How to configure parameter on MidServer for integration with CyberArk?

Giovanni Eggidi · ‎05-10-2022

Hi,

I am configuring the mid server for integration with cyberark.
I imported the jar package into the instance (file "JavaPasswordSDK.jar" on record created in "MID Server > JAR Files" module) and did a restart mid server from the instance.

Then when I opened the "config.xml" file in the mid installation folder, I saw that there were no cyberark parameters. I manually added those in the docs: https://docs.servicenow.com/bundle/rome-servicenow-platform/page/product/credentials/task/t_ConfigureTheMIDServerForCyberArk.html

I set the parameters with the values shared with the CyberArk team. After the creation of the new credential on the table, the test through Ui Action fails.
Is the procedure I used correct?

Regards, Giovanni

Giovanni Eggidi · ‎05-20-2022

Hi chuckm,

thanks to your support, I am proceeding with the configurations and tests, I have had new results but the Test Credential always fails.

Below I send you the logs received with the last test:

Last log of APPConsole file

[19/05/2022 | 17:30:12] |  ::  | APPAP002E Provider <XXX> has failed to fetch password with query [<XXX>] for application [ServiceNow_MID_Server_svil]. Fetch reason: [[AppID: ServiceNow_MID_Server_svil] ]. Failure reason: [APPAP004E Password object matching query [<XXX>] was not found (Diagnostic Info: 5). Please check that there is a password object that answers your query in the Vault and that both the Provider and the application user have the appropriate permissions needed in order to use the password.]

Last log of APPAudit file

[20/05/2022 | 12:49:16] |  ::  | APPAU001I Provider <XXX> has successfully fetched password [<XXX>] with query [<XXX>] for application [ServiceNow_MID_Server_svil]. Fetch reason: []

Log on MidServer regarded this test

2022-05-20 12:49:16  (857) Worker-Interactive:CommandPipeline-959d028a872fc590fadfea083cbb35ba SEVERE *** ERROR *** The requested type of credential was UnixSSH, however, a credential type of <XXX> was found.  Please check your Credential Type and Credential ID
2022-05-20 12:49:16  (857) Worker-Interactive:CommandPipeline-959d028a872fc590fadfea083cbb35ba SEVERE *** ERROR *** Problem with client's CredentialResolver: CredentialResolver.resolve returned null

Can I resolve this error? I hope it is the last

Thanks&Regards, Giovanni

chuckm · ‎05-22-2022

Giovanni,

The first error message suggests that the ServiceNow attribute CredentialID may not be formatted correctly. Check if the CredentialID format in ServiceNow matches the Safe and Name in CyberArk. For example, if using <safe>:<credential ID> for Credential the values come from Safe and Name as follows:

Windows Credential

CyberArk Account Detail

chuckm · ‎07-19-2022

Giovanni,

Did you get the CyberArk integration working with your MID Server? If you did, just curious what was the resolution.

SELECT Username · ‎05-12-2022

Have you enabled the External Credential Storage plugin? Also, to pick up changes from config.xml, the MID needs to be restarted. Did you validate that the MID has been restarted AFTER you added to the file? Have you verified that the jar file got copied to the MID after it was added to the instance?

chuckm · ‎05-15-2022

Giovanni,

Other community articles that may be helpful:

Unable to get CyberArk credentials

ServiceNow Integration with CyberArk:How to specify credential ID in ServiceNow when multiple host n...