CyberArk credential identifier configuration with option credential ID = 'blank', fails with error:

'ABC' Provider 'XYZ' has failed to fetch password with query [safe=<SAFENAME>;folder=<Folder name>;address=<IP Address>;policyid=<PolicyName>] for application [ServiceNow_MID_Server]. Fetch reason: [[AppID: ServiceNow_MID_Server] ]. Failure reason: ['ABC' Password object matching query [safe=^<SAFENAME>;folder=<Folder name>;address=<IP Address>;policyid=<PolicyName>] was not found (Diagnostic Info: 5). Please check that there is a password object that answers your query in the Vault and that both the Provider and the application user have the appropriate permissions needed in order to use the password.]


Credential lookup initially attempts to match the specified credential ID to an existing value in the CyberArk vault Name field. If a match is found, that credential is returned. If no match is found, the credential lookup attempts to find a match using the IP address. If the IP address lookup matches more than one credential, such as Windows and Tomcat on the same server, the lookup fails.


  1. Set the ext.cred.type_specifier parameter in the MID Server config.xml file to true to force CyberArk to return credentials.
  2. And restart the MID Server to take effect the changes.

Additional Information

  1. Configure the CyberArk credential identifier
  2. CyberArk credential storage integration

Article Information

Last Updated:2020-10-15 05:17:38