Symantec Privileged Access Management

When attempting to add an account that utilizes SSH Keys for password rotation I get the following error:
"error": {
"code": 400, "message": "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: No response from Password Authority. Check log for details."

/api.php/v1/devices.json/{deviceId}/targetApplications/{applicationId}/targetAccounts

I added the correct deviceId and applicationId to the appropriate fields before hitting the "Try it out!" button.

I entered the json below into the POST section for devices:
note: the public and private key are base64 encoded as the documentation suggests.

{
 "accountName":"p-capam",
 "aliasNames":null,
 "attributes":{
 "keyOptions":null,
 "verifyThroughOtherAccount":"false",
 "discoveryAllowed":"f",
 "publicKey":"ssh-rsa AAAAB3NzaC1ycLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM== root@capam",
 "protocol":"SSH2_PUBLIC_KEY_AUTH",
 "passphrase":"Test$1234",
 "privetKey":null,
 "otherAccount":null,
 "descriptor2":null,
 "discoveryGlobal":"f",
 "descriptor1":null,
 "extensionType":"unixII",
 "useOtherAccountToChangePassword":"false",
 "passwordChangeMethod":"USE_SUDO"
 },
 "cacheBehavior":null,
 "cacheDuration":null,
 "description1":null,
 "description2":null,
 "password":"-----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
 DEK-Info: DES-EDE3-CBC,7EA3AAELOREUMIPSUM
 FhB6IgY43X8r84OEFmcrLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM==
 -----END RSA PRIVATE KEY-----",
 "passwordViewPolicyId":null,
 "privileged":"t",
 "synchronize":"t",
 "useAliasNameParameter":null
}

Is this a known issue? What log can I check for details? Any help or suggestions would be GREATLY appreciated.

Hello, The Api Docs page includes this note: "Note that the private and public key data should be base64 encoded.". There is also at least one invalid attribute, "privetKey". I assume that was meant to say "privateKey"
Original Message:
Sent: 12-13-2019 04:18 PM
From: Jeff Almaguer
Subject: REST API doc: Cannot create Target Account with SSH Keys

When attempting to add an account that utilizes SSH Keys for password rotation I get the following error:
"error": {
"code": 400, "message": "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: No response from Password Authority. Check log for details."

/api.php/v1/devices.json/{deviceId}/targetApplications/{applicationId}/targetAccounts

I added the correct deviceId and applicationId to the appropriate fields before hitting the "Try it out!" button.

I entered the json below into the POST section for devices:
note: the public and private key are base64 encoded as the documentation suggests.

{
 "accountName":"p-capam",
 "aliasNames":null,
 "attributes":{
 "keyOptions":null,
 "verifyThroughOtherAccount":"false",
 "discoveryAllowed":"f",
 "publicKey":"ssh-rsa AAAAB3NzaC1ycLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM== root@capam",
 "protocol":"SSH2_PUBLIC_KEY_AUTH",
 "passphrase":"Test$1234",
 "privetKey":null,
 "otherAccount":null,
 "descriptor2":null,
 "discoveryGlobal":"f",
 "descriptor1":null,
 "extensionType":"unixII",
 "useOtherAccountToChangePassword":"false",
 "passwordChangeMethod":"USE_SUDO"
 },
 "cacheBehavior":null,
 "cacheDuration":null,
 "description1":null,
 "description2":null,
 "password":"-----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
 DEK-Info: DES-EDE3-CBC,7EA3AAELOREUMIPSUM
 FhB6IgY43X8r84OEFmcrLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM==
 -----END RSA PRIVATE KEY-----",
 "passwordViewPolicyId":null,
 "privileged":"t",
 "synchronize":"t",
 "useAliasNameParameter":null
}

Is this a known issue? What log can I check for details? Any help or suggestions would be GREATLY appreciated.

