Symantec Privileged Access Management

 View Only
  • 1.  Error creating targerApplication from JavaAPI

    Posted Sep 10, 2019 02:41 PM
    Hello community

    I have the following error when trying to create a targetapplication from JavaAPI



    I have verified the device id and correspond to 8, but the error indicates that there is no such targetserver




    Any ideas about it

    ------------------------------
    Julian Riaño
    MSL
    ------------------------------


  • 2.  RE: Error creating targerApplication from JavaAPI

    Broadcom Employee
    Posted Sep 10, 2019 03:11 PM
    Hi Julian,
    The deviceId is NOT the TargetServerID. Per our online documentation at https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3/programming/credential-manager-remote-cli-and-java-api/credential-manager-cli-commands/addtargetapplication.html you should either get the TargetServerID from a searchTargetServer call, or use TargetServer.hostName:

    TargetServer.ID
     or 
    TargetServer.hostName
     is required.
    N/A
    Use 
    searchTargetServer
     to retrieve the
    TargetServer.ID
    .



  • 3.  RE: Error creating targerApplication from JavaAPI

    Posted Sep 11, 2019 09:32 AM
    Hi Rajf

    Your comment is clear, but within the targetApplication object it does not exist in the searchTargetServer method.




    Could you tell me or explain how I can get the TargetServerID value from deviceID?


  • 4.  RE: Error creating targerApplication from JavaAPI

    Broadcom Employee
    Posted Sep 11, 2019 10:15 AM
    Hi Julian, I don't understand how you link a targetApplication object with a searchTargetServer call. The latter looks for target servers, and if found returns information on the server including its ID, which you then use in a subsequent addTargetApplication call. There is no direct way to get the target server ID from the device ID. These are IDs from tables in different databases. Given a device, you use the host name of the device, not the device ID, to find the corresponding target server entry. But since the host name is the same, you can just use the host name and not bother with the ID.


  • 5.  RE: Error creating targerApplication from JavaAPI

    Posted Sep 13, 2019 01:01 PM
    Hi Ralf

    I have been able to obtain the target ServerID and successfully create the Targett Application, but when trying to create the targetaccount I get the error

    addTargetApplication: Success.
    addTargetAccount: Success. An invalid or unrecognized value is assigned to the 'Attribute.protocol' parameter.

    I have based on the example published in the link https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/ 3-2 / programming / credential-manager-remote-cli-and-java-api / use-the-credential-manager-java-api / credential-manager-java-api-example.html

    Credential Manager Java API Example

    Any ideas about it error?


  • 6.  RE: Error creating targerApplication from JavaAPI

    Broadcom Employee
    Posted Sep 13, 2019 01:24 PM
    Hi Julian, It would be helpful to see your input parameters. I suspect you did not provide the protocol parameter. Per documentation page https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-2-5/implementing/protect-privileged-account-credentials/identify-target-applications-and-connectors/add-a-unix-target-connector/unix-target-connector-cli-configuration.html#concept.dita_632064957d172fd076d3bd6ca14ce7f0342696a4_UNIXTargetAccountCLIParameters this is required for a UNIX target application if useOtherAccountToChangePassword is false.


  • 7.  RE: Error creating targerApplication from JavaAPI
    Best Answer

    Broadcom Employee
    Posted Sep 18, 2019 11:57 AM
    To update this thread with the solution - 

    the problem was around the following lines:
    // targetAccount.setExtendedAttribute (USE_OTHER_ACCOUNT_TO_CHANGE_PASSWORD_ATTRIBUTE, String.valueOf (false));
    //targetAccount.setExtendedAttribute("protocol","ssh ");
    ===========================================
    Because the first line "USE_OTHER_ACCOUNT_TO_CHANGE_PASSWORD_ATTRIBUTE" 
    is commented out and the default value is "false", per our documentation your have to pass:
    ATTRIBUTE.PROTOCOL (which was also commented out).
    the values should be:
    targetAccount.setExtendedAttribute("protocol","SSH2_PASSWORD_AUTH");
    or 
    targetAccount.setExtendedAttribute("protocol","SSH2_PUBLIC_KEY_AUTH");
    or "TELNET".

    once updated - Julian's API call was successful