search cancel

API - Access Method SSH fails to launch after device creation via Rest API

book

Article ID: 230091

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

I'm using API to create new devices with SSH as Access Method.

When i try to open the SSH session the applet does not show up.

I have to update the device deleting the SSH access method and add it back (with the same API) to make it work.

 

Create a device via rest api with this text:

 

{

    "description":  "test",

    "tags":  {

                 "tag":  "Linux_SRV"

             },

    "deviceGroupMembershipIds":  {

                                     "Id":  "10001"

                                 },

    "deviceName":  "restdevice.domain.net",

    "deviceTerminalData":  {

                               "ktaFontFamily":  "Courier",

                               "terminalType":  "vt100",

                               "ktaBgColor":  "000000",

                               "keyMapping":  "xterm-vt220",

                               "ktaFgColor":  "FFFFFF",

                               "ktaScrollbarPos":  "East",

                               "ktaCharEncoding":  "UTF-8",

                               "ktaFontSize":  "14",

                               "ktaSize":  "[80,24]",

                               "ktaBuffer":  "100",

                               "endselect":  "1",

                               "ktaCursorFg":  "00FF00"

                           },

    "os":  "Linux",

    "domainName":  "restdevice.domain.net",

    "typePassword":  "t",

    "typeAccess":  "t"

}

 

Afterwards, with device id returned, use the post to associate an access method

[

                {

                      "type":  "SSH",

                      "port":  "22"

                }

]

 

Then a device is created, i add a policy for ssh

and try to launch via access. applet is not launching

 

i go to GUI - device and remove and add the access (SSH)

 

then if i go to access and try to ssh, the applet is launched

 

Environment

Release : PAM 4.0, PAM 4.0.1

Cause

The syntax for specifying colors is incorrect. The number codes have to be preceded by "#", see the information returned on a GET call for a device.

The PAM client log, logs.log in the PAM client installation folder, shows exceptions like the following:

2021-12-03 00:15:14 INFO  - java.lang.StringIndexOutOfBoundsException: String index out of range: 6     syserr [PAM Access Agent-3]
2021-12-03 00:15:14 INFO  -      syserr [PAM Access Agent-3]
2021-12-03 00:15:14 INFO  -  at java.lang.String.substring(String.java:1963)     syserr [PAM Access Agent-3]
2021-12-03 00:15:14 INFO  -      syserr [PAM Access Agent-3]
2021-12-03 00:15:14 INFO  -  at com.ca.xsuite.app.mindbright.application.MindTerm.convertColor(Unknown Source)     syserr [PAM Access Agent-3]
2021-12-03 00:15:14 INFO  -      syserr [PAM Access Agent-3]

...

Resolution

Start the color settings with "#" as follows and the SSH method will work without having to edit and update the device:

 

    "deviceTerminalData":  {

                               "ktaFontFamily":  "Courier",

                               "terminalType":  "vt100",

                               "ktaBgColor":  "#000000",

                               "keyMapping":  "xterm-vt220",

                               "ktaFgColor":  "#FFFFFF",

                               "ktaScrollbarPos":  "East",

                               "ktaCharEncoding":  "UTF-8",

                               "ktaFontSize":  "14",

                               "ktaSize":  "[80,24]",

                               "ktaBuffer":  "100",

                               "endselect":  "1",

                               "ktaCursorFg":  "#00FF00"

                           },

There was nothing specific about removing and adding the SSH access method. If you had changed any terminal setting in the device, it also would have saved the colors correctly, and the access method would have worked afterwards.