Hi Ralf. I corrected the typo and I get the same error. The private and public keys are base64 encoded (as mentioned earlier). In your opinion does the error indicate a key related issue? What logs can I check for more info?  Thank you for the speedy reply!
Original Message:
Sent: 12-13-2019 04:58 PM
From: Ralf Prigl
Subject: REST API doc: Cannot create Target Account with SSH Keys

Hello, The Api Docs page includes this note: "Note that the private and public key data should be base64 encoded.". There is also at least one invalid attribute, "privetKey". I assume that was meant to say "privateKey"
Original Message:
Sent: 12-13-2019 04:18 PM
From: Jeff Almaguer
Subject: REST API doc: Cannot create Target Account with SSH Keys

When attempting to add an account that utilizes SSH Keys for password rotation I get the following error:
"error": {
"code": 400, "message": "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: No response from Password Authority. Check log for details."

/api.php/v1/devices.json/{deviceId}/targetApplications/{applicationId}/targetAccounts

I added the correct deviceId and applicationId to the appropriate fields before hitting the "Try it out!" button.

I entered the json below into the POST section for devices:
note: the public and private key are base64 encoded as the documentation suggests.

{
 "accountName":"p-capam",
 "aliasNames":null,
 "attributes":{
 "keyOptions":null,
 "verifyThroughOtherAccount":"false",
 "discoveryAllowed":"f",
 "publicKey":"ssh-rsa AAAAB3NzaC1ycLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM== root@capam",
 "protocol":"SSH2_PUBLIC_KEY_AUTH",
 "passphrase":"Test$1234",
 "privetKey":null,
 "otherAccount":null,
 "descriptor2":null,
 "discoveryGlobal":"f",
 "descriptor1":null,
 "extensionType":"unixII",
 "useOtherAccountToChangePassword":"false",
 "passwordChangeMethod":"USE_SUDO"
 },
 "cacheBehavior":null,
 "cacheDuration":null,
 "description1":null,
 "description2":null,
 "password":"-----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
 DEK-Info: DES-EDE3-CBC,7EA3AAELOREUMIPSUM
 FhB6IgY43X8r84OEFmcrLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM==
 -----END RSA PRIVATE KEY-----",
 "passwordViewPolicyId":null,
 "privileged":"t",
 "synchronize":"t",
 "useAliasNameParameter":null
}

Is this a known issue? What log can I check for details? Any help or suggestions would be GREATLY appreciated.

Hi Jeff, you should check the tomcat logs. Are you able to GET existing target accounts w/o problem?
Original Message:
Sent: 12-13-2019 04:18 PM
From: Jeff Almaguer
Subject: REST API doc: Cannot create Target Account with SSH Keys

When attempting to add an account that utilizes SSH Keys for password rotation I get the following error:
"error": {
"code": 400, "message": "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: No response from Password Authority. Check log for details."

/api.php/v1/devices.json/{deviceId}/targetApplications/{applicationId}/targetAccounts

I added the correct deviceId and applicationId to the appropriate fields before hitting the "Try it out!" button.

I entered the json below into the POST section for devices:
note: the public and private key are base64 encoded as the documentation suggests.

{
 "accountName":"p-capam",
 "aliasNames":null,
 "attributes":{
 "keyOptions":null,
 "verifyThroughOtherAccount":"false",
 "discoveryAllowed":"f",
 "publicKey":"ssh-rsa AAAAB3NzaC1ycLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM== root@capam",
 "protocol":"SSH2_PUBLIC_KEY_AUTH",
 "passphrase":"Test$1234",
 "privetKey":null,
 "otherAccount":null,
 "descriptor2":null,
 "discoveryGlobal":"f",
 "descriptor1":null,
 "extensionType":"unixII",
 "useOtherAccountToChangePassword":"false",
 "passwordChangeMethod":"USE_SUDO"
 },
 "cacheBehavior":null,
 "cacheDuration":null,
 "description1":null,
 "description2":null,
 "password":"-----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
 DEK-Info: DES-EDE3-CBC,7EA3AAELOREUMIPSUM
 FhB6IgY43X8r84OEFmcrLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM==
 -----END RSA PRIVATE KEY-----",
 "passwordViewPolicyId":null,
 "privileged":"t",
 "synchronize":"t",
 "useAliasNameParameter":null
}

Is this a known issue? What log can I check for details? Any help or suggestions would be GREATLY appreciated.

