Hey folks, so i was working on cyberak integration a while back where one of the use case was to add a local CPM to all the safes, around july i remember the code was working well… and now the same code keeps giving me unauthorized error. Do you know whats wrong now, or if something changed ?
String identityName1="CPM0"; //round robin for CPM in prod
String appName="PAM";
String identityName="XXX"; // identity cube for whch the cpm needs addedd
String target="P-IAM-"+identityName.replace("","");
IdentityService is = new IdentityService(context);
Identity identity=context.getObjectByName(Identity.class, identityName1);
Application app=context.getObjectByName(Application.class, appName);
ProvisioningPlan plan=new ProvisioningPlan();
plan.setIdentity(identity);
plan.setTargetIntegration("Cyberark");
ProvisioningPlan.AccountRequest ar=new ProvisioningPlan.AccountRequest();
ar.setApplication(appName);
ar.setNativeIdentity("77"); // native id of CPM here
ar.setOp(ProvisioningPlan.ObjectOperation.Modify);
ar.setType("Container");
ProvisioningPlan.PermissionRequest pr=new ProvisioningPlan.PermissionRequest();
pr.setOp(ProvisioningPlan.Operation.Add);
List rights = Arrays.asList("useAccounts", "retrieveAccounts", "listAccounts", "accessWithoutConfirmation", "addAccounts","updateAccountContent","updateAccountProperties","initiateCPMAccountManagementOperations","specifyNextAccountContent","renameAccounts","createFolders","deleteFolders","moveAccountsAndFolders");
pr.setRightsList(rights);
pr.setTarget(target);
pr.setTargetCollector("Cyberark");
Attributes attributes = new Attributes();
attributes.put("assignment","true");
pr.setArguments(attributes);
ar.add(pr);
plan.addRequest(ar);
Provisioner provisioner = new Provisioner(context);
if(plan!=null) {
ProvisioningProject project = provisioner.compile(plan);
provisioner.execute(project);
}
As @mpotti mentioned validate the keys and verify whether the user is having appropriate permissions for the action.The unauthorized error is usually related to authentication/authorization issues.
Hello Mark, Jarin… so keys are fine because i am able to do a few operations, its where the safe modification comes into picture errors are coming. i have asked our CA team to check the scim service account permissions
Hello @mpotti@Jarin_James , so APi keys are correct. i tried the same script multiple times and it works like 1 out of 3 times… this has me sooo confused if its not the code and the api issue
@rohit_jaiswal1 Have you opened a ticket with Support or Expert Services? After reading some threads from CyberArk this behavior could mean that when reaching out to the server that the secret is not actually being passed. The other common thing I was seeing was permissions related. But seeing as this is working some times I don’t think it is permissions related. I would ask the question around the keys being passed to the CyberArk Server. You may also want to enable debugging on the connector and trance the logs that way. I would also ask your CyberArk team if they can look at the logs on the CyberArk side and see if any other errors come up from that side.
