Password View Requests much older than the Delete Interval Days setting
search cancel

Password View Requests much older than the Delete Interval Days setting

book

Article ID: 277762

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

The Password View Request (PVR) Delete Interval Days parameter on the Settings > Credential Manager page is set to 60. But there are many PVRs visible on the Credentials > Workflow > All Requests page that are much older and do not go away.

Environment

Affects PAM releases up to 4.1.6

Cause

PAM failed to remove old PVRs when the user initiating the request was removed from PAM before the PVR age reached the configured Delete Interval Days value. The tomcat log shows NullPointer exceptions once a day for each old entry similar to the following:

2023-11-21T22:12:40.621+0000 SEVERE [PasswordViewRequestProcessor] com.cloakware.cspm.server.app.impl.ApplicationContextImpl.invokeCommand ApplicationContext.invokeCommand(Commandrequest, Transaction) exception:null
        java.lang.NullPointerException
                at com.cloakware.cspm.server.app.impl.UpdatePasswordViewRequestCmd.invoke(UpdatePasswordViewRequestCmd.java:232)

...

Resolution

The problem is expected to be resolved in future releases starting with 4.1.7 and 4.2.