Symantec Privileged Access Management

Hello,

I am utilizing the CA PAM APIs available. I am trying to add a target account to an existing Device and Target Application.

I had tested this last Friday and it was successful. Few days later I tested again to try and attached a new target account to the same Device and Target Application, but it prompts me an error message:
"Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

What does this mean? I have also deleted that account that was successful and retried it again, now it gives me that error too.

Please let me know what this could mean.

Thanks.

Hello Tiffany, Please provide more information on the API call you are making. You must be missing a required parameter. E.g. for a UNIX target application you need to specify whether the account can change its own password, or if another account is used to change the password. In the latter case you need to add information for the other account.
Original Message:
Sent: 06-05-2019 10:38 AM
From: Tiffany Kongpachith
Subject: "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

Hello,

I am utilizing the CA PAM APIs available. I am trying to add a target account to an existing Device and Target Application.

I had tested this last Friday and it was successful. Few days later I tested again to try and attached a new target account to the same Device and Target Application, but it prompts me an error message:
"Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

What does this mean? I have also deleted that account that was successful and retried it again, now it gives me that error too.

Please let me know what this could mean.

Thanks.

@Ralf Prigl,

I am trying to add a Target Account to a Target Application that's assigned to a Device already.

The PAM APIs that I am using is the ​POST - https://<host>/api.php/v1/devices.json/{deviceID}/targetApplications/{targetApplicationID}/targetAccounts from the API Doc on the PAM Client.

The request body looks like this with the bold requirements:
{
"accountName": "Jane",
"aliasNames": "Jane/Doe",
"attributes":null,
"cacheBehavior":null,
"cacheDuration":null,
"description1":null,
"description2":null,
"password": "<password-here>",
"passwordViewPolicyId":null,
"privileged": "t",
"synchronize":null,
"useAliasNameParameter":null
}

I had ran this request once before and it created the Target Account successfully, unfortunately we had a minor power outage and as it rebooted, I ran the same request just added a different Target Account to the same Application tied to the Device and it prompted me that error message above. I also deleted the successful account that worked and try adding it again and it failed with that same error message.

Can we not attach multiple Target Accounts to one Target Application? Or must it be one Account to one Application only? By that request body, is there any missing parameters by the looks of it?

Let me know your thoughts. Thanks!
Original Message:
Sent: 06-05-2019 04:37 PM
From: Ralf Prigl
Subject: "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

Hello Tiffany, Please provide more information on the API call you are making. You must be missing a required parameter. E.g. for a UNIX target application you need to specify whether the account can change its own password, or if another account is used to change the password. In the latter case you need to add information for the other account.
Original Message:
Sent: 06-05-2019 10:38 AM
From: Tiffany Kongpachith
Subject: "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

Hello,

I am utilizing the CA PAM APIs available. I am trying to add a target account to an existing Device and Target Application.

I had tested this last Friday and it was successful. Few days later I tested again to try and attached a new target account to the same Device and Target Application, but it prompts me an error message:
"Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

What does this mean? I have also deleted that account that was successful and retried it again, now it gives me that error too.

Please let me know what this could mean.

Thanks.

Hi Tiffany, What parameter are required for a target account depends on the type of target application it is added to. You still didn't say what type of target application you have. I don't think it's possible that there would be a difference between adding the first and addition additional accounts, something must be different in the request, or the target application.
Original Message:
Sent: 06-21-2019 08:36 AM
From: Tiffany Kongpachith
Subject: "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

@Ralf Prigl,

I am trying to add a Target Account to a Target Application that's assigned to a Device already.

The PAM APIs that I am using is the ​POST - https://<host>/api.php/v1/devices.json/{deviceID}/targetApplications/{targetApplicationID}/targetAccounts from the API Doc on the PAM Client.

The request body looks like this with the bold requirements:
{
"accountName": "Jane",
"aliasNames": "Jane/Doe",
"attributes":null,
"cacheBehavior":null,
"cacheDuration":null,
"description1":null,
"description2":null,
"password": "<password-here>",
"passwordViewPolicyId":null,
"privileged": "t",
"synchronize":null,
"useAliasNameParameter":null
}

I had ran this request once before and it created the Target Account successfully, unfortunately we had a minor power outage and as it rebooted, I ran the same request just added a different Target Account to the same Application tied to the Device and it prompted me that error message above. I also deleted the successful account that worked and try adding it again and it failed with that same error message.

Can we not attach multiple Target Accounts to one Target Application? Or must it be one Account to one Application only? By that request body, is there any missing parameters by the looks of it?

Let me know your thoughts. Thanks!
Original Message:
Sent: 06-05-2019 04:37 PM
From: Ralf Prigl
Subject: "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

Hello Tiffany, Please provide more information on the API call you are making. You must be missing a required parameter. E.g. for a UNIX target application you need to specify whether the account can change its own password, or if another account is used to change the password. In the latter case you need to add information for the other account.
Original Message:
Sent: 06-05-2019 10:38 AM
From: Tiffany Kongpachith
Subject: "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

Hello,

I am utilizing the CA PAM APIs available. I am trying to add a target account to an existing Device and Target Application.

I had tested this last Friday and it was successful. Few days later I tested again to try and attached a new target account to the same Device and Target Application, but it prompts me an error message:
"Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

What does this mean? I have also deleted that account that was successful and retried it again, now it gives me that error too.

Please let me know what this could mean.

Thanks.

Hi @Ralf Prigl,

The Target Application is Windows Remote. I have no just tested the same use case to another Application that was Generic for the Application Type. I am not sure as to why I was about to add multiple Target Accounts to that NEW Target Application but the one that I am trying to do prompts me that error message.​

Does it need to be Generic for the application type in order for it to work? Does Windows Remote type not allow for adding Target Accounts to the Application?

