How to configure parameter on MidServer for integration with CyberArk?

Giovanni Eggidi
Tera Contributor

Hi,

I am configuring the mid server for integration with cyberark.
I imported the jar package into the instance (file "JavaPasswordSDK.jar" on record created in "MID Server > JAR Files" module) and did a restart mid server from the instance.

Then when I opened the "config.xml" file in the mid installation folder, I saw that there were no cyberark parameters. I manually added those in the docs: https://docs.servicenow.com/bundle/rome-servicenow-platform/page/product/credentials/task/t_ConfigureTheMIDServerForCyberArk.html

I set the parameters with the values shared with the CyberArk team. After the creation of the new credential on the table, the test through Ui Action fails.
Is the procedure I used correct?

Regards, Giovanni

14 REPLIES 14

Jeff Boltz1
Mega Guru

Might be the Java classpath - had something similar from quite a while ago, not sure if still a thing.  The Jar files go to libext, but lib is default classpath.  

https://wrapper.tanukisoftware.com/doc/english/prop-java-classpath-n.html

 

I can't find my post from a while back, something like, "Is there a way to change the MID server classpath?"  Thanks Tim Broberg

chuckm
Giga Guru

Giovanni,

From your description, steps 3 and 4 listed below have been completed. Did you complete steps 1, 2, and 5?  All the steps are required for a successful CyberArk Integration.

  1. Configure the CyberArk vault.
  2. Install the CyberArk AIM Client.
  3. Import the CyberArk JAR file.
  4. Configure the MID Server for CyberArk - config.xml.
  5. Configure the CyberArk credential identifier.

If yes, then looking at the CyberArk logs on the MID server is helpful.  The logs provide more information to help determine CyberArk is successfully retrieving the credentials from the CyberArk safe. The CyberArk logs are located on the MID server where the CyberArk AIM client is installed in the following directory (default installation):

C:\Program Files (x86)\CyberArk\ApplicationPasswordProvider\Logs

There are 3 separate CyberArk log files in the Logs directory: 1) APPConsole, 2) APPAudit, and 3) APPTrace. The APPConsole and APPAudit are helpful in troubleshooting. The APPConsole log shows if the CyberArk AIM client is communicating successfully with the CyberArk Vault. The APPAudit log shows successful password retrievals from the CyberArk Vault.

When troubleshooting, I suggest starting with the APPConsole log first (3 log entries to determine successful communication to CyberArk Vault). Then, looking at the APPAudit log file to determine successful credential retrievals.

Hi chuckm,

Yes, I complete also the steps 1,2,5. Thanks for support, i'm checking the logs file that you suggested to me.

For step 4, is it correct to manually add the cyberark parameters in the config.xml file manually, or do I have to go a different way?

Regards, Giovanni

Giovanni,

Yes, manually added the CyberArk parameters to the config.xml file.

find_real_file.png