Symantec IGA

  • 1.  Google Apps Private Key

    Posted Nov 16, 2017 06:50 PM

    Hello,

     

    Does anyone know what is expected in the Google Apps Connector field "Service Account Private Key (PEM).  The field is non-display, like a password field, so it cannot be a certificate file.  The error message is "Failed to construct sequence from byte[] : DER length more than 4 bytes.

     

    Thank you.

    Jack Larsen



  • 2.  Re: Google Apps Private Key
    Best Answer

    Broadcom Employee
    Posted Nov 17, 2017 12:58 AM

    Hi Jack, have you reviewed the Google Apps Connector Documentation?

     

    Connecting to Google Apps Endpoint - CA Identity Management & Governance Connectors - CA Technologies Documentation 

     

    Configure the Google Apps Domain

    You must first configure the Google Apps domain for CA Identity Manager to connect.  

    Follow these steps:

    1. Navigate to http://admin.google.com, and log in with your admin account.
    2. Navigate to Security, API Reference, and select Enable API access.
    3. Navigate to https://console.developers.google.com, and set up a new project.
    4. Under APIs & auth, select APIs and enable the services Admin SDK, Drive SDK, and Drive API.
    5. Under APIs & auth, select Credentials, click the button Create new Client ID.
    6. From the Create Client ID page, choose Service Account, and click Create Client ID. 
      A public/private key pair generates, the private key is downloaded, and the password for the private key displays.
    7. Store the private key and private-key password.
      Note: The next step includes delegating domain-wide authority to your service account. You need the private key file, client ID, and email address.
    8. Open  http://admin.google.com and navigate to Security Settings, Advanced Settings, Authentication, and Manage API client access.
    9. In the field Client name, enter the Client ID of the service account.
    10. In the field One or More API Scopes, enter the list of scopes your application requires access to. For example:
      https://www.googleapis.com/auth/admin.directory.group 
      https://www.googleapis.com/auth/admin.directory.orgunit
      https://www.googleapis.com/auth/admin.directory.user
      https://www.googleapis.com/auth/drive

      https://www.googleapis.com/auth/drive.file


  • 3.  Re: Google Apps Private Key

    Posted Nov 17, 2017 07:59 AM

    Hi Satbeer,

       Thank you for your reply.  I believe the client has done this.  They have provided me with the private key in p12 format, which I have converted to PEM format.  When I provide this file on the Endpoint definition entry on the Create Endpoint page, I get the error message referenced above.

     

    Jack



  • 4.  Re: Google Apps Private Key

    Broadcom Employee
    Posted Nov 20, 2017 01:12 AM

    Hi John

    Can you make sure that the PEM string that you are providing is correct? This error is usually observed if the one PEM string is not correct; if one provides a partial string, a copy-paste error.



  • 5.  Re: Google Apps Private Key

    Posted Nov 20, 2017 09:39 AM

    Also, to check if the pem file is valid, I would try to input the contents in this website to see if the pem file checks okay:

     

    Certificate Decoder - Decode certificates to view their contents 

     

    Regards,

    Andrew



  • 6.  Re: Google Apps Private Key

    Posted Nov 24, 2017 01:08 AM

    Hi,
    If you are still facing the issue. Please try the below work around.

    1. Download the service account details in JSON format.
    2. Remove the new-line (\n) character from the private key and use it for “Service Account Private Key (PEM)” field.