Notifications

71 views

Description

According to the document "CyberArk credential storage integration" it is mentioned to have the support for REST (with basic authentication overrides)

Once configured the same to have the Azure Service Principal Discovery with Cyberark External Credential Store, the discovery fails with below error.

Worker-Interactive:APIProxyProbe-3464ac64db20370009a024828a96191e Found credential with id - 'xxxxxxxxxxxxxxxxxxxx' and name - 'AzureSPSNOW'.
Worker-Interactive:APIProxyProbe-3464ac64db20370009a024828a96191e DEBUG: Calling CredentialResolver to resolve Azure_SP_NP_Pass/azure/null
Worker-Interactive:APIProxyProbe-3464ac64db20370009a024828a96191e Route Headers - {secretkey=********, enrollmenttoken=$(CloudCredential.sn_cmp_ea_credential.access_key), endpointurl=, clientid=********, scriptname=azure-compute-1.0-ListSubscriptions, enrollmentnumber=********, scriptexecution=ExecuteScript, scripttype=JavaScript, tenantid=********, provider=azure-compute}
03/29/19 14:14:41 (758) Worker-Interactive:APIProxyProbe-3464ac64db20370009a024828a96191e Located proxy configuration - {capi.proxyhost=pxyapp.austest.thenational.com, capi.proxyport=8080, capi.skipproxyforssh=false, capi.proxyprotocol=http}

They have the integration of Azure credentials through the API  working for SNMPv3 and basic auth successfully, but note however that docs page (specifically the section with #dummycredentials.properties ) doesn't list the type for Azure, nor does it have examples of the keys to be set in the hashmap returned for Azure.

The credential resolver jar must return a Hashmap with proper key (case sensitive) and non-null valid values for the same in order to be properly utilized by CMP, the keys for which are mentioned below: 

  • name:
  • tenant_id: 
  • client_id: 
  • auth_method:
  • secret_key: 

The issue is that even the customer resolver passes the correct hashmap, the credential validation fails with above-mentioned error with null objects.

Steps to Reproduce

  1. Configure Azure credentials with Cyberarc
  2. Create the Azure Service Account and choose to use the Credentials from Externalcredential store (cyberarc)
  3. Execute Azure subscription discovery
  4. Returning the hashmap in the same order as mentioned, hashmap output is : {name=azure, tenant_id=xxxxxxxxxxxxxxxxxxxxxxxxx, client_id=xxxxxxxxxxxxxxxxxxxxxxxxx, auth_method=Client Secret, secret_key={[xxxxxxxxxxxxxxxxxxxxxxxxx}
  5. Still issue persists with same error mentioned below:

05/13/19 16:53:13 (135) Worker-Interactive:APIProxyProbe-ddf5098bdbd57300c80228664a9619a2 DEBUG: Using a high-security credential: HighSecurityCredential: Azure_SP_NP_Pass/azure/null
05/13/19 16:53:13 (135) Worker-Interactive:APIProxyProbe-ddf5098bdbd57300c80228664a9619a2 Found credential with id - '81ee89c8db343b40c80228664a96198b' and name - 'AzureSPSNOWNonProd'.
05/13/19 16:53:13 (151) Worker-Interactive:APIProxyProbe-ddf5098bdbd57300c80228664a9619a2 DEBUG: Calling CredentialResolver to resolve Azure_SP_NP_Pass/azure/null
05/13/19 16:53:13 (229) ECCQueueMonitor.1 DEBUG: Event: RGRPerfMetricEvent
05/13/19 16:53:13 (307) Worker-Interactive:APIProxyProbe-ddf5098bdbd57300c80228664a9619a2 Route Headers - 

Workaround

This problem is currently under review. You can contact ServiceNow Technical Support or subscribe to this Known Error article by clicking the Subscribe button at the top right of this form to be notified when more information will become available..

 


Related Problem: PRB1346683

Seen In

There is no data to report.

Intended Fix Version

Orlando

Safe Harbor Statement

This "Intended Fix Version" information is meant to outline ServiceNow's general product direction and should not be relied upon in making a purchasing decision. The information provided here is for information purposes only and may not be incorporated into any contract. It is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. The development, release, and timing of any features or functionality described for our products remains at ServiceNow's sole discretion.

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2019-08-26 02:43:14
Published:2019-07-03