I can GET an existing account without issue.
Original Message:
Sent: 12-13-2019 05:41 PM
From: Ralf Prigl
Subject: REST API doc: Cannot create Target Account with SSH Keys

Hi Jeff, you should check the tomcat logs. Are you able to GET existing target accounts w/o problem?
Original Message:
Sent: 12-13-2019 04:18 PM
From: Jeff Almaguer
Subject: REST API doc: Cannot create Target Account with SSH Keys

When attempting to add an account that utilizes SSH Keys for password rotation I get the following error:
"error": {
"code": 400, "message": "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: No response from Password Authority. Check log for details."

/api.php/v1/devices.json/{deviceId}/targetApplications/{applicationId}/targetAccounts

I added the correct deviceId and applicationId to the appropriate fields before hitting the "Try it out!" button.

I entered the json below into the POST section for devices:
note: the public and private key are base64 encoded as the documentation suggests.

{
 "accountName":"p-capam",
 "aliasNames":null,
 "attributes":{
 "keyOptions":null,
 "verifyThroughOtherAccount":"false",
 "discoveryAllowed":"f",
 "publicKey":"ssh-rsa AAAAB3NzaC1ycLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM== root@capam",
 "protocol":"SSH2_PUBLIC_KEY_AUTH",
 "passphrase":"Test$1234",
 "privetKey":null,
 "otherAccount":null,
 "descriptor2":null,
 "discoveryGlobal":"f",
 "descriptor1":null,
 "extensionType":"unixII",
 "useOtherAccountToChangePassword":"false",
 "passwordChangeMethod":"USE_SUDO"
 },
 "cacheBehavior":null,
 "cacheDuration":null,
 "description1":null,
 "description2":null,
 "password":"-----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
 DEK-Info: DES-EDE3-CBC,7EA3AAELOREUMIPSUM
 FhB6IgY43X8r84OEFmcrLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM==
 -----END RSA PRIVATE KEY-----",
 "passwordViewPolicyId":null,
 "privileged":"t",
 "synchronize":"t",
 "useAliasNameParameter":null
}

Is this a known issue? What log can I check for details? Any help or suggestions would be GREATLY appreciated.

Hello Jeff, I am not sure whether you fixed your publicKey and password values already. You state you used base64 encoded strings, but what you show in your original post are the keys themselves. E.g. take the public key:

"ssh-rsa AAAAB3NzaC1ycLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM== root@capam"

A base64-encoded string for that is
c3NoLXJzYSBBQUFBQjNOemFDMXljTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU09PSByb290QGNhcGFtCg==

And you would specify that in the payload:

"publicKey":"c3NoLXJzYSBBQUFBQjNOemFDMXljTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU09PSByb290QGNhcGFtCg==",
Original Message:
Sent: 12-13-2019 05:47 PM
From: Jeff Almaguer
Subject: REST API doc: Cannot create Target Account with SSH Keys

I can GET an existing account without issue.
Original Message:
Sent: 12-13-2019 05:41 PM
From: Ralf Prigl
Subject: REST API doc: Cannot create Target Account with SSH Keys

Hi Jeff, you should check the tomcat logs. Are you able to GET existing target accounts w/o problem?
Original Message:
Sent: 12-13-2019 04:18 PM
From: Jeff Almaguer
Subject: REST API doc: Cannot create Target Account with SSH Keys

When attempting to add an account that utilizes SSH Keys for password rotation I get the following error:
"error": {
"code": 400, "message": "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: No response from Password Authority. Check log for details."

