdPath": "id",
"ent2KeyField": "entitlementID",
"targetEntType": "PrivilegedAccounts",
"mappingTypes": [
"ENT2"
]
}
}
}
}
}
}

[This message has been edited by moderator to mask sensitive info]

12 REPLIES 12

rushikeshvartak
All-Star
All-Star

Please share curl command [Refer https://codingnconcepts.com/postman/how-to-generate-curl-command-from-postman/ ]


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Here it is:

curl --location --request POST 'https://IP/PasswordVault/API/auth/Cyberark/Logon' \
--header 'Content-Type: application/json' \
--header 'Cookie: CA11111=000000025DF01CEDFAAF905368378478668997C7E210688BC5F583F7D0724011562E814500000000; CA22222=8E55308ABB06549236C2699008955052A5328F7DC426AEF34EB8272422F37462; CA55555=cyberark' \
--data-raw '{
"username": "xxxxxxxxx",
"password": "xxxx"
}'

Did you imported certificate?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

I am not sure what certificate we need  to import. Can you please provide more information which certificate we need to import.

Also, We are using REST Connection for integration.

Regards,

Rohan Pandit

 

Application SSL certifcate


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

@rushikeshvartak  certificate issue is resolved. Now, i am getting this error.

responseText:{"ErrorCode":"CAWS00001E","ErrorMessage":"Connection to the Vault was terminated."}, cookies:[], statusCode:401]

Regards,

Rohan Pandit

did you restarted server using support ticket ? If not please do certificate install need backend restart


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

@rushikeshvartak  restarted the server via UI. Still getting the same error.

Regards,

Rohan Pandit

Raise support ticket to restart connector pod


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hello Rohan,

How did you resolve this error?

We are facing the same error. What is the cause and remediation.

 

Warm Regards,

Sai

 

 

rohanpandit
New Contributor II
New Contributor II

@rushikeshvartak still same error after system restart.

Regards,

Rohan Pandit

 

Did they restarted connector pod ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.