PAM SDM integration does not work when using a certificate
search cancel

PAM SDM integration does not work when using a certificate

book

Article ID: 378862

calendar_today

Updated On:

Products

CA Process Automation Base CA Service Desk Manager

Issue/Introduction

The integration from PAM to SDM is using a certificate. After the upgrade of PAM to 4.4 CP03, the integration stops working and the following error occurs in c2o.log and operator when running the PAM process:

c2o.log

Failed to evaluate pre-execution on ROID: <ID>(will be aborted)
com.optinuity.c2o.util.C2OException: Failed to execute code:
load(Process.GblDSVals.JSCommonFunctions);
 
Process.ProcessStep__ = "Attempt Login";
if(isFIPSMode()=="true")
{
    logEvent(1,"CUSTOM","EEM is in fips mode");
    Process.Token__=getEEMArtifactToken(Process.SLCM_Cert_Path__, Process.SLCM_Key_Path__);
}
else
{
    logEvent(1,"CUSTOM","EEM is in non fips mode");
    Process.Token__=getEEMArtifactToken(Process.SLCM_Cert_Path__, Process.SLCM_Cert_Pass__);
}
CommonPreExec( Process.ProcessStep__ );
 
 -- Error occurred while generating EEM Token EE_EXCEPTION Exception (c2ojslib.js#1)

soapenv:Client
get_handle_for_userid failed with userid 'cnt:<UUID>'
1000
Please check if the values set for Process.SLCM_Cert_Path__ and Process.SLCM_Key_Path__ are correct.

 

Environment

SDM 17.4 RU2

PAM 4.4 CP03

Cause

Java 11 being used in Process Automation Manager (PAM 4.4) causing this issue to occur.

Resolution

1. Set JAVA_HOME to the path of JAVA being used by PAM and Service Catalog.

2. Generate the USMcertfile.p12 file with the following command in the Catalog EEM server:

safex -h localhost -u eiamadmin -p Prima123Vera -f C:\CatalogEEMfiles\issueCertificateP12.xml

Refer to the following KB Article for detailed steps and instructions on how to run the command above: Rebuild Service Catalog certificates


In ITPAM Server

3. Copy the USMcertfile.p12 from Service Catalog home folder (ie: C:\Program Files\CA\Service Catalog) to the ITPAM server directory C:\Program Files\CA\PAM\wildfly\standalone\.c2orepository.

4. Copy the password from the issueCertificateP12.xml file from step 2 and paste it into the certpass__ in SLCM_GlobalDataset

5. Re-enter the password__ in SLCM_GlobalDataset

6. Set the name and path of the .p12 in the keypath__ field in SLCM_GlobalDataset

7. Go to Catalog > Administration > Configuration > CA Process Automation > Click on Configure

8. Go to Catalog > Administration > Configuration > CA Process Automation > Click on Test

Powered by Wolken Software