How to configure parameter on MidServer for integration with CyberArk?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2022 04:05 AM
Hi,
I am configuring the mid server for integration with cyberark.
I imported the jar package into the instance (file "JavaPasswordSDK.jar" on record created in "MID Server > JAR Files" module) and did a restart mid server from the instance.
Then when I opened the "config.xml" file in the mid installation folder, I saw that there were no cyberark parameters. I manually added those in the docs: https://docs.servicenow.com/bundle/rome-servicenow-platform/page/product/credentials/task/t_ConfigureTheMIDServerForCyberArk.html
I set the parameters with the values shared with the CyberArk team. After the creation of the new credential on the table, the test through Ui Action fails.
Is the procedure I used correct?
Regards, Giovanni
- Labels:
-
Discovery
-
Event Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2022 05:49 AM
Might be the Java classpath - had something similar from quite a while ago, not sure if still a thing. The Jar files go to libext, but lib is default classpath.
https://wrapper.tanukisoftware.com/doc/english/prop-java-classpath-n.html
I can't find my post from a while back, something like, "Is there a way to change the MID server classpath?" Thanks Tim Broberg
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2022 10:11 AM
Giovanni,
From your description, steps 3 and 4 listed below have been completed. Did you complete steps 1, 2, and 5? All the steps are required for a successful CyberArk Integration.
- Configure the CyberArk vault.
- Install the CyberArk AIM Client.
- Import the CyberArk JAR file.
- Configure the MID Server for CyberArk - config.xml.
- Configure the CyberArk credential identifier.
If yes, then looking at the CyberArk logs on the MID server is helpful. The logs provide more information to help determine CyberArk is successfully retrieving the credentials from the CyberArk safe. The CyberArk logs are located on the MID server where the CyberArk AIM client is installed in the following directory (default installation):
C:\Program Files (x86)\CyberArk\ApplicationPasswordProvider\Logs
There are 3 separate CyberArk log files in the Logs directory: 1) APPConsole, 2) APPAudit, and 3) APPTrace. The APPConsole and APPAudit are helpful in troubleshooting. The APPConsole log shows if the CyberArk AIM client is communicating successfully with the CyberArk Vault. The APPAudit log shows successful password retrievals from the CyberArk Vault.
When troubleshooting, I suggest starting with the APPConsole log first (3 log entries to determine successful communication to CyberArk Vault). Then, looking at the APPAudit log file to determine successful credential retrievals.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2022 02:10 AM
Hi chuckm,
Yes, I complete also the steps 1,2,5. Thanks for support, i'm checking the logs file that you suggested to me.
For step 4, is it correct to manually add the cyberark parameters in the config.xml file manually, or do I have to go a different way?
Regards, Giovanni
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2022 06:14 AM