Symantec Privileged Access Management

Good day,

I would like to configure Office365 with PAM 3.2.5 but I have some problems.

Once inserted all the information requested for the integration, I received a "connect time out" error when I tried to test the connection with the PING button.
At the beginning I though about ports problem but checking the Tomcat log I received the following error:

Jan 27, 2020 11:15:22 AM com.ca.pam.rest.Office365Service ping
SEVERE: Call to Gatekeeper service controller failed: java.net.SocketTimeoutException: connect timed out
Jan 27, 2020 11:15:22 AM com.sun.jersey.spi.container.ContainerResponse logException
FINE: Mapped exception to response: 400 (Bad Request)


My questions are:

- Since the error that I received is a Bad Request, there are a way to check which type of request PAM send? Or do you have some suggestion regarding the troubleshooting?

- There are a list of ports to be open for the integration? Or must be open only the ports (e.g. the default 443) of Security Token Service (STS) Endpoint and Microsoft Online Portal?

- There are some example (document, article, video, etc.) regarding the O365 integration with PAM?
In the community I found a thread with a link but is not active anymore:

https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=780007


Thanks for your help.


Regards,
Andrea Gimmelli

Hello Andrea, Yes, there is not much documentation for this feature. The Ping tries to connect to the configured Endpoint URL and Portal URL. It just trying a connect on a java.net.HttpURLConnection object. Your URLs would either include a port, or use implicit ports, HTTP=80 or HTTPS=443. You can use the Configuration > Tools page to check connectivity.
Original Message:
Sent: 01-27-2020 08:20 AM
From: Andrea Gimmelli
Subject: PAM 3.2.5 - Office365 integration

Good day,

I would like to configure Office365 with PAM 3.2.5 but I have some problems.

Once inserted all the information requested for the integration, I received a "connect time out" error when I tried to test the connection with the PING button.
At the beginning I though about ports problem but checking the Tomcat log I received the following error:

Jan 27, 2020 11:15:22 AM com.ca.pam.rest.Office365Service ping
SEVERE: Call to Gatekeeper service controller failed: java.net.SocketTimeoutException: connect timed out
Jan 27, 2020 11:15:22 AM com.sun.jersey.spi.container.ContainerResponse logException
FINE: Mapped exception to response: 400 (Bad Request)


My questions are:

- Since the error that I received is a Bad Request, there are a way to check which type of request PAM send? Or do you have some suggestion regarding the troubleshooting?

- There are a list of ports to be open for the integration? Or must be open only the ports (e.g. the default 443) of Security Token Service (STS) Endpoint and Microsoft Online Portal?

- There are some example (document, article, video, etc.) regarding the O365 integration with PAM?
In the community I found a thread with a link but is not active anymore:

https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=780007


Thanks for your help.


Regards,
Andrea Gimmelli

Hello Ralf,
Thanks for your feedback, really appreciate that.

Just last question, since the log's output send me a "400 - bad request" I suppose that the port are open (but I will double check it) but the message that it send during the PING it's not correct.
I don't know if the problem can be generated by the context data configured,

Is there any way to see the request that PAM sends?

Regards,
Andrea Gimmelli
Original Message:
Sent: 01-30-2020 02:10 PM
From: Ralf Prigl
Subject: PAM 3.2.5 - Office365 integration

Hello Andrea, Yes, there is not much documentation for this feature. The Ping tries to connect to the configured Endpoint URL and Portal URL. It just trying a connect on a java.net.HttpURLConnection object. Your URLs would either include a port, or use implicit ports, HTTP=80 or HTTPS=443. You can use the Configuration > Tools page to check connectivity.
Original Message:
Sent: 01-27-2020 08:20 AM
From: Andrea Gimmelli
Subject: PAM 3.2.5 - Office365 integration

Good day,

I would like to configure Office365 with PAM 3.2.5 but I have some problems.

Once inserted all the information requested for the integration, I received a "connect time out" error when I tried to test the connection with the PING button.
At the beginning I though about ports problem but checking the Tomcat log I received the following error:

Jan 27, 2020 11:15:22 AM com.ca.pam.rest.Office365Service ping
SEVERE: Call to Gatekeeper service controller failed: java.net.SocketTimeoutException: connect timed out
Jan 27, 2020 11:15:22 AM com.sun.jersey.spi.container.ContainerResponse logException
FINE: Mapped exception to response: 400 (Bad Request)


My questions are:

- Since the error that I received is a Bad Request, there are a way to check which type of request PAM send? Or do you have some suggestion regarding the troubleshooting?

- There are a list of ports to be open for the integration? Or must be open only the ports (e.g. the default 443) of Security Token Service (STS) Endpoint and Microsoft Online Portal?

- There are some example (document, article, video, etc.) regarding the O365 integration with PAM?
In the community I found a thread with a link but is not active anymore:

https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=780007


Thanks for your help.


Regards,
Andrea Gimmelli

Hi Ralf

I need to design a work plan to integrate office365, unfortunately there is not much documentation about it and I cannot understand how I synchronize a privileged account to access the administration of office365.

I would like to know if there is a document or article regarding what steps to take after configuring the required data in the Configuration / 3rd Party / Microsoft Office option.

• Do I have to create a specific target application for Office365 or which one is it used for?

• Should I create a TCP / UDP service for access or can I use the service named as MS Office 365?

• The MS Office 365 service to which EndPoint should be assigned for use?

Can someone give me instructions or references on how to integrate office365?

Thanks
Original Message:
Sent: 01-30-2020 02:10 PM
From: Ralf Prigl
Subject: PAM 3.2.5 - Office365 integration

Hello Andrea, Yes, there is not much documentation for this feature. The Ping tries to connect to the configured Endpoint URL and Portal URL. It just trying a connect on a java.net.HttpURLConnection object. Your URLs would either include a port, or use implicit ports, HTTP=80 or HTTPS=443. You can use the Configuration > Tools page to check connectivity.
Original Message:
Sent: 01-27-2020 08:20 AM
From: Andrea Gimmelli
Subject: PAM 3.2.5 - Office365 integration

Good day,

I would like to configure Office365 with PAM 3.2.5 but I have some problems.

Once inserted all the information requested for the integration, I received a "connect time out" error when I tried to test the connection with the PING button.
At the beginning I though about ports problem but checking the Tomcat log I received the following error:

Jan 27, 2020 11:15:22 AM com.ca.pam.rest.Office365Service ping
SEVERE: Call to Gatekeeper service controller failed: java.net.SocketTimeoutException: connect timed out
Jan 27, 2020 11:15:22 AM com.sun.jersey.spi.container.ContainerResponse logException
FINE: Mapped exception to response: 400 (Bad Request)


My questions are:

- Since the error that I received is a Bad Request, there are a way to check which type of request PAM send? Or do you have some suggestion regarding the troubleshooting?

- There are a list of ports to be open for the integration? Or must be open only the ports (e.g. the default 443) of Security Token Service (STS) Endpoint and Microsoft Online Portal?

- There are some example (document, article, video, etc.) regarding the O365 integration with PAM?
In the community I found a thread with a link but is not active anymore:

https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=780007


Thanks for your help.


Regards,
Andrea Gimmelli