[PAM] "addTargetServer" CLI command does not create device if only Attribute.descriptor2 is defined and Attribute.descriptor1 is omitted

book

Article ID: 196518

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

[Use case]
There is an existing PAM environment where devices has only Description2 with value. Description1 is empty.
These devices are being migrated to a new PAM environment using the CLI.
 
https://<CAPAM>/cspm/servlet/adminCLI?adminUserID=test&adminPassword=*********&cmdName=addTargetServer&Attribute.descriptor2=test&TargetServer.hostName=test.lab.local&TargetServer.deviceName=test.lab.local

If both Attribute.descriptor1 and Attribute.descriptor2 has value then the device get created.
 

Cause

It is a defect. Omitting Attribute.descriptor1 while Attribute.descriptor2 has value should not prevent adding the device.

Environment

Release : 3.x

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

PAM 3.4.0 does not demonstrate this behavior.

 

Command-Line:

capam_command.bat capam=pam34x01.kimlabs.net cmdName=addTargetServer adminUserID=test adminPassword=******** Attribute.descriptor2=desc2 TargetServer.hostName=test TargetServer.deviceName=test

Result:

<CommandResult><cr.itemNumber>0</cr.itemNumber><cr.statusCode>400</cr.statusCode><cr.statusDescription>Success.</cr.statusDescription><cr.result><TargetServer><deviceName>test</deviceName><IPAddress>Unknown</IPAddress><deviceId>14001</deviceId><hostName>test</hostName><hash>rJxiI0d4DJ15Af7pdMaml0TPIcQ=</hash><createTime>1596537269000</createTime><createDate>Tue Aug 04 10:34:29 UTC 2020</createDate><updateDate>Tue Aug 04 10:34:29 UTC 2020</updateDate><extensionType></extensionType><createUser>super</createUser><updateTime>1596537269000</updateTime><updateUser>super</updateUser><ID>10001</ID></TargetServer></cr.result></CommandResult>

Device created. Attribute.descriptor2 value lost.

 

Command-line Batch mode:

capam_command.bat capam=pam34x01.kimlabs.net cmdName=batchSequence adminUserID=test adminPassword=******** inputfile=sample.xml outputfile=results.xml

 

sample.xml (Note: Attribute.descriptor1 not defined)

<?xml version="1.0" encoding="UTF-8"?><CLI_REQUEST  xmlns="http://www.cloakware.com"   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  xsi:schemaLocation="http://www.cloakware.com/opt/cloakware/cspmserver/tools/cli/cspmcli.xsd">   <COMMAND name="addTargetServer">      <COMMAND_PARAMETERS>         <PARAMETER>            <NAME>TargetServer.hostName</NAME>            <VALUE>test.training.local</VALUE>         </PARAMETER>         <PARAMETER>            <NAME>TargetServer.ipAddress</NAME>            <VALUE>test.training.local</VALUE>         </PARAMETER>         <PARAMETER>            <NAME>Attribute.descriptor2</NAME>            <VALUE>desc2</VALUE>         </PARAMETER>      </COMMAND_PARAMETERS>   </COMMAND></CLI_REQUEST>
<?xml version="1.0"?><BatchCommandResult><CommandResult><cr.itemNumber>0</cr.itemNumber><cr.commandName>addTargetServer</cr.commandName><cr.statusCode>400</cr.statusCode><cr.statusDescription>Success. null</cr.statusDescription><cr.result><TargetServer><deviceName>test.training.local</deviceName><IPAddress>Unknown</IPAddress><deviceId>15001</deviceId><hostName>test.training.local</hostName><hash>x1rPRtydW7lkRh/SwjgkcKolbdk=</hash><createTime>1596537532000</createTime><createDate>Tue Aug 04 10:38:52 UTC 2020</createDate><updateDate>Tue Aug 04 10:38:52 UTC 2020</updateDate><extensionType/><createUser>super</createUser><updateTime>1596537532000</updateTime><updateUser>super</updateUser><ID>11001</ID></TargetServer></cr.result></CommandResult></BatchCommandResult>

Device created. Attribute.descriptor2 value lost.

 

Web Servlet:

<html><head> <meta http-equiv="refresh" content="3;URL='https://pam34x01.kimlabs.net/cspm/servlet/adminCLI?adminUserID=test&adminPassword=Password01&cmdName=addTargetServer&Attribute.descriptor2=desc2&TargetServer.hostName=test.kimlabs.net&TargetServer.deviceName=test'" /></head><body>https://pam34x01.kimlabs.net/cspm/servlet/adminCLI?<br>adminUserID=test&<br>adminPassword=********&<br>cmdName=addTargetServer&<br>Attribute.descriptor2=desc2&<br>TargetServer.hostName=test.kimlabs.net&<br>TargetServer.deviceName=test<br></head></html> 

 

Result:

This XML file does not appear to have any style information associated with it. The document tree is shown below.<cw.appMessage><statusCode>400</statusCode><statusMessage>Success.</statusMessage><content><![CDATA[ <CommandResult><cr.itemNumber>0</cr.itemNumber><cr.statusCode>400</cr.statusCode><cr.statusDescription>Success.</cr.statusDescription><cr.result><TargetServer><deviceName>test</deviceName><IPAddress>Unknown</IPAddress><deviceId>16001</deviceId><hostName>test.kimlabs.net</hostName><hash>e0ual334EqvOOdJTj0DLlgnmVKY=</hash><createTime>1596537794000</createTime><createDate>Tue Aug 04 10:43:14 UTC 2020</createDate><updateDate>Tue Aug 04 10:43:14 UTC 2020</updateDate><extensionType></extensionType><createUser>super</createUser><updateTime>1596537794000</updateTime><updateUser>super</updateUser><ID>12001</ID></TargetServer></cr.result></CommandResult> ]]></content></cw.appMessage>

Device created. Attribute.descriptor2 value lost.