/api.php/v1/devices.json/{deviceId}/targetApplications/{applicationId}/targetAccounts

I added the correct deviceId and applicationId to the appropriate fields before hitting the "Try it out!" button.

I entered the json below into the POST section for devices:
note: the public and private key are base64 encoded as the documentation suggests.

{
 "accountName":"p-capam",
 "aliasNames":null,
 "attributes":{
 "keyOptions":null,
 "verifyThroughOtherAccount":"false",
 "discoveryAllowed":"f",
 "publicKey":"ssh-rsa AAAAB3NzaC1ycLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM== root@capam",
 "protocol":"SSH2_PUBLIC_KEY_AUTH",
 "passphrase":"Test$1234",
 "privetKey":null,
 "otherAccount":null,
 "descriptor2":null,
 "discoveryGlobal":"f",
 "descriptor1":null,
 "extensionType":"unixII",
 "useOtherAccountToChangePassword":"false",
 "passwordChangeMethod":"USE_SUDO"
 },
 "cacheBehavior":null,
 "cacheDuration":null,
 "description1":null,
 "description2":null,
 "password":"-----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
 DEK-Info: DES-EDE3-CBC,7EA3AAELOREUMIPSUM
 FhB6IgY43X8r84OEFmcrLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM==
 -----END RSA PRIVATE KEY-----",
 "passwordViewPolicyId":null,
 "privileged":"t",
 "synchronize":"t",
 "useAliasNameParameter":null
}

Is this a known issue? What log can I check for details? Any help or suggestions would be GREATLY appreciated.

Also, I suggest you test with "synchronize":"f" first, at least until you get a successful account creation. Then you can turn the synchronize flag on in the target account and see whether it syncs. If successful, delete the account and run the API call again with "synchronize":"t".
Original Message:
Sent: 12-13-2019 06:49 PM
From: Ralf Prigl
Subject: REST API doc: Cannot create Target Account with SSH Keys

Hello Jeff, I am not sure whether you fixed your publicKey and password values already. You state you used base64 encoded strings, but what you show in your original post are the keys themselves. E.g. take the public key:

"ssh-rsa AAAAB3NzaC1ycLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM== root@capam"

A base64-encoded string for that is
c3NoLXJzYSBBQUFBQjNOemFDMXljTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU09PSByb290QGNhcGFtCg==

And you would specify that in the payload:

"publicKey":"c3NoLXJzYSBBQUFBQjNOemFDMXljTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU09PSByb290QGNhcGFtCg==",
Original Message:
Sent: 12-13-2019 05:47 PM
From: Jeff Almaguer
Subject: REST API doc: Cannot create Target Account with SSH Keys

I can GET an existing account without issue.
Original Message:
Sent: 12-13-2019 05:41 PM
From: Ralf Prigl
Subject: REST API doc: Cannot create Target Account with SSH Keys

Hi Jeff, you should check the tomcat logs. Are you able to GET existing target accounts w/o problem?
Original Message:
Sent: 12-13-2019 04:18 PM
From: Jeff Almaguer
Subject: REST API doc: Cannot create Target Account with SSH Keys

When attempting to add an account that utilizes SSH Keys for password rotation I get the following error:
"error": {
"code": 400, "message": "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: No response from Password Authority. Check log for details."

/api.php/v1/devices.json/{deviceId}/targetApplications/{applicationId}/targetAccounts

I added the correct deviceId and applicationId to the appropriate fields before hitting the "Try it out!" button.

I entered the json below into the POST section for devices:
note: the public and private key are base64 encoded as the documentation suggests.

