The scope of the document is to provide the necessary steps to integrate CA Threat Analytics 2.0.2 with CA Privileged Access Manager 2.8.1.
Error: Service Configuration parameters are incorrect!Resolution: Ensure that the correct details are defined in CA Threat Analytics Engine and the CA TapApiUser’s account status is Enabled in CA PAM
Error: SAML 2 SSO profile is not configured for relying party https://<IP_or_FQDN>
Resolution: The Threat Analytics Address defined in CA PAM: Config >> CA Modules is automatically reflected in the TCP/UDP Services named ‘TAP-SAML-Service’ as SAML Entity ID. Ensure that the value matches the FQDN/ IP associated to the Assertion Consumer Service URL in CA Threat Analytics Administrative Application: Security.
Note: Any changes made to security settings in CA Threat Analytics Administrative Application requires restart of the Threat Analytics Engine.
Worked with Talk Prigl to fix the issue. It was time out of sync in between the two servers.
Harjeev, Did you check the time server configuration on both hosts?
Any idea why SAML in between PAM and TA won't work and logs shows as below?
I have apikey.xceedium.com in device list and ApiKey in app list. I checked logs but there is no log related "apikey" or "tap".
I will open a support case.
Thanks for your support
Do you have device apikey.xceedium.com in your device list? And a target application named "ApiKey” that is associated with this device? If you look for "apikey” or "tap” in the session logs (Click Search and enter the search text in the Details field), do you see any messages indicating a problem? If you can't get past this, please open a support case.
Sorry. I forgot a screen capture. I verified in account list and CA TAP Api user not found
Hello, You show a screenshot of your list of users. This would not include the TAP Api user account. That is a target account you should find under Targets > Account List when you go to Policy > Manage Passwords. Also, please note my warning above about the integration of TAP with 2.8.2.
‘Default’ still in PVP
Thanks for your support.
I'd like to send my server status. License is enabled and External REST API is checked.
In addition to the above, I have seen issue creating new API key when ‘Default’ Password View Policy is renamed or removed:
Tech Tip - CA Privileged Access Manager: Failed to create new API key
The account is created automatically.
Ensure that your CA PAM Appliance is licensed with TA:
Also, ensure that ‘External REST API’ is checked (Config >> Security):
I'm trying to integrate PAM 2.8.2 with TA but my PAM dont have CATapApiUser-x account. CATapApiUser also not found in User list
Can you show me how to create or enable that account?
Thank you for sharing this with the community Kelly!
Tech Tip - CA Privileged Access Manager: Setup CA Threat Analytics Server with CA PAM
Note that there currently is a problem in CA PAM 2.8.2. If you follow this procedure to establish a new integration with Threat Analytics for PAM 2.8.2, the integration will work as far as monitoring of PAM user activity by Threat Analytics is concerned, but you may find that you end up with a PAM dashboard that has no data and no Threat Analytics icon. The CA PAM engineering team is aware of the problem and working on a fix.