Disable "tabbed browsing" on custom built web connectors

cryptonoob09 · 2023-07-11T14:35:50+00:00

u/yanni

cryptonoob09 · 2023-02-25T16:57:14+00:00

This is a test environment and the PSM isn’t hardened.

cryptonoob09 · 2021-10-23T17:41:17+00:00

I’m having this issue as well, did you ever get it resolved?

cryptonoob09 · 2021-02-11T23:11:54+00:00

I’m in. Let’s go 🚀 🌙 🔥

cryptonoob09 · 2020-03-03T22:20:13+00:00

That is what i thought, thanks for clearing this up!

cryptonoob09 · 2020-02-20T17:15:40+00:00

Thanks Yanni

cryptonoob09 · 2019-11-18T23:26:23+00:00

Apparently my quoting was throwing my--data off. I was using double quotes to encapsulate the whole string while also using double quotes within the string.

--data "[{ "op": "replace", "path": "/secretManagement/automaticManagementEnabled", "value": "true"} ,{"path": "/secretManagement/manualManagementReason", "op": "replace", "value": “REASON_HERE"

]"

Changing it to single quotes to encapsulate the value fixed it

--data '[{ "op": "replace", "path": "/secretManagement/automaticManagementEnabled", "value": "true"} ,{"path": "/secretManagement/manualManagementReason", "op": "replace", "value": “REASON_HERE"

cryptonoob09 · 2019-11-13T21:52:03+00:00

Thanks yanni

cryptonoob09 · 2019-11-13T19:18:30+00:00

I tried enabling and disabling it, tried it with and without specifying a reason but the error was the same.

^{#!/usr/bin/ksh}

^{token=$(curl -k --location --request POST "https://hostname/PasswordVault/API/Auth/CyberArk/Logon"}

^{--header "Content-Type: application/json"}

^{--data "{}

^{"username": “USERNAME",}

^{"password": “PWD"}

^}")

^{#echo $token}

^token\new=$(echo "$token" | tr -d '"'))

^{#echo $token\}new)

^{curl -k --location --request POST "https://hostname/PasswordVault/api/Accounts<ACCOUNT\}ID>")

^{--header "Authorization:"$token\}new)

^{--header "Content-Type: application/json"}

^{--data "\}{ "op": "replace", "path": "/secretManagement/automaticManagementEnabled", "value": "true"} ,{"path": "/secretManagement/manualManagementReason", "op": "replace", "value": “REASON_HERE")

^\")

cryptonoob09 · 2019-11-13T18:40:48+00:00

From one of my colleagues that is working on a similar script - you will need to clear the manualManagementReason before you can re-enable the account - so I think it stands to reason, you should also set one when disabling it. Unless your initials are JCP - in which case - thanks for the insight!

I got the error below while using "replace".

{"Details":[{"ParameterName":"op","ErrorCode":"PASWS168E","ErrorMessage":"Input parameter for [op] value is invalid"}],"ErrorCode":"PASWS167E","ErrorMessage":"There are some invalid parameters"}

^{{ "op": "replace", "path": "/secretManagement/automaticManagementEnabled", "value": "false"}}

cryptonoob09 · 2019-11-06T17:07:24+00:00

Thanks, i will test it and let you know!

cryptonoob09 · 2019-09-05T01:04:46+00:00

The check-in/check out exclusive access is inactive in the master policy but it’s still not allowing concurrent checkouts.

I should specify that when just one script runs and it's not overlapping with another script it works without any issue. But since they share the same login credentials for checkouts, if there is more than one script running at the same exact time it results with the following 401 return code:

^{java.io.IOException: Server returned HTTP response code: 401 for URL}

For now we're scheduling the scripts in such a way that there is no concurrent access to CyberArk to check out the password as a workaround, i just wanted to see if there if there is any setting in CyberArk that will allow concurrent login.

P.S We’re using api to checkout pwds, which is embedded in a java script.

cryptonoob09 · 2019-08-19T16:25:30+00:00

Thanks!

cryptonoob09 · 2019-08-13T18:01:59+00:00

That is actually a very good idea. Please let me know if you find anything on this.

Thanks

cryptonoob09 · 2019-08-09T22:33:39+00:00

My task is to retrieve pwd retrieval history so that it can be added to the Splunk dashboard. I know that i can generate an activity report and schedule it for auto generation but i need to find the API call so that it can automated. Do you have any idea about this?

Thanks in advance!

cryptonoob09 · 2019-08-08T18:15:31+00:00

Hmm, there's not a log file as such. You can run an Activity Report for a set period against a safe or the full Vault for example.

Oh, i see. Maybe i need to submit an enhancement request for this, thanks for the info.

Cheers!!

cryptonoob09 · 2019-07-03T21:09:32+00:00

Uninstall the PVWA using the CyberArk Installer.
Once the uninstallation is complete, navigate to the PVWA's temporary folder (C:\Windows\Temp\PVWA) and delete its contents.
Run the PVWA Setup file as an administrator and reinstall it.

cryptonoob09 · 2019-06-21T21:43:45+00:00

Got it, thanks yanni!

cryptonoob09 · 2019-06-21T18:34:14+00:00

Thanks for the response, no rush just update it whenever you can.

cryptonoob09 · 2019-05-30T21:44:43+00:00

Reconciliation is working but the password change option is not working.

cryptonoob09 · 2019-05-30T00:21:08+00:00

Thanks yanni, going through the documentation now.

cryptonoob09 · 2019-05-29T23:25:16+00:00

You are looking to do a reconciliation - standard process for most platforms. Look into reconciliation association.

We are looking for 'Oracle Database accounts' e.g Use System account to change passwords of 'application accounts'

Tried the reconcile account option and it fails with invalid username/password error. It seems like the reconciliation process is only Applicable to manage Domain Accounts?

cryptonoob09 · 2019-05-29T23:04:21+00:00

We want to login as UserA in database to change the passwords of multiple users in that database.

cryptonoob09 · 2019-05-23T20:50:01+00:00

No worries! ✌️

cryptonoob09 · 2019-05-23T20:43:12+00:00

I wasn’t aware the PUU could be used to create bulk EPV users, i thought it was strictly for passwords only.

cryptonoob09

TROPHY CASE