{
 "accountName":"p-capam",
 "aliasNames":null,
 "attributes":{
 "keyOptions":null,
 "verifyThroughOtherAccount":"false",
 "discoveryAllowed":"f",
 "publicKey":"ssh-rsa AAAAB3NzaC1ycLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM== root@capam",
 "protocol":"SSH2_PUBLIC_KEY_AUTH",
 "passphrase":"Test$1234",
 "privetKey":null,
 "otherAccount":null,
 "descriptor2":null,
 "discoveryGlobal":"f",
 "descriptor1":null,
 "extensionType":"unixII",
 "useOtherAccountToChangePassword":"false",
 "passwordChangeMethod":"USE_SUDO"
 },
 "cacheBehavior":null,
 "cacheDuration":null,
 "description1":null,
 "description2":null,
 "password":"-----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
 DEK-Info: DES-EDE3-CBC,7EA3AAELOREUMIPSUM
 FhB6IgY43X8r84OEFmcrLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM==
 -----END RSA PRIVATE KEY-----",
 "passwordViewPolicyId":null,
 "privileged":"t",
 "synchronize":"t",
 "useAliasNameParameter":null
}

Is this a known issue? What log can I check for details? Any help or suggestions would be GREATLY appreciated.

Hi Ralf,

Could you please help me understand how to get the device/ target application/ target account IDs?

Thanks,
Aayushi Dubey
Original Message:
Sent: Dec 13, 2019 06:55 PM
From: Ralf Prigl
Subject: REST API doc: Cannot create Target Account with SSH Keys

Also, I suggest you test with "synchronize":"f" first, at least until you get a successful account creation. Then you can turn the synchronize flag on in the target account and see whether it syncs. If successful, delete the account and run the API call again with "synchronize":"t".
Original Message:
Sent: 12-13-2019 06:49 PM
From: Ralf Prigl
Subject: REST API doc: Cannot create Target Account with SSH Keys

Hello Jeff, I am not sure whether you fixed your publicKey and password values already. You state you used base64 encoded strings, but what you show in your original post are the keys themselves. E.g. take the public key:

"ssh-rsa AAAAB3NzaC1ycLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM== root@capam"

A base64-encoded string for that is
c3NoLXJzYSBBQUFBQjNOemFDMXljTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU09PSByb290QGNhcGFtCg==

And you would specify that in the payload:

"publicKey":"c3NoLXJzYSBBQUFBQjNOemFDMXljTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU09PSByb290QGNhcGFtCg==",
Original Message:
Sent: 12-13-2019 05:47 PM
From: Jeff Almaguer
Subject: REST API doc: Cannot create Target Account with SSH Keys

I can GET an existing account without issue.
Original Message:
Sent: 12-13-2019 05:41 PM
From: Ralf Prigl
Subject: REST API doc: Cannot create Target Account with SSH Keys

Hi Jeff, you should check the tomcat logs. Are you able to GET existing target accounts w/o problem?
Original Message:
Sent: 12-13-2019 04:18 PM
From: Jeff Almaguer
Subject: REST API doc: Cannot create Target Account with SSH Keys

When attempting to add an account that utilizes SSH Keys for password rotation I get the following error:
"error": {
"code": 400, "message": "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: No response from Password Authority. Check log for details."

/api.php/v1/devices.json/{deviceId}/targetApplications/{applicationId}/targetAccounts

I added the correct deviceId and applicationId to the appropriate fields before hitting the "Try it out!" button.

I entered the json below into the POST section for devices:
note: the public and private key are base64 encoded as the documentation suggests.

