Add A2A Requestors

To implement A2A scripts, you add requestors in PAM. This procedure assumes that you have registered the request server and set it to the active status.
capam33
HID_A2AScriptsPanel
To implement A2A scripts, you add requestors in 
Privileged Access Manager
. This procedure assumes that you have registered the request server and set it to the active status. (See Example Requestors provide registration data for the examples.
You can add scripts using the UI or the CLI:
2
Add A2A Scripts using the UI
To add requestors using the UI, follow these steps: 
 
  1. Select 
    Credentials,
     
    Manage A2A
    Scripts
    .
    The Scripts list page appears.
  2. Select 
    ADD
    .
    The Add Script page appears.
  3. To find an existing client, select the magnifying glass 
  4. Enter the 
    Script/App Name
    Execution Path
    File Path
    , and script 
    Type
    .
    File Path
     - The fully qualified path to where the executable file or script file is located.
    Execution Path
     - If the application itself is an executable file, then the Execution Path and the File Path are the same. If the application is a script, the two paths can be different.
    You can use standard Windows path formats, such as C:\Windows\System, or UNC (Uniform Naming Convention) paths.
  5. If you use target groupings, enter descriptors for the target application.
  6. Select 
    OK
    .
    The page is updated with the registered request scripts.
 
To retrieve the script hash from the UI, follow these steps:
 
  1. Select 
    Manage A2A
    Scripts
    .
  2. Select the script that you want to retrieve the hash for and select 
    UPDATE
    .
    The Script Details page appears.
  3. Select 
    Get Script Hash
    . If 
    PAM
     cannot retrieve the script hash, ensure that nothing is blocking communication to the appliance. Possible causes might be the server hosting the A2A Client or a network device, such as a firewall. By default, A2A Client listens on port 28888.
  4. Select 
    OK
    .
Add A2A Scripts Using the CLI
Use the following procedure to add requestors using the CLI.
Follow these steps:
 
  1. Add a request server:
    capam_command adminUserID=admin capam=mycompany.com cmdName=addRequestServer RequestServer.hostName=Vienna-Lab4.cloakware.com RequestServer.ipAddress=11.2.0.4 RequestServer.active=true RequestServer.type=CLIENT Attribute.descriptor1=Vienna Attribute.descriptor2=Lab
  2. Enter your password at the prompt. Credential Manager returns the following XML command string.
    <CommandResult> <cr.itemNumber>0</cr.itemNumber> <cr.statusCode>400</cr.statusCode> <cr.statusDescription>Success</cr.statusDescription> <cr.result> <RequestServer> <Attribute.descriptor2>Lab</Attribute.descriptor2> <Attribute.descriptor1>Vienna</Attribute.descriptor1> <ID>1</ID> <createDate>Mon Nov 12 15:45:56 UTC 2007</createDate> <updateDate>Mon Nov 12 15:45:56 UTC 2007</updateDate> <createUser>admin</createUser> <updateUser>admin</updateUser> <hash>/fvVAT2Ri4AN7zYCsweyB++/9ow=</hash> <hostName>Vienna-Lab4.cloakware.com</hostName> <IPAddress>11.2.0.4</IPAddress> <type>CLIENT</type> - 145 -
    Privileged Access Manager
    Credential Management Implementation Guide <port>1</port> <oldKey> </oldKey> <currentKey>13a3a6811160561bf8f69acf66f37f24a97b7e2b99b4afbbe61bade35c0b4108991057 a80ac4c9ecabef1d0657f14ad9911f26061bf0a4feb952e717807a72bd90663f62b2a21c35c11e4143 31a01b18594eb56c5da497ccf990f23b1855adadf294ba50e93fd25824950c4ef6115db67f61d81edb 2ebb2cbc619e2cd97786c60bd4c5e9b9a615131e8d8da7001b4b45dcaeca9be3b13a46efe5449729ad f9399ef5b67cdfabcbc60f7d298c151e50ec64060d5fd3c5e74652ba4198497c2933f3ef2e15600e71 74467054f2b19a26fdf5c5d1ee080b0e7d5cc269daa947e59320083de7143c6c8ff757d41a98d8caac e690129a88e5d4e472039f8f2bc7061e7a913e070075e7dc90cdd1a248cf1ea78e5d00c9429535b502 3068472c817c36fe8a9af1bb615a6d357ace3ec30cfd1a1edf07982b95517a9066f4e0d0ce716a10f9 111943a4f9e144ba0a8f198c2a02e58df5eb0b77c7845900af8105eebc7e</currentKey> <autoPatch>true</autoPatch> <pendingAcknowledgement>true</pendingAcknowledgement> <active>true</active> <actionRequired>false</actionRequired> <action> </action> <currentFingerprint> </currentFingerprint> <pendingFingerprint> </pendingFingerprint> <currentFingerprintDate> </currentFingerprintDate> <pendingFingerprintDate> </pendingFingerprintDate> <osName> </osName> <osVersion> </osVersion> <osArchitecture> </osArchitecture> <clientType> </clientType> <clientVersion> </clientVersion> </RequestServer> </cr.result> </CommandResult>
  3. Add a request script:
    capam_command adminUserID=admin capam=mycompany.com cmdName=addRequestScript RequestServer.hostName=Vienna-Lab4.cloakware.com RequestScript.name=example.pl RequestScript.executionPath=/opt/cloakware/cspmclient_v.3.5.0/examples RequestScript.type=Perl RequestScript.filePath=/opt/cloakware/cspmclient_v.3.5.0/examples Attribute.descriptor1=Vienna Attribute.descriptor=Lab
  4. Enter your password at the prompt. Credential Manager returns the following XML command string.
    <CommandResult> <cr.itemNumber>0</cr.itemNumber> <cr.statusCode>400</cr.statusCode> <cr.statusDescription>Success</cr.statusDescription> <cr.result> <RequestScript> <ID>1</ID> <createDate>Mon Nov 12 15:47:35 UTC 2007</createDate> <updateDate>Mon Nov 12 15:47:35 UTC 2007</updateDate> <createUser>admin</createUser> <updateUser>admin</updateUser> <hash>/14qoJ1SI63KgaTIKDZD8J5lWvs=</hash> <name>example.pl</name> <filePath>/ope/cloakware/cspmclient_v.3.5.0/examples</filePath> <executionPath>/opt/cloakware/cspmclient_v.3.5.0/examples</executionPath> <type>Perl</type> <requestServerID>1</requestServerID> <scriptHash> </scriptHash> </RequestScript> </cr.result> </CommandResult>