PCP update fails when using Rest API with PAM-CMN-3411 and PAM-CM-0536 errors
search cancel

PCP update fails when using Rest API with PAM-CMN-3411 and PAM-CM-0536 errors


Article ID: 271397


Updated On:


CA Privileged Access Manager (PAM)


Updating the PCP in the UI succeeds, but attempting the same update via API fails (both through APIDoc and in the script we want to use to process the list).

These results are from APIDoc:

curl -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ \  "id":"<TAPP ID>", \  "passwordCompositionPolicyId":"<PCP ID>" \  }' 'https://<PAM server>/api.php/v1/devices.json/<device ID>/targetApplications'

Response Body
{ "error": { "code": 400, "message": "Bad Request: PAM-CMN-3411: Unable to update Target Application. PAM-CM-0536: Application error occurred. An error occurred while executing the command: updateTargetApplication" } }


Remote CLI command updateTargetApplication also doesn't work when just providing required parameter target application ID and the new PVP ID.


Release : 4.1.1, 4.1.2


Code added for new feature Use PAM as an SSH Certificate Authority, initially introduced in 4.0.3 and included in 4.1.1+, referenced the target application name even when it was not provided and not required, leading to an exception similar to the following in the tomcat log:

2023-08-04T18:53:21.115+0000 SEVERE [TP1] com.cloakware.cspm.server.app.impl.ApplicationContextImpl.invokeCommand ApplicationContext.invokeCommand(Commandrequest, Transaction) exception:null
                at com.cloakware.cspm.server.app.impl.UpdateTargetApplicationCmd.checkForPAMSSHCertAuth(UpdateTargetApplicationCmd.java:948)



The problem is fixed in the 4.1.3 release. As a workaround for 4.1.1 and 4.1.2 include the current target application name in the Rest API request body or the updateTargetApplication remote CLI call.

Sample body:

    "id":"<tapp ID>",
    "applicationName": "<tapp name>",