{
 "accountName":"p-capam",
 "aliasNames":null,
 "attributes":{
 "keyOptions":null,
 "verifyThroughOtherAccount":"false",
 "discoveryAllowed":"f",
 "publicKey":"ssh-rsa AAAAB3NzaC1ycLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM== root@capam",
 "protocol":"SSH2_PUBLIC_KEY_AUTH",
 "passphrase":"Test$1234",
 "privetKey":null,
 "otherAccount":null,
 "descriptor2":null,
 "discoveryGlobal":"f",
 "descriptor1":null,
 "extensionType":"unixII",
 "useOtherAccountToChangePassword":"false",
 "passwordChangeMethod":"USE_SUDO"
 },
 "cacheBehavior":null,
 "cacheDuration":null,
 "description1":null,
 "description2":null,
 "password":"-----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
 DEK-Info: DES-EDE3-CBC,7EA3AAELOREUMIPSUM
 FhB6IgY43X8r84OEFmcrLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM==
 -----END RSA PRIVATE KEY-----",
 "passwordViewPolicyId":null,
 "privileged":"t",
 "synchronize":"t",
 "useAliasNameParameter":null
}

Is this a known issue? What log can I check for details? Any help or suggestions would be GREATLY appreciated.

Hello Aayushi,
You use the "GET /api.php/v1/devices.json" Rest API resource to get the ID of the device, assuming it exists already. Once you have the device ID, you use the "GET /api.php/v1/devices.json/{id}/targetApplications" resource with the ID obtained in the first call to get the list of target applications for this device. This will include the ID of the target application for which you want to create an account. If the device doesn't exist yet, you can look at KB 218925 and its attachment for an example on how to create device, target application and target account using the Rest API.
Regards,
Ralf
Original Message:
Sent: Apr 25, 2022 05:54 PM
From: Aayushi Dubey
Subject: REST API doc: Cannot create Target Account with SSH Keys

Hi Ralf,

Could you please help me understand how to get the device/ target application/ target account IDs?

Thanks,
Aayushi Dubey
Original Message:
Sent: Dec 13, 2019 06:55 PM
From: Ralf Prigl
Subject: REST API doc: Cannot create Target Account with SSH Keys

Also, I suggest you test with "synchronize":"f" first, at least until you get a successful account creation. Then you can turn the synchronize flag on in the target account and see whether it syncs. If successful, delete the account and run the API call again with "synchronize":"t".
Original Message:
Sent: 12-13-2019 06:49 PM
From: Ralf Prigl
Subject: REST API doc: Cannot create Target Account with SSH Keys

Hello Jeff, I am not sure whether you fixed your publicKey and password values already. You state you used base64 encoded strings, but what you show in your original post are the keys themselves. E.g. take the public key:

"ssh-rsa AAAAB3NzaC1ycLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM== root@capam"

A base64-encoded string for that is
c3NoLXJzYSBBQUFBQjNOemFDMXljTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU09PSByb290QGNhcGFtCg==

And you would specify that in the payload:

"publicKey":"c3NoLXJzYSBBQUFBQjNOemFDMXljTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU09PSByb290QGNhcGFtCg==",
Original Message:
Sent: 12-13-2019 05:47 PM
From: Jeff Almaguer
Subject: REST API doc: Cannot create Target Account with SSH Keys

I can GET an existing account without issue.
Original Message:
Sent: 12-13-2019 05:41 PM
From: Ralf Prigl
Subject: REST API doc: Cannot create Target Account with SSH Keys

Hi Jeff, you should check the tomcat logs. Are you able to GET existing target accounts w/o problem?
Original Message:
Sent: 12-13-2019 04:18 PM
From: Jeff Almaguer
Subject: REST API doc: Cannot create Target Account with SSH Keys

When attempting to add an account that utilizes SSH Keys for password rotation I get the following error:
"error": {
"code": 400, "message": "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: No response from Password Authority. Check log for details."

/api.php/v1/devices.json/{deviceId}/targetApplications/{applicationId}/targetAccounts

I added the correct deviceId and applicationId to the appropriate fields before hitting the "Try it out!" button.

I entered the json below into the POST section for devices:
note: the public and private key are base64 encoded as the documentation suggests.

