Frontend and CyberArk integration doesn't work to collect database credentials

XMLWordPrintable

    • Type: Incident report
    • Resolution: Unresolved
    • Priority: Critical
    • None
    • Affects Version/s: None
    • Component/s: Frontend (F)
    • None
    • Support backlog

      I configured the integration between Zabbix and CyberArk based on the documentation: https://www.zabbix.com/documentation/7.0/en/manual/config/secrets/cyberark (btw, there is a misconfiguration in the documentation where curl is provided as an example. --The header should be "Content-type" not "Content type").

      The configuration between the vault and the Zabbix server works as expected. Unfortunately, the Zabbix frontend sends an error when retrieving DBCredentials, which is unexpected as the exact same data is provided in the Zabbix server and frontend configuration.

      I checked the source code and saw that it might be a problem with the json_decode function (but I don't have permission to modify the source code on my client virtual machine to debug this problem) - https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/ui/include/classes/vaults/CVaultCyberArk.php?at=refs%2Fheads%2Frelease%2F7.0#89.

      Server and frontend are installed on different VMs, but both are configured to connect to the encrypted CyberArk via certificate (on the screenshots you can see that I've provided one .pem file with cert and key, but when I had separate files it was the same (server works, frontend doesn't)). Curl tests works fine on both servers and json is received.

      The CyberArk vault runs on a non-default port and it's secured with an SSL certificate.

      Environment:

      OS: RedHat 9.4

      Zabbix server version: 7.0.11

      Zabbix frontend version: 7.0.11

      Web server: httpd

      CyberArk version: 14

      Steps to reproduce:

      Configure CyberArk with SSL certificate validation

      Configure Zabbix server to connect to the vault (certificate is provided in a non-default directory)

      Certificate with read permissions to user:zabbix, group:zabbix

      Configure Zabbix Frontend to connect to vault (certificate is provided in non default directory)

      Certificate with read permissions on user: apache, group: apache

      Result:

      See attachments:
      Zabbix server vault integration works.

      Zabbix frontend vault integration doesn't work.

      Expected:

      Both server and frontend should work.

        1. Error on GUI.png
          Error on GUI.png
          11 kB
        2. Zabbix frontend configuration - not working.png
          Zabbix frontend configuration - not working.png
          55 kB
        3. Zabbix server working configuration.png
          Zabbix server working configuration.png
          140 kB

            Assignee:
            Zabbix Development Team
            Reporter:
            Karlis Salins (Inactive)
            Votes:
            2 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: