How to configure parameter on MidServer for integration with CyberArk?

Giovanni Eggidi
Tera Contributor

‎05-10-2022 04:05 AM

Hi,

I am configuring the mid server for integration with cyberark.
I imported the jar package into the instance (file "JavaPasswordSDK.jar" on record created in "MID Server > JAR Files" module) and did a restart mid server from the instance.

Then when I opened the "config.xml" file in the mid installation folder, I saw that there were no cyberark parameters. I manually added those in the docs: https://docs.servicenow.com/bundle/rome-servicenow-platform/page/product/credentials/task/t_ConfigureTheMIDServerForCyberArk.html

I set the parameters with the values shared with the CyberArk team. After the creation of the new credential on the table, the test through Ui Action fails.
Is the procedure I used correct?

Regards, Giovanni

Labels:
0 Helpfuls
  • 2,462 Views
14 REPLIES 14

chuckm
Giga Guru

‎05-11-2022 06:29 AM

Giovanni,

A more detailed example of the CyberArk logs might be helpful. When troubleshooting, I suggest looking at the logs in this order: 1) APPConsole and then 2) APPAudit.

find_real_file.png

1) APPConsole
The APPConsole log shows if the CyberArk AIM client is successfully communicating with the CyberArk Vault. Successful communication with the CyberArk Vault generates 3 separate log entries in the APPConsole log file as shown.

[05/07/2020 | 13:09:48] | :: | APPAP032I Main parameters file [main_appprovider.conf.Win64.10.05] was loaded successfully
[05/07/2020 | 13:09:48] | :: | APPAP258I Supported addresses for this provider [10.10.10.10;SNOWMID01;SNOWMID01.lab1.com]
[05/07/2020 | 13:09:48] | :: | APPAP035I Application Password Provider [Prov_SNOWMID01] on machine [10.10.10.10] version [10.5.1.3] is up [AIM Mode] and working with Vault [10.20.20.20]

2) APPAudit
The APPAudit log shows successful password retrievals from the CyberArk Vault. In the example, one credential was successfully retrieved from the CyberArk Vault (Provider Prov_SNOWMID01 has successfully fetched password).

[05/07/2020 | 13:10:22] | :: | APPAU001I Provider Prov_SNOWMID01 has successfully fetched password [safe=ccc,folder=ccc,name=ccc] with query [safe=ccc;folder=ccc;object=ccc] for application [ccc]. Fetch reason: []

Note: Stopping and restarting the CyberArk Application Password Provider service will archive the logs to the C:\Program Files (x86)\CyberArk\ApplicationPasswordProvider\Logs\old directory and start with clean log files.

Preview file
27 KB
Preview file
41 KB
Preview file
36 KB
Preview file
39 KB
Preview file
33 KB
0 Helpfuls

Giovanni Eggidi
Tera Contributor
In response to chuckm

‎05-16-2022 01:21 AM

Hi, thanks for your support.

Currently, I have this situation:

- APPConsole.log

[09/05/2022 | 15:25:40] |  ::  | APPAP032I Main parameters file [<...>] was loaded successfully
[09/05/2022 | 15:25:40] |  ::  | APPAP258I Supported addresses for this provider [<...>]
[09/05/2022 | 15:25:41] |  ::  | APPAP341I Found cache encryption key in cache safe for Credential Provider user <...>
[09/05/2022 | 15:25:41] |  ::  | APPAP035I Application Password Provider [<...>] on machine [<...>] version [12.4.1.13] is up [AAM mode] and working with Vault [<...>]
[15/05/2022 | 09:38:29] |  ::  | APPAP289E Connection to the Vault has failed. Further attempts to connect to the Vault will be avoided for [1] minutes.
[15/05/2022 | 09:38:29] |  ::  | APPAP097I Connection to the Vault has been restored
[15/05/2022 | 21:39:05] |  ::  | APPAP289E Connection to the Vault has failed. Further attempts to connect to the Vault will be avoided for [1] minutes.
[15/05/2022 | 21:47:57] |  ::  | APPAP097I Connection to the Vault has been restored

- APPAudit.log

This file is empty.

Do I proceed to reset the CyberArk Application Password Provider?

Regards, Giovanni

0 Helpfuls

chuckm
Giga Guru
In response to Giovanni Eggidi

‎05-16-2022 07:59 AM

Giovanni,

Based on the APPConsole log (1st four log entries), it looks like the AIM client is successfully communicating with the CyberArk Vault.  The two entries where the Vault has failed and restored (15/05/2022) could be intermittent network connectivity issues.

The APPAudit log will be empty until you attempt to retrieve a credential from the vault.  I suggest attempting a credential retrieval from the vault and see if you get a log entry in the APPAudit.log.  In the example above, one credential retrieval will show up as one log entry in the APPAudit log as follows:

[05/07/2020 | 13:10:22] | :: | APPAU001I Provider Prov_SNOWMID01 has successfully fetched password [safe=ccc,folder=ccc,name=ccc] with query [safe=ccc;folder=ccc;object=ccc] for application [ccc]. Fetch reason: []

0 Helpfuls

Giovanni Eggidi
Tera Contributor
In response to chuckm

‎05-16-2022 02:53 PM

Hi chuckm,

thanks for your support. I am trying to retrieve the credentials via the UI Action "Test Credential".

I expected that after this test I would see something in the APPAudit.log file, shouldn't this be the behavior?

In the meantime I am trying to insert only the two necessary parameters in the config.xml file

 

0 Helpfuls

chuckm
Giga Guru
In response to Giovanni Eggidi

‎05-17-2022 06:19 AM

Giovanni,

The CyberArk parameters referenced above are required in the Config.xml for the CyberArk Integration to work.  I suggest entering the parameters and then restarting the MID Server service prior to testing with the UI Action "Test Credential".

If you are using the <safe>:<credential ID> format for the Credential ID field, refer to this community article: Unable to get CyberArk credentials.  It shows an example of the configuration for the <safe>:<credential ID> format where the ext.cred.use_cyberark and ext.cred.safe_folder are used in the Config.xml.

0 Helpfuls