{
 "accountName":"p-capam",
 "aliasNames":null,
 "attributes":{
 "keyOptions":null,
 "verifyThroughOtherAccount":"false",
 "discoveryAllowed":"f",
 "publicKey":"ssh-rsa AAAAB3NzaC1ycLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM== root@capam",
 "protocol":"SSH2_PUBLIC_KEY_AUTH",
 "passphrase":"Test$1234",
 "privetKey":null,
 "otherAccount":null,
 "descriptor2":null,
 "discoveryGlobal":"f",
 "descriptor1":null,
 "extensionType":"unixII",
 "useOtherAccountToChangePassword":"false",
 "passwordChangeMethod":"USE_SUDO"
 },
 "cacheBehavior":null,
 "cacheDuration":null,
 "description1":null,
 "description2":null,
 "password":"-----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
 DEK-Info: DES-EDE3-CBC,7EA3AAELOREUMIPSUM
 FhB6IgY43X8r84OEFmcrLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM==
 -----END RSA PRIVATE KEY-----",
 "passwordViewPolicyId":null,
 "privileged":"t",
 "synchronize":"t",
 "useAliasNameParameter":null
}

Is this a known issue? What log can I check for details? Any help or suggestions would be GREATLY appreciated.

Resolved!  Thanks Ralf.
Original Message:
Sent: 12-13-2019 06:49 PM
From: Ralf Prigl
Subject: REST API doc: Cannot create Target Account with SSH Keys

Hello Jeff, I am not sure whether you fixed your publicKey and password values already. You state you used base64 encoded strings, but what you show in your original post are the keys themselves. E.g. take the public key:

"ssh-rsa AAAAB3NzaC1ycLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM== root@capam"

A base64-encoded string for that is
c3NoLXJzYSBBQUFBQjNOemFDMXljTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU09PSByb290QGNhcGFtCg==

And you would specify that in the payload:

"publicKey":"c3NoLXJzYSBBQUFBQjNOemFDMXljTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU09PSByb290QGNhcGFtCg==",
Original Message:
Sent: 12-13-2019 05:47 PM
From: Jeff Almaguer
Subject: REST API doc: Cannot create Target Account with SSH Keys

I can GET an existing account without issue.
Original Message:
Sent: 12-13-2019 05:41 PM
From: Ralf Prigl
Subject: REST API doc: Cannot create Target Account with SSH Keys

Hi Jeff, you should check the tomcat logs. Are you able to GET existing target accounts w/o problem?
Original Message:
Sent: 12-13-2019 04:18 PM
From: Jeff Almaguer
Subject: REST API doc: Cannot create Target Account with SSH Keys

When attempting to add an account that utilizes SSH Keys for password rotation I get the following error:
"error": {
"code": 400, "message": "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: No response from Password Authority. Check log for details."

/api.php/v1/devices.json/{deviceId}/targetApplications/{applicationId}/targetAccounts

I added the correct deviceId and applicationId to the appropriate fields before hitting the "Try it out!" button.

I entered the json below into the POST section for devices:
note: the public and private key are base64 encoded as the documentation suggests.

{
 "accountName":"p-capam",
 "aliasNames":null,
 "attributes":{
 "keyOptions":null,
 "verifyThroughOtherAccount":"false",
 "discoveryAllowed":"f",
 "publicKey":"ssh-rsa AAAAB3NzaC1ycLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM== root@capam",
 "protocol":"SSH2_PUBLIC_KEY_AUTH",
 "passphrase":"Test$1234",
 "privetKey":null,
 "otherAccount":null,
 "descriptor2":null,
 "discoveryGlobal":"f",
 "descriptor1":null,
 "extensionType":"unixII",
 "useOtherAccountToChangePassword":"false",
 "passwordChangeMethod":"USE_SUDO"
 },
 "cacheBehavior":null,
 "cacheDuration":null,
 "description1":null,
 "description2":null,
 "password":"-----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
 DEK-Info: DES-EDE3-CBC,7EA3AAELOREUMIPSUM
 FhB6IgY43X8r84OEFmcrLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM==
 -----END RSA PRIVATE KEY-----",
 "passwordViewPolicyId":null,
 "privileged":"t",
 "synchronize":"t",
 "useAliasNameParameter":null
}

Is this a known issue? What log can I check for details? Any help or suggestions would be GREATLY appreciated.

