CyberArk CCP Configuration under credential store

Hi Team,

We are configuring the CyberArk for one of our tenant but it is giving an error message “The field AdditionalConfiguration must be a string or array type with a maximum length of ‘10240’.”

Can you please help to fix this issue .

Thanks,
Sumit Sharma

Hello @sumit.sharma.cw,

I’ve recently configured 3 different Orchestrator instances (all single tenants) without issue. I have not personally come across this error.

Can you please provide details in order for others to help out?

  1. What Actions/Steps are you taking when you get this error?
  2. Is this error in the Orchestrator Web UI or in Logs?
  3. Have you review the Windows Event Logs?
  4. Can you provide details on how you’ve configured the CyberArk Agent and Orchestrator to leverage the Provider?
  5. Can you successfully query CyberArk using the command line from the Orchestrator host?

I would also suggest opening a ticket in your Customer Portal or using the Technical Support form if this is time sensitive or you need in-depth insight to troubleshoot.

Hi @codemonkee thanks for the response I have also tried to configure the Cyberark for different tenant and it was successful but whenever I am trying to configure it for the second tenant it was giving me the error “The field AdditionalConfiguration must be a string or array type with a maximum length of ‘10240’.”
Please find the below details to rectify the issue

  1. What Actions/Steps are you taking when you get this error?
    → I have changed the password of the associated account and reconfigured but still getting the same error

  2. Is this error in the Orchestrator Web UI or in Logs?
    ->It is in Orchestrator Web UI

  3. Have you review the Windows Event Logs?
    ->Yes in Window event log I have not found any error

  4. Can you provide details on how you’ve configured the CyberArk Agent and
    Orchestrator to leverage the Provider?
    ->In Orchestrator we are providing the details as per the attached screen shot and try to establish the connection but getting the error.

  5. Can you successfully query CyberArk using the command line from the Orchestrator host?
    ->No I have not checked it ,can you please help on this.

Thanks ,
Sumit Sharma

I’m not sure what this entails, or you talking about a Robot/Asset record in Orchestrator, or another aspect of the setup?

There was no screenshot attached. but what I am wondering is which CyberArk Plugin are you using (AAM, CCP), what configuration has been done in CyberArk, Orchestrator Config, Tenant Credential Store Configuration, Robot/Asset configuration

Is this a single Orchestrator (Cloud, Enterprise Cloud, Private Enterprise) with multiple Tenants in which 1 tenant is working and the 2nd is not, or you’ve just happened to configure a different Orchestrator that was successful?

If you are using the CyberArk AAM (Application Access Manager) you would have installed a CyberArk Agent onto the Orchestrator Node and could query a safe with something along the lines of

.\CLIPasswordSDK64.exe GetPassword /p AppDescs.AppID=<appid> /p Query="Safe=<safename>;Folder=<logicalfolder>;Object=<credentialname>" /o Password

I’m not as familiar with the Agentless method (CCP - Central Credential Provider), but presumably it is a similar configuration but instead of using UiPath.Orchestrator.CyberArk.dll you would use UiPath.Orchestrator.SecureStore.CyberArkCCP in your `UiPath.Orchestrator.dll.config’. And you’d authenticate using Certificates instead of configuring the AAM.

I’m not sure what this entails, or you talking about a Robot/Asset record in Orchestrator, or another aspect of the setup? ->It is about robot account password which being used in CyberArk.

There was no screenshot attached. but what I am wondering is which CyberArk Plugin are you using (AAM, CCP), what configuration has been done in CyberArk, Orchestrator Config, Tenant Credential Store Configuration, Robot/Asset configuration → I am using CCP plugin

image


Is this a single Orchestrator (Cloud, Enterprise Cloud, Private Enterprise) with multiple Tenants in which 1 tenant is working and the 2nd is not, or you’ve just happened to configure a different Orchestrator that was successful? → Yes it is a single Orchestrator with multiple tenant in which 1 tenant working with same configuration but 2nd is not.

Thanks
Sumit Sharma

Hi Team ,

Can anyone help on this issue ??

Thanks
Sumit Sharma

Hi @sumit.sharma.cw ,

May be @loginerror can provide some help here.

Thanks !

What I mean here is can you detail the specific steps and configuration settings that you have gone through with Orchestrator and CyberArk. For example in your screenshot showing the Client Certificate and Client Certificate Password, it appears that a Client Certificate was not selected, but that just might be the how the UI displays it, but not having used the CCP Plugin I would expect that field to show something such as the Certificate Filename, Thumbprint, etc.

I don’t work with multi-tenant orchestrators, but I’ll see about configuring my sandbox environment with another one and ask my security team to adjust our CyberArk App profile to accept certificate authentication and let you know how it goes. Might not be able to get around to it right away.

If this is an urgent matter, I would strongly suggest reaching out to UiPath Support through the Customer Portal or via their Technical Support Form.

I’m going to back up on that… We don’t have licenses or appliances deployed for testing CCP, but I did go through the motions on the UiPath Orchestrator side and what I observed is the following

When selecting a certificate for the Client or Server Root Cert it displays the filename when accepted and is shown in a masked state when revisiting the Credential Store configuration.

image

image

I did attempt to upload different certificate formats and the fields would not populate until not only did I use the right certificate format, but also used the expected file extension (PFX for Client Certificate and CRT for Server Root Certificate). Otherwise it would show a blank field as you have in your screenshots.

Based on that I would ensure that you are using the correct Certificate format and the expected file extensions.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.