PAM RemoteCLI Error Message

Document ID : KB000046292
Last Modified Date : 14/02/2018
Show Technical Document Details

Problem:

After installing and configuring the CLI following instructions in the CA PAM Credential Management Implementation Guide we try to run "capam_command" commands, but we always get a "java.io.IOException: Server returned HTTP response code: 403 for URL ..." error.

 

Cause:

The guide does not explain how CA PAM needs to be configured to allow CLI commands.

 

Resolution:

There are two places where the CLI needs to be enabled:

1) In the Password Management UI under Settings > General Settings, checkbox "Enable External CLI". As stated on the page this change is not dynamic but requires a reboot of the appliance.

 

2) On the Config > Security page, near the bottom under "External API Access", option "Enable Credential Management CLI" needs to be checked. This change is dynamic.