Kelly Wong

Tech Tip - CA Privileged Access Manager: Failed to create Target Account for Weblogic application

Blog Post created by Kelly Wong Employee on May 31, 2017

CA Privileged Access Manager Tech Tip by Kelly Wong, Principal Support Engineer for 30th May 2017

 

Issue

 

With Weblogic Application, Target Account creation is hindered as it mandates Change Process to be specified.

With "Use the following account to connect to the Weblogic service" option checked, the drop-down list is blank, resulting in the error "An invalid Target Account ID was assigned to the 'other Account' attribute"

 

Workaround

 

  • Add Target Account via CLI command (addTargetAccount), example:

capam_command capam=xceedium.com adminUserId=super adminPassword=P@ssword cmdName=addTargetAccount TargetServer.hostName=10.10.0.1 TargetApplication.name=Weblogic TargetAccount.userName=kelly TargetAccount.password=P@ssword TargetAccount.cacheAllow=true TargetAccount.cacheDuration=30 Attribute.extensionType=weblogic10 Attribute.realm=myrealm Attribute.useOtherAccountToChangePassword=false

 

  • Create Target Application with 'Generic' Application type and create a Target Account for Weblogic user [not intended to manage this user password with CA PAM].
    Create a Target Application with 'WebLogic10' Application type and create a Target Account for Weblogic user (intended to manage this user password with PAM) and select the previously created Target Account for the change process.

Outcomes