RDM: Credential Management - Safeguard API Error - Forbidden
Hello,
we are trying to use One Identity Safeguard Credential Management Entry in RDM. We are unable to get it working. Can you please help us by finding the missing piece.
We create new Entry and configure it:
After that we are able to get the list of all available assets for connected local user:
We can select the asset and set request parameters:
But after submitting the request we receive an error from Safeguard API:
On the Safeguard side we have enabled Resource Owner Grant Type as per instruction on the following page:
https://docs.devolutions.net/rdm/kb/how-to-articles/one-identity-pam/
To easily troubleshoot this, we granted local user every permission in Safeguard:
Any help would be greatly appreciated.
Thank you,
Best regards,
Darko
Devolution6.png
Devolution5.png
Devolution4.png
Devolution3.png
Devolution2.png
Devolution1.png
All Comments (2)
Update / Correction
I’m updating my previous response, as the earlier conclusion turned out to be incorrect.
The actual cause of the 90408 Forbidden error is related to the Access Request Policy configuration in Safeguard.
When using Resolving Mode: Injection in the Devolutions Safeguard entry, only Access Request Policies with Request Type set to Credential are supported.
If the policy is configured with a different request type, the API call will fail with the authorization error.
Hopefully this helps anyone troubleshooting the same issue.
Hello,
Thank you for the update. We are glad to hear you were able to identify the root cause.
We will go ahead and close this case. Do not hesitate to reach out if anything else comes up.
Best regards,
Carl Marien