Symantec Privileged Access Management

  • Private Community

  • 1.  Remote services authentication problem

    Posted Nov 29, 2018 05:03 AM

    Hi,

     

    We have a problem with our PAM/PIM solution, some SAML authenticated users are not able to access their assigned hosts via SSH putty or Filezilla, the system require password while PAM is configured to automaticaly manage authentication process.

    If I try to login with my admin SAML account I have the same authentication problem but if I login with an local admin account I can login like a charm.

     

    Wath could be the problem?


    Thanks in advance
    Marco



  • 2.  Re: Remote services authentication problem

    Broadcom Employee
    Posted Nov 29, 2018 07:17 PM

    Hi Marco, Check the Credential Manager role for this user, either on the user or user group level, depending on how you have your SAML users configured. These users may be lacking any CM role, in which case they would not be allowed to retrieve credentials for auto-login. In such cases you may find a message in the tomcat log (Configuration > Diagnostics > Diagnostic Logs, Download page, download or view recent log entries for the tomcat log).



  • 3.  Re: Remote services authentication problem

    Posted Dec 03, 2018 03:43 AM

    Hi Ralf,

    My SAML account is PAM Administrator member, I suppose that this role permise me to login on every host without a problem.

    When I try to login on the hosts with this problem I found the following error on tomcat log:

     

    "

    Dec 03, 2018 8:31:52 AM com.cloakware.cspm.server.app.impl.kz c
    WARNING: UpdateTargetAccountCmd.invoke exception:
    com.cloakware.cspm.server.app.ApplicationException: UpdateTargetAccountCmd.invoke Failed to synchronize password with target
    at com.cloakware.cspm.server.app.impl.kz.c(SourceFile:883)
    at com.cloakware.cspm.server.app.impl.aa.invokeCommand(SourceFile:263)
    at com.cloakware.cspm.server.app.impl.aa.invokeCommand(SourceFile:209)
    at com.cloakware.cspm.server.app.impl.lc.a(SourceFile:509)
    at com.cloakware.cspm.server.app.impl.lc.c(SourceFile:403)
    at com.cloakware.cspm.server.app.impl.aa.invokeCommand(SourceFile:263)
    at com.cloakware.cspm.server.app.impl.aa.invokeCommand(SourceFile:122)
    at com.cloakware.cspm.server.app.impl.aa.invokeCommand(SourceFile:114)
    at com.cloakware.cspm.server.app.impl.aa.invokeCommand(SourceFile:110)
    at com.cloakware.cspm.server.security.ScheduledJob.execute(SourceFile:90)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)

    Dec 03, 2018 8:31:52 AM com.cloakware.cspm.server.app.impl.lc c
    SEVERE: UpdateTargetAccountPasswordCmd.invoke applicationexception, error code:15212, msg: UpdateTargetAccountCmd.invoke Failed to synchronize password with target
    Dec 03, 2018 8:31:52 AM com.cloakware.cspm.server.app.impl.lc c
    WARNING: UpdateTargetAccountPasswordCmd.invoke, end: result=false, accounts=1, duration=6094.8296ms

    "

     

    This is the error that I receive on PAM client

     

     

    Many thanks

    Marco



  • 4.  Re: Remote services authentication problem

    Posted Dec 06, 2018 03:12 AM

    Hello Team,

     

    Someone can help me with this issue?

     

    BR

    Marco



  • 5.  Re: Remote services authentication problem

     
    Posted Dec 06, 2018 06:21 PM

    prira01 any further ideas for Marco? Thanks!



  • 6.  Re: Remote services authentication problem
    Best Answer

    Broadcom Employee
    Posted Dec 07, 2018 02:59 AM

    Hello Marco,

     

    Please open a formal Support Case for the issue you are facing and we take it from there.