Let me know what your thoughts are. Thanks for the feedback.
Original Message:
Sent: 06-21-2019 09:29 AM
From: Ralf Prigl
Subject: "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

Hi Tiffany, What parameter are required for a target account depends on the type of target application it is added to. You still didn't say what type of target application you have. I don't think it's possible that there would be a difference between adding the first and addition additional accounts, something must be different in the request, or the target application.
Original Message:
Sent: 06-21-2019 08:36 AM
From: Tiffany Kongpachith
Subject: "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

@Ralf Prigl,

I am trying to add a Target Account to a Target Application that's assigned to a Device already.

The PAM APIs that I am using is the ​POST - https://<host>/api.php/v1/devices.json/{deviceID}/targetApplications/{targetApplicationID}/targetAccounts from the API Doc on the PAM Client.

The request body looks like this with the bold requirements:
{
"accountName": "Jane",
"aliasNames": "Jane/Doe",
"attributes":null,
"cacheBehavior":null,
"cacheDuration":null,
"description1":null,
"description2":null,
"password": "<password-here>",
"passwordViewPolicyId":null,
"privileged": "t",
"synchronize":null,
"useAliasNameParameter":null
}

I had ran this request once before and it created the Target Account successfully, unfortunately we had a minor power outage and as it rebooted, I ran the same request just added a different Target Account to the same Application tied to the Device and it prompted me that error message above. I also deleted the successful account that worked and try adding it again and it failed with that same error message.

Can we not attach multiple Target Accounts to one Target Application? Or must it be one Account to one Application only? By that request body, is there any missing parameters by the looks of it?

Let me know your thoughts. Thanks!
Original Message:
Sent: 06-05-2019 04:37 PM
From: Ralf Prigl
Subject: "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

Hello Tiffany, Please provide more information on the API call you are making. You must be missing a required parameter. E.g. for a UNIX target application you need to specify whether the account can change its own password, or if another account is used to change the password. In the latter case you need to add information for the other account.
Original Message:
Sent: 06-05-2019 10:38 AM
From: Tiffany Kongpachith
Subject: "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

Hello,

I am utilizing the CA PAM APIs available. I am trying to add a target account to an existing Device and Target Application.

I had tested this last Friday and it was successful. Few days later I tested again to try and attached a new target account to the same Device and Target Application, but it prompts me an error message:
"Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

What does this mean? I have also deleted that account that was successful and retried it again, now it gives me that error too.

Please let me know what this could mean.

Thanks.

The Rest API only supports account creation for target applications of type Generic or UNIX at this time. For other target applications, please use the Credential Manager Remote CLI or Java API, see https://docops.ca.com/ca-privileged-access-manager/3-3/EN/programming/credential-manager-remote-cli-and-java-api.
Original Message:
Sent: 06-21-2019 09:57 AM
From: Tiffany Kongpachith
Subject: "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

Hi @Ralf Prigl,

The Target Application is Windows Remote. I have no just tested the same use case to another Application that was Generic for the Application Type. I am not sure as to why I was about to add multiple Target Accounts to that NEW Target Application but the one that I am trying to do prompts me that error message.​

Does it need to be Generic for the application type in order for it to work? Does Windows Remote type not allow for adding Target Accounts to the Application?

Let me know what your thoughts are. Thanks for the feedback.
Original Message:
Sent: 06-21-2019 09:29 AM
From: Ralf Prigl
Subject: "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

Hi Tiffany, What parameter are required for a target account depends on the type of target application it is added to. You still didn't say what type of target application you have. I don't think it's possible that there would be a difference between adding the first and addition additional accounts, something must be different in the request, or the target application.
Original Message:
Sent: 06-21-2019 08:36 AM
From: Tiffany Kongpachith
Subject: "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

@Ralf Prigl,

I am trying to add a Target Account to a Target Application that's assigned to a Device already.

The PAM APIs that I am using is the ​POST - https://<host>/api.php/v1/devices.json/{deviceID}/targetApplications/{targetApplicationID}/targetAccounts from the API Doc on the PAM Client.

The request body looks like this with the bold requirements:
{
"accountName": "Jane",
"aliasNames": "Jane/Doe",
"attributes":null,
"cacheBehavior":null,
"cacheDuration":null,
"description1":null,
"description2":null,
"password": "<password-here>",
"passwordViewPolicyId":null,
"privileged": "t",
"synchronize":null,
"useAliasNameParameter":null
}

I had ran this request once before and it created the Target Account successfully, unfortunately we had a minor power outage and as it rebooted, I ran the same request just added a different Target Account to the same Application tied to the Device and it prompted me that error message above. I also deleted the successful account that worked and try adding it again and it failed with that same error message.

Can we not attach multiple Target Accounts to one Target Application? Or must it be one Account to one Application only? By that request body, is there any missing parameters by the looks of it?

Let me know your thoughts. Thanks!
Original Message:
Sent: 06-05-2019 04:37 PM
From: Ralf Prigl
Subject: "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

Hello Tiffany, Please provide more information on the API call you are making. You must be missing a required parameter. E.g. for a UNIX target application you need to specify whether the account can change its own password, or if another account is used to change the password. In the latter case you need to add information for the other account.
Original Message:
Sent: 06-05-2019 10:38 AM
From: Tiffany Kongpachith
Subject: "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

Hello,

I am utilizing the CA PAM APIs available. I am trying to add a target account to an existing Device and Target Application.

I had tested this last Friday and it was successful. Few days later I tested again to try and attached a new target account to the same Device and Target Application, but it prompts me an error message:
"Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: PAM-CM-3454: Change process not specified. Check log for details."

What does this mean? I have also deleted that account that was successful and retried it again, now it gives me that error too.

Please let me know what this could mean.

Thanks.