This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
rahuldevsattrix
Commander
Commander
‎2020-09-25 11:55
653 views

Auto Approval of Emergency access in PAM using REST API

Jump to solution

Hy Team,

use case-" Auto approval of emergency access in PAM using IDM workflow (REST API)"

I created a workflow for auto approval of emergency access using REST API and the workflow is working properly. when the user requested through request form, the REST API calls and the emergency access is auto approved. But when the requester login into PAM user console and launch the emergency access session ,it shows error "user name and password is incorrect".i also try in the PAM REST API but i am facing same issue.

REST API code:

{
"Request": {
 "id": "af81b410-f92e-11ea-ad4e-55e325d9a838", 
 "type": "EmergencyRequest",
 "action": "approve",
 "comment": "You are granted access to the ldap server.",
 "runas": "shivam",
 "runhost": "192.168.20.4",
 "target": "RDP",
 "requestperiod": 360,
 "credential": "a838d1ca-ede4-11ea-ab29-c18521c8a0e7"
}
}
Thank you in Advance
0 Likes
Reply
Report Inappropriate Content
1 Solution

Accepted Solutions
rahuldevsattrix
Commander
Commander
‎2020-10-06 07:06

Jump to solution

Hi,

Thank you for your response.The issue was resolved. If we put domain\username as runas in rest api it will simply take runas as domainusername but if we put domain\\username then it will consider the runas as domain\username and successfully approve the emergency request with resource and credential.

{
"Request": {
 "id": "af81b410-f92e-11ea-ad4e-55e325d9a838", 
 "type": "EmergencyRequest",
 "action": "approve",
 "comment": "You are granted access to the ldap server.",
 "runas": "idm\\shivam",
 "runhost": "192.168.20.4",
 "target": "RDP",
 "requestperiod": 360,
 "credential": "a838d1ca-ede4-11ea-ab29-c18521c8a0e7"
}
}

View solution in original post

0 Likes
Reply
Report Inappropriate Content
2 Replies
tdharris
Micro Focus Expert
Micro Focus Expert
‎2020-10-01 21:00

Jump to solution
The error that you receive is presented to the user within the RDP session, correct?
If so, this is Windows presenting this error that the Login credentials are incorrect:
"The user name or password is incorrect. Try again."
So whichever Credential is being assigned when approving the Emergency Access Request must be incorrect. Perhaps it is that the user name or password is incorrectly stored or entered into the Vault Resource in PAM or perhaps the credential id used in the REST auto-approval is referencing an incorrect credential. Perhaps you could try approving manually with the PAM User Console and selecting the Credential there to help rule out any issue with the REST API automation first.
0 Likes
Reply
Report Inappropriate Content
rahuldevsattrix
Commander
Commander
‎2020-10-06 07:06

Jump to solution

Hi,

Thank you for your response.The issue was resolved. If we put domain\username as runas in rest api it will simply take runas as domainusername but if we put domain\\username then it will consider the runas as domain\username and successfully approve the emergency request with resource and credential.

{
"Request": {
 "id": "af81b410-f92e-11ea-ad4e-55e325d9a838", 
 "type": "EmergencyRequest",
 "action": "approve",
 "comment": "You are granted access to the ldap server.",
 "runas": "idm\\shivam",
 "runhost": "192.168.20.4",
 "target": "RDP",
 "requestperiod": 360,
 "credential": "a838d1ca-ede4-11ea-ab29-c18521c8a0e7"
}
}

View solution in original post

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.