Closed toddwbutler closed 2 years ago
infamousjoeg
commented
3 years ago Thanks for reporting this issue, @toddwbutler!
Can you please let us know the version of PVWA you have in your QA and PROD environments? My guess is they're mismatched and PROD may be a lower version than the v2 API endpoints we are using in the CLI.
AndrewCopeland
commented
3 years ago Adding a server info command seems to be very helpful for debugging issues like these. I will go ahead and create a issue regarding a pvwa version command.
toddwbutler
commented
3 years ago Joe,
Both versions say 10.10.1(10.10.1.1).
On Thu, Apr 8, 2021 at 11:47 AM Andrew Copeland @.***> wrote:
Adding a server info command seems to be very helpful for debugging issues like these. I will go ahead and create a issue regarding a pvwa version command.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/infamousjoeg/cybr-cli/issues/107#issuecomment-815977912, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFILS4SMYMAYSUNT4BJHIHTTHXMYNANCNFSM42PSRC6Q .
-- Todd W. Butler
infamousjoeg
commented
3 years ago I have completed testing in my lab. I couldn't replicate the issue. To further troubleshoot, can you please run the following commands in PowerShell and let me know the results of each?
Invoke-RestMethod -Uri "https://prod.epv.local/PasswordVault/api/auth/cyberark/logon" -Method Post -Body $( @{ username = "testuser"; password = "testpassword" } | ConvertTo-Json) -ContentType "application/json"Invoke-RestMethod -Uri "https://prod.epv.local/PasswordVault/WebServices/auth/CyberArk/CyberArkAuthenticationService.svc/Logon" -Method Post -Body $( @{ username = "testuser"; password = "testpassword" } | ConvertTo-Json) -ContentType "application/json"Joe, both results returned the API secure string to both the working site and the non-working site.
On Thu, Apr 8, 2021 at 9:49 PM Joe Garcia @.***> wrote:
I have completed testing in my lab. I couldn't replicate the issue. To further troubleshoot, can you please run the following commands in PowerShell and let me know the results of each? Test v2 API
Invoke-RestMethod -Uri "https://prod.epv.local/PasswordVault/api/auth/cyberark/logon" -Method Post -Body $( @{ username = "testuser"; password = "testpassword" } | ConvertTo-Json) -ContentType "application/json"
Test v1 API
Invoke-RestMethod -Uri "https://prod.epv.local/PasswordVault/WebServices/auth/CyberArk/CyberArkAuthenticationService.svc/Logon" -Method Post -Body $( @{ username = "testuser"; password = "testpassword" } | ConvertTo-Json) -ContentType "application/json"
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/infamousjoeg/cybr-cli/issues/107#issuecomment-816363101, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFILS4QI33IH75N5OMU6SV3THZTL3ANCNFSM42PSRC6Q .
-- Todd W. Butler
infamousjoeg
commented
3 years ago E-Mail me -- Joe dot Garcia at CyberArk dot com -- and if you'd like I'd love to hop on a 30 min session to check things out.
Describe the bug Error 403 (Authentication error) when logging in to our PROD environment. I have verified that the password is valid and not-expired by logging in with CyberArk authentication manually to the PROD environment. I am able to successfully logon with the same command to our QA environment, same username and password. Environments as far as we know are identical.
To Reproduce Steps to reproduce the behavior: Steps to Reproduce the Error:
Using Windows, Powershell environment:
C:\Temp\Applications\REST\REST_Apps\Cybr\windows_cybr.exe logon -a cyberark -u testuser -p testpassword -b https://prod.epv.local --non-interactive
2021/04/06 17:08:31 Failed to Logon to the PVWA. Failed to authenticate to the PAS REST API. Received non-200 status code '403'
Expected behavior Command:
Using Windows, Powershell environment:
Working: C:\Temp\Applications\REST\REST_Apps\Cybr\windows_cybr.exe logon -a cyberark -u testuser -p testpassword -b https://qa.epv.local --non-interactive
Successfully logged onto PAS as user testuser .
Desktop (please complete the following information):