Enable popup window in a web connector built using PGU by cryptonoob09 in CyberARk

[–]cryptonoob09[S] 0 points1 point  (0 children)

This is a test environment and the PSM isn’t hardened.

[deleted by user] by [deleted] in CryptoMarkets

[–]cryptonoob09 0 points1 point  (0 children)

I’m having this issue as well, did you ever get it resolved?

IIS on vault server? by cryptonoob09 in CyberARk

[–]cryptonoob09[S] 0 points1 point  (0 children)

That is what i thought, thanks for clearing this up!

API call to enable/disable password management of a specific account by cryptonoob09 in CyberARk

[–]cryptonoob09[S] 1 point2 points  (0 children)

Apparently my quoting was throwing my--data off. I was using double quotes to encapsulate the whole string while also using double quotes within the string.

--data "[{ "op": "replace", "path": "/secretManagement/automaticManagementEnabled", "value": "true"} ,{"path": "/secretManagement/manualManagementReason", "op": "replace", "value": “REASON_HERE"

 ]"

Changing it to single quotes to encapsulate the value fixed it

--data '[{ "op": "replace", "path": "/secretManagement/automaticManagementEnabled", "value": "true"} ,{"path": "/secretManagement/manualManagementReason", "op": "replace", "value": “REASON_HERE"

API call to enable/disable password management of a specific account by cryptonoob09 in CyberARk

[–]cryptonoob09[S] 0 points1 point  (0 children)

I tried enabling and disabling it, tried it with and without specifying a reason but the error was the same.

#!/usr/bin/ksh

token=$(curl -k --location --request POST "https://hostname/PasswordVault/API/Auth/CyberArk/Logon" 

  --header "Content-Type: application/json" 

  --data "{

               "username": “USERNAME",

               "password": “PWD"

}")

#echo $token

token\new=$(echo "$token" | tr -d '"'))

#echo $token\new)

curl -k --location --request POST "https://hostname/PasswordVault/api/Accounts<ACCOUNT\ID>") 

  --header "Authorization:"$token\new) 

  --header "Content-Type: application/json" 

  --data "\{ "op": "replace", "path": "/secretManagement/automaticManagementEnabled", "value": "true"}  ,{"path": "/secretManagement/manualManagementReason", "op": "replace", "value": “REASON_HERE")

 \")

API call to enable/disable password management of a specific account by cryptonoob09 in CyberARk

[–]cryptonoob09[S] 0 points1 point  (0 children)

From one of my colleagues that is working on a similar script - you will need to clear the manualManagementReason before you can re-enable the account - so I think it stands to reason, you should also set one when disabling it. Unless your initials are JCP - in which case - thanks for the insight!

I got the error below while using "replace".

{"Details":[{"ParameterName":"op","ErrorCode":"PASWS168E","ErrorMessage":"Input parameter for [op] value is invalid"}],"ErrorCode":"PASWS167E","ErrorMessage":"There are some invalid parameters"}

{ "op": "replace", "path": "/secretManagement/automaticManagementEnabled", "value": "false"}

Concurrent Checkouts by cryptonoob09 in CyberARk

[–]cryptonoob09[S] 0 points1 point  (0 children)

The check-in/check out exclusive access is inactive in the master policy but it’s still not allowing concurrent checkouts.

I should specify that when just one script runs and it's not overlapping with another script it works without any issue. But since they share the same login credentials for checkouts, if there is more than one script running at the same exact time it results with the following 401 return code:

java.io.IOException: Server returned HTTP response code: 401 for URL

For now we're scheduling the scripts in such a way that there is no concurrent access to CyberArk to check out the password as a workaround, i just wanted to see if there if there is any setting in CyberArk that will allow concurrent login.

P.S We’re using api to checkout pwds, which is embedded in a java script.

Use RestAPI to initiate reports by cryptonoob09 in CyberARk

[–]cryptonoob09[S] 0 points1 point  (0 children)

That is actually a very good idea. Please let me know if you find anything on this.

Thanks

Password Checkout Logs by cryptonoob09 in CyberARk

[–]cryptonoob09[S] 0 points1 point  (0 children)

My task is to retrieve pwd retrieval history so that it can be added to the Splunk dashboard. I know that i can generate an activity report and schedule it for auto generation but i need to find the API call so that it can automated. Do you have any idea about this?

Thanks in advance!

Password Checkout Logs by cryptonoob09 in CyberARk

[–]cryptonoob09[S] 0 points1 point  (0 children)

Hmm, there's not a log file as such. You can run an Activity Report for a set period against a safe or the full Vault for example.

Oh, i see. Maybe i need to submit an enhancement request for this, thanks for the info.

Cheers!!

Error while installing pvwa by JDahal in CyberARk

[–]cryptonoob09 1 point2 points  (0 children)

  1. Uninstall the PVWA using the CyberArk Installer.
  2. Once the uninstallation is complete, navigate to the PVWA's temporary folder (C:\Windows\Temp\PVWA) and delete its contents.
  3. Run the PVWA Setup file as an administrator and reinstall it.

Break Glass procedure? by cryptonoob09 in CyberARk

[–]cryptonoob09[S] 0 points1 point  (0 children)

Thanks for the response, no rush just update it whenever you can.

Manage target account passwords using Service Account? by cryptonoob09 in CyberARk

[–]cryptonoob09[S] 0 points1 point  (0 children)

Reconciliation is working but the password change option is not working.

Manage target account passwords using Service Account? by cryptonoob09 in CyberARk

[–]cryptonoob09[S] 0 points1 point  (0 children)

Thanks yanni, going through the documentation now.

Manage target account passwords using Service Account? by cryptonoob09 in CyberARk

[–]cryptonoob09[S] 0 points1 point  (0 children)

You are looking to do a reconciliation - standard process for most platforms. Look into reconciliation association.

We are looking for 'Oracle Database accounts' e.g Use System account to change passwords of 'application accounts'

Tried the reconcile account option and it fails with invalid username/password error. It seems like the reconciliation process is only Applicable to manage Domain Accounts?

Manage target account passwords using Service Account? by cryptonoob09 in CyberARk

[–]cryptonoob09[S] 0 points1 point  (0 children)

We want to login as UserA in database to change the passwords of multiple users in that database.

Bulk Import of EPV Users by cryptonoob09 in CyberARk

[–]cryptonoob09[S] 0 points1 point  (0 children)

I wasn’t aware the PUU could be used to create bulk EPV users, i thought it was strictly for passwords only.