[ZBX-24001] CyberArk Vault integration in Frontend is not working with cert auth Created: 2024 Jan 29 Updated: 2024 Jun 04 Resolved: 2024 Jun 04 |
|
| Status: | Closed |
| Project: | ZABBIX BUGS AND ISSUES |
| Component/s: | Frontend (F) |
| Affects Version/s: | 6.4.10, 7.0.0beta1 |
| Fix Version/s: | 6.4.15rc1, 7.0.0rc1, 7.0 (plan) |
| Type: | Problem report | Priority: | Blocker |
| Reporter: | Edgar Akhmetshin | Assignee: | Zabbix Development Team |
| Resolution: | Fixed | Votes: | 4 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
ZBX_24001.patch
|
||||||||||||
| Issue Links: |
|
||||||||||||
| Sprint: | S24-W10/11, S24-W12/13, S24-W16/17 | ||||||||||||
| Story Points: | 2 | ||||||||||||
| Description |
|
Steps to reproduce:
Server: Vault=CyberArk VaultURL=https://some.url.org VaultDBPath=AppID=APP_ZABBIX_PROD&Safe=SOME&Object=SOMETHING VaultTLSCertFile=...some.crt VaultTLSKeyFile=...some.key.pem Frontend: $DB['VAULT'] = 'CyberArk'; $DB['VAULT_URL'] = 'https://some.url.org'; $DB['VAULT_DB_PATH'] = 'AppID=APP_ZABBIX_PROD&Safe=SOME&Object=SOMETHING'; $DB['VAULT_CERT_FILE'] = '...some.crt'; $DB['VAULT_KEY_FILE'] = '...some.pem'; Result: Frontend doesn't work: {"ErrorCode":"APPAP330E","ErrorMsg":"Failed to verify application authentication data: Could not obtain client certificate details."}
Expected: |
| Comments |
| Comment by Vladislavs Sokurenko [ 2024 Apr 19 ] |
|
(1) [D] c_rehash . Then update config, for example $DB['VAULT'] = 'CyberArk'; $DB['VAULT_URL'] = 'https://ca_hostname:8443'; $DB['VAULT_DB_PATH'] = 'AppID=zabbix_server&Query=Safe=passwordSafe;Object=zabbix_server_database'; $DB['VAULT_TOKEN'] = ''; $DB['VAULT_CERT_FILE'] = '/foo/bar/client-cert.pem'; $DB['VAULT_KEY_FILE'] = '/foo/bar/client-key.pem'; |
| Comment by Valdis Murzins [ 2024 Apr 25 ] |
|
Fixed in:
|