Commander
Commander
604 views

Auto Approval of Emergency access in PAM using REST API

Jump to solution

Hy Team,

use case-" Auto approval of emergency access in PAM using IDM workflow (REST API)"

I created a workflow for auto approval of emergency access using REST API and the workflow is working properly. when the user requested through request form, the REST API calls and the emergency access is auto approved. But when the requester login into PAM user console and launch the emergency access session ,it shows error "user name and password is incorrect".i also try in the PAM REST API but i am facing same issue.

REST API code:

{
"Request": {
 "id": "af81b410-f92e-11ea-ad4e-55e325d9a838", 
 "type": "EmergencyRequest",
 "action": "approve",
 "comment": "You are granted access to the ldap server.",
 "runas": "shivam",
 "runhost": "192.168.20.4",
 "target": "RDP",
 "requestperiod": 360,
 "credential": "a838d1ca-ede4-11ea-ab29-c18521c8a0e7"
}
}
Thank you in Advance
0 Likes
1 Solution

Accepted Solutions
Commander
Commander

Hi,

Thank you for your response.The issue was resolved. If we put domain\username as runas in rest api it will simply take runas as domainusername but if we put domain\\username then it will consider the runas as domain\username and successfully approve the emergency request with resource and credential.

{
"Request": {
 "id": "af81b410-f92e-11ea-ad4e-55e325d9a838", 
 "type": "EmergencyRequest",
 "action": "approve",
 "comment": "You are granted access to the ldap server.",
 "runas": "idm\\shivam",
 "runhost": "192.168.20.4",
 "target": "RDP",
 "requestperiod": 360,
 "credential": "a838d1ca-ede4-11ea-ab29-c18521c8a0e7"
}
}

View solution in original post

0 Likes
2 Replies
Micro Focus Expert
Micro Focus Expert
The error that you receive is presented to the user within the RDP session, correct?
If so, this is Windows presenting this error that the Login credentials are incorrect:
"The user name or password is incorrect. Try again."
So whichever Credential is being assigned when approving the Emergency Access Request must be incorrect. Perhaps it is that the user name or password is incorrectly stored or entered into the Vault Resource in PAM or perhaps the credential id used in the REST auto-approval is referencing an incorrect credential. Perhaps you could try approving manually with the PAM User Console and selecting the Credential there to help rule out any issue with the REST API automation first.
0 Likes
Commander
Commander

Hi,

Thank you for your response.The issue was resolved. If we put domain\username as runas in rest api it will simply take runas as domainusername but if we put domain\\username then it will consider the runas as domain\username and successfully approve the emergency request with resource and credential.

{
"Request": {
 "id": "af81b410-f92e-11ea-ad4e-55e325d9a838", 
 "type": "EmergencyRequest",
 "action": "approve",
 "comment": "You are granted access to the ldap server.",
 "runas": "idm\\shivam",
 "runhost": "192.168.20.4",
 "target": "RDP",
 "requestperiod": 360,
 "credential": "a838d1ca-ede4-11ea-ab29-c18521c8a0e7"
}
}

View solution in original post

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.