search cancel

PAM-CMN-4814 error when trying to add missing API key for MCApiUser

book

Article ID: 244168

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

I tried to add API key but I get the following error:

 

Environment

Release : 4.1, may be observed on 4.0 as well

Component : PRIVILEGED ACCESS MANAGEMENT

Cause

This is an internal user that is expected to have an Api Key associated with it. It is uncommon that this key is missing, but that has been observed in at least one environment.

Resolution

The solution is to add the key using the Rest API with an API key that has Global Administrator rights:

1) Get the user ID of the MCApiUser user:

Go to Settings > API Doc, expand "users", expand the first GET call (GET /api.php/v1/users.json) and enter "MCApiUser" in the Username field. Click "Try it out!" and provide API key credentials with sufficient rights. This will return basic user information including the user ID.

2) Update the user as follows:

Under "users" on Settings > API Doc expand "PUT /api.php/v1/users.json". Enter the following body, replacing <MCApiUser ID> with the ID found in step 1.

{
  "userId": "<MCApiUser ID>",
  "apiKeys": [
    {
      "apiKeyId": "0",
      "name": "MCApiKey",
      "description": "API key for collecting data for PAM Management Console.",
      "isActive": "t",
      "roles": [
        {
          "roleId": "21",
          "userGroups": [0],
          "deviceGroups": [0]
        }
      ]
    }
  ]
}

Additional Information

While the problem persists, the Management Console gets conflicting information about the cluster, including which node has the role of Aggregator. You may need to delete the cluster configuration on the Management Console and define it new after adding the API key.

Attachments