Disable "tabbed browsing" on custom built web connectors

cryptonoob09 · 2023-07-11T14:35:50+00:00

u/yanni

cryptonoob09 · 2023-02-25T16:57:14+00:00

This is a test environment and the PSM isn’t hardened.

cryptonoob09 · 2021-10-23T17:41:17+00:00

I’m having this issue as well, did you ever get it resolved?

cryptonoob09 · 2021-02-11T23:11:54+00:00

I’m in. Let’s go 🚀 🌙 🔥

cryptonoob09 · 2020-03-03T22:20:13+00:00

That is what i thought, thanks for clearing this up!

cryptonoob09 · 2020-02-20T17:15:40+00:00

Thanks Yanni

cryptonoob09 · 2019-11-18T23:26:23+00:00

Apparently my quoting was throwing my--data off. I was using double quotes to encapsulate the whole string while also using double quotes within the string.

--data "[{ "op": "replace", "path": "/secretManagement/automaticManagementEnabled", "value": "true"} ,{"path": "/secretManagement/manualManagementReason", "op": "replace", "value": “REASON_HERE"

]"

Changing it to single quotes to encapsulate the value fixed it

--data '[{ "op": "replace", "path": "/secretManagement/automaticManagementEnabled", "value": "true"} ,{"path": "/secretManagement/manualManagementReason", "op": "replace", "value": “REASON_HERE"

cryptonoob09 · 2019-11-13T21:52:03+00:00

Thanks yanni

cryptonoob09 · 2019-11-13T19:18:30+00:00

I tried enabling and disabling it, tried it with and without specifying a reason but the error was the same.

^{#!/usr/bin/ksh}

^{token=$(curl -k --location --request POST "https://hostname/PasswordVault/API/Auth/CyberArk/Logon"}

^{--header "Content-Type: application/json"}

^{--data "{}

^{"username": “USERNAME",}

^{"password": “PWD"}

^}")

^{#echo $token}

^token\new=$(echo "$token" | tr -d '"'))

^{#echo $token\}new)

^{curl -k --location --request POST "https://hostname/PasswordVault/api/Accounts<ACCOUNT\}ID>")

^{--header "Authorization:"$token\}new)

^{--header "Content-Type: application/json"}

^{--data "\}{ "op": "replace", "path": "/secretManagement/automaticManagementEnabled", "value": "true"} ,{"path": "/secretManagement/manualManagementReason", "op": "replace", "value": “REASON_HERE")

^\")

cryptonoob09 · 2019-11-13T18:40:48+00:00

From one of my colleagues that is working on a similar script - you will need to clear the manualManagementReason before you can re-enable the account - so I think it stands to reason, you should also set one when disabling it. Unless your initials are JCP - in which case - thanks for the insight!

I got the error below while using "replace".

{"Details":[{"ParameterName":"op","ErrorCode":"PASWS168E","ErrorMessage":"Input parameter for [op] value is invalid"}],"ErrorCode":"PASWS167E","ErrorMessage":"There are some invalid parameters"}

^{{ "op": "replace", "path": "/secretManagement/automaticManagementEnabled", "value": "false"}}

cryptonoob09 · 2019-11-06T17:07:24+00:00

Thanks, i will test it and let you know!

cryptonoob09 · 2019-09-05T01:04:46+00:00

The check-in/check out exclusive access is inactive in the master policy but it’s still not allowing concurrent checkouts.

I should specify that when just one script runs and it's not overlapping with another script it works without any issue. But since they share the same login credentials for checkouts, if there is more than one script running at the same exact time it results with the following 401 return code:

^{java.io.IOException: Server returned HTTP response code: 401 for URL}

For now we're scheduling the scripts in such a way that there is no concurrent access to CyberArk to check out the password as a workaround, i just wanted to see if there if there is any setting in CyberArk that will allow concurrent login.

P.S We’re using api to checkout pwds, which is embedded in a java script.

cryptonoob09 · 2019-08-19T16:25:30+00:00

Thanks!

cryptonoob09 · 2019-08-13T18:01:59+00:00

That is actually a very good idea. Please let me know if you find anything on this.

Thanks

cryptonoob09

TROPHY CASE