Azure Service Principal Discovery with Cyberark External Credential Store


Description

According to the document "CyberArk credential storage integration" it is mentioned to have the support for REST (with basic authentication overrides)

Once configured the same to have the Azure Service Principal Discovery with Cyberark External Credential Store, the discovery fails with below error.

CredentialResolver to resolve Azure_SP/azure/null

They have the integration of Azure credentials through the API  working for SNMPv3 and basic auth successfully, but note however that docs page (specifically the section with #dummycredentials.properties ) doesn't list the type for Azure, nor does it have examples of the keys to be set in the hashmap returned for Azure.

The credential resolver jar must return a Hashmap with proper key (case sensitive) and non-null valid values for the same in order to be properly utilized by CMP, the keys for which are mentioned below: 

The issue is that even the customer resolver passes the correct hashmap, the credential validation fails with above-mentioned error with null objects.

Steps to Reproduce

  1. Configure Azure credentials with Cyberarc
  2. Create the Azure Service Account and choose to use the Credentials from Externalcredential store (cyberarc)
  3. Execute Azure subscription discovery
  4. Returning the hashmap in the same order as mentioned, hashmap output is : {name=azure, tenant_id=xxxxxxxxxxxxxxxxxxxxxxxxx, client_id=xxxxxxxxxxxxxxxxxxxxxxxxx, auth_method=Client Secret, secret_key={[xxxxxxxxxxxxxxxxxxxxxxxxx}
  5. Still issue persists with same error mentioned below:

Using a high-security credential: HighSecurityCredential: Azure_SP/azure/null

Workaround

This problem is currently under review. You can contact ServiceNow Technical Support or subscribe to this Known Error article by clicking the Subscribe button at the top right of this form to be notified when more information will become available..



Related Problem: PRB1346683