Applies To:
Trust Protection Platform 17.1 and above.
Cyberark 9.8 REST API
Summary:
Testing functionality of Cyberark connectivity outside of Trust Protection Platform (TPP) is easy to do.
Variables used: cyberark_pvwa_fqdn - Cyberark FQDN, cyberark_safe_name - Cyberark Safe being tested
- Download Postman. https://www.getpostman.com/
- Configure a New Request using the following parameters
- POST https://<cyberark_pvwa_fqdn>/PasswordVault/WebServices/auth/Cyberark/CyberArkAuthenticationService.svc/Logon
- Headers: Content-Type:application/json
- Body: {
"username": "<tpp_user>",
"password": "<password>"
} - Tests: var data = JSON.parse(responseBody);
postman.setEnvironmentVariable("CyberArkLogonResult", data.CyberArkLogonResult);
- Save the above Request as 'Cyberark Authorize & Save to variable'
- The above request will return a session token to use for the following New Requests and is stored in the Postman 'CyberArkLogonResult' variable
- Configure a New Request using the following parameters
- GET https://<cyberark_pvwa_fqdn>/PasswordVault/WebServices/PIMServices.svc/Safes/<cyberark_safe_name>/Members
- Headers: Authorization:{{CyberArkLogonResult}}
Content-Type:application/json
- Save the above Request as 'Cyberark Get Safe Members'
- The above request will return a list of Members who can access the safe and should give a Success [200] status
- Configure a New Request using the following parameters
- POST https://<cyberark_pvwa_fqdn>/PasswordVault/WebServices/auth/Cyberark/CyberArkAuthenticationService.svc/Logoff
- Headers: Authorization:{{CyberArkLogonResult}}
Content-Type:application/json
- Save the above Request as 'Cyberark Logoff'
- The above request will log off the user, remove the Vault session and should give a Success [200] status
These three requests should be run from the TPP server to eliminate any potential firewall issues. If it is known that there is no firewall between the TPP server and the Cyberark server then it can be tested on another system.
Comments