• State Verified Answer
  • Replies 2 replies
  • Subscribers 28 subscribers
  • Views 1212 views
  • Users 0 members are here
Options
Related

Error with SRA Setup

Cyril Chong
over 2 years ago

Hi, was just trying out SRA setup in my lab but seems like hitting an error below. Any thoughts on what this means? Does SRA feature require different license for SPS as well like sudo-io function? 

Error below: 

2021-11-03T15:38:25+08:00 sps.demo.local zorp/scb_ssh[1948]: scb.info(4): (svc/mQJu9KVkEYR2s23kZMfDcG/SRA:8/ssh): Plugin(aa/SPS_AA_SRA_initiated/main.py): GET request; url=192.168.0.160:8649/.../RequestableAssets, parameters={'Filter': "NetworkAddress eq '192.168.0.132'", 'ForUser': 'sra.trial1', 'ForProvider': 'Local'}, auth=SPSInteractive
2021-11-03T15:38:25+08:00 sps.demo.local zorp/scb_ssh[1948]: scb.info(4): (svc/mQJu9KVkEYR2s23kZMfDcG/SRA:8/ssh): Plugin(aa/SPS_AA_SRA_initiated/main.py): [ERROR] The access request broker service is disabled.; code=60711, data={"Code":60711,"Message":"The access request broker service is disabled.","InnerError":null}
2021-11-03T15:38:25+08:00 sps.demo.local zorp/scb_ssh[1948]: scb.info(4): (svc/mQJu9KVkEYR2s23kZMfDcG/SRA:8/ssh): AA plugin authorization hook result; verdict='DENY'
2021-11-03T15:38:25+08:00 sps.demo.local zorp/scb_ssh[1948]: ssh.error(2): (svc/mQJu9KVkEYR2s23kZMfDcG/SRA:8/ssh): Authorization failed;
2021-11-03T15:38:25+08:00 sps.demo.local zorp/scb_ssh[1948]: ssh.policy(4): (svc/mQJu9KVkEYR2s23kZMfDcG/SRA:8/ssh): Authorization was denied

--Cyril

Parents
  • +1 over 2 years ago

    Hi Cyril,

    It seems you are using an AA plugin for this SSH connection policy, if this is getting the password from SPP then make sure the following service is enabled in SPP:

    - In SPP Desktop Client > Navigate to Administrative Tools | Settings | Access Request | Enable or Disable Services.

    - Enable this option: Session Module Password Access Enabled

    Session module password access is disabled by default. When the toggle is on, Safeguard for Privileged Passwords (SPP) can create an access request and check out a password from Safeguard for Privileged Sessions (SPS) on behalf of another user. When the toggle is switched off, this ability is revoked.

    Thanks!

Reply
  • +1 over 2 years ago

    Hi Cyril,

    It seems you are using an AA plugin for this SSH connection policy, if this is getting the password from SPP then make sure the following service is enabled in SPP:

    - In SPP Desktop Client > Navigate to Administrative Tools | Settings | Access Request | Enable or Disable Services.

    - Enable this option: Session Module Password Access Enabled

    Session module password access is disabled by default. When the toggle is on, Safeguard for Privileged Passwords (SPP) can create an access request and check out a password from Safeguard for Privileged Sessions (SPS) on behalf of another user. When the toggle is switched off, this ability is revoked.

    Thanks!

Children