Hi Jeff,

Could you please help me understand how to get the device/ target application/ target account IDs?

Thanks,
Aayushi Dubey
Original Message:
Sent: Dec 13, 2019 07:21 PM
From: Jeff Almaguer
Subject: REST API doc: Cannot create Target Account with SSH Keys

Resolved!  Thanks Ralf.
Original Message:
Sent: 12-13-2019 06:49 PM
From: Ralf Prigl
Subject: REST API doc: Cannot create Target Account with SSH Keys

Hello Jeff, I am not sure whether you fixed your publicKey and password values already. You state you used base64 encoded strings, but what you show in your original post are the keys themselves. E.g. take the public key:

"ssh-rsa AAAAB3NzaC1ycLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM== root@capam"

A base64-encoded string for that is
c3NoLXJzYSBBQUFBQjNOemFDMXljTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU09PSByb290QGNhcGFtCg==

And you would specify that in the payload:

"publicKey":"c3NoLXJzYSBBQUFBQjNOemFDMXljTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU1MT1JFVU1JUFNVTUxPUkVVTUlQU1VNTE9SRVVNSVBTVU09PSByb290QGNhcGFtCg==",
Original Message:
Sent: 12-13-2019 05:47 PM
From: Jeff Almaguer
Subject: REST API doc: Cannot create Target Account with SSH Keys

I can GET an existing account without issue.
Original Message:
Sent: 12-13-2019 05:41 PM
From: Ralf Prigl
Subject: REST API doc: Cannot create Target Account with SSH Keys

Hi Jeff, you should check the tomcat logs. Are you able to GET existing target accounts w/o problem?
Original Message:
Sent: 12-13-2019 04:18 PM
From: Jeff Almaguer
Subject: REST API doc: Cannot create Target Account with SSH Keys

When attempting to add an account that utilizes SSH Keys for password rotation I get the following error:
"error": {
"code": 400, "message": "Bad Request: PAM-CMN-0467: A Password Authority problem prevented completing the request. Message: No response from Password Authority. Check log for details."

/api.php/v1/devices.json/{deviceId}/targetApplications/{applicationId}/targetAccounts

I added the correct deviceId and applicationId to the appropriate fields before hitting the "Try it out!" button.

I entered the json below into the POST section for devices:
note: the public and private key are base64 encoded as the documentation suggests.

{
 "accountName":"p-capam",
 "aliasNames":null,
 "attributes":{
 "keyOptions":null,
 "verifyThroughOtherAccount":"false",
 "discoveryAllowed":"f",
 "publicKey":"ssh-rsa AAAAB3NzaC1ycLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM== root@capam",
 "protocol":"SSH2_PUBLIC_KEY_AUTH",
 "passphrase":"Test$1234",
 "privetKey":null,
 "otherAccount":null,
 "descriptor2":null,
 "discoveryGlobal":"f",
 "descriptor1":null,
 "extensionType":"unixII",
 "useOtherAccountToChangePassword":"false",
 "passwordChangeMethod":"USE_SUDO"
 },
 "cacheBehavior":null,
 "cacheDuration":null,
 "description1":null,
 "description2":null,
 "password":"-----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
 DEK-Info: DES-EDE3-CBC,7EA3AAELOREUMIPSUM
 FhB6IgY43X8r84OEFmcrLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUMLOREUMIPSUM==
 -----END RSA PRIVATE KEY-----",
 "passwordViewPolicyId":null,
 "privileged":"t",
 "synchronize":"t",
 "useAliasNameParameter":null
}

Is this a known issue? What log can I check for details? Any help or suggestions would be GREATLY appreciated.