Troubleshooting
If you encounter any of the following issues or errors, SailPoint recommends that you follow the guidance provided below to resolve the error before contacting SailPoint Support.
With certificate authentication configured, the credential provider fails to fetch a secret
Resolution: Fetch a secret from the CyberArk Central Credential Provider (CCP) by selecting REST API using tools like Postman or Curl URL. For more information, refer to Call the Web Service Using REST.
Note
The linked document is not maintained by SailPoint and is subject to change without notice.
With certificate authentication configured, the credential provider fails to fetch a secret with an SSL Peer Unverified error message
Error message:
javax.net.ssl.SSLPeerUnverifiedException
Resolution 1: Ensure that the certificate Subject Alternative Name is the same as the hostname for the CyberArk Central Credential Provider (CCP) web service. Also, in the CyberArk Central Credential Provider (CCP) application, the URL should be configured with the same hostname.
Resolution 2: Disable hostname verification. To disable hostname verification in the Credential Provider, add the following entry to the Credential Provider using the source update API:
[
{
"op": "add",
"path": "/connectorAttributes/allowAllHosts",
"value": "true"
}
]Note
For more information on SailPoint's REST APIs, refer to Best Practices: REST API Authentication and REST API - Update Source (Partial) in the SailPoint Developer Community.
Get secret fails with an error code 400, and the CyberArk application uses Allowed Machines authentication
The connector fails to get a secret from the CyberArk Central Credential Provider (CCP), and instead it returns an error code 400. Also, Allowed Machines authentication is configured on the CyberArk Access Manager (Self-Hosted) application.
Resolution: Ensure that your virtual appliance’s IP address is included in the allowed machines list in the application.