Skip to content
CA Privileged Access Manager - 2.8.3
Documentation powered by DocOps

Integrate A2A Applications

Last update February 16, 2017

The concept of request integration refers to the process of replacing the hard-coded user names and passwords in an application with Credential Manager credential requests. This application is a “requesting application” or “requestor.”

The request integration process involves the following steps:

  1. Set up your Environment for Integration
  2. Request Integration Algorithm
  3. Add your requestor to Credential Manager. See Add Requestors.
  4. Adding an authorization mapping to Credential Manager. See Add Authorization Mappings.

Set Up Your Environment for Integration

Follow these steps:

  1. Install the A2A Client. See Install an A2A Client for Credential Management.
  2. Do the setup steps that are specific to your integration environment:
    • For a UNIX environment, source the .cspmclientrc file or set up the environment variables that are contained within the file. The .cspmclientrc file is located in: $CSPM_CLIENT_HOME/cspmclient/bin.
    • For Microsoft Visual Studio, you do not need to register the DLL. It was done during A2A client installation.
    • For Eclipse, add the cspmclient.jar file to the build path. This allows Eclipse to compile your application. See the procedure that is described in Set Up Eclipse for A2A Integration.

Set Up Eclipse for A2A Integration

Use the following procedure to add the cspmclient.jar file to the build path.

Follow these steps:

  1. Open the project Properties dialog.
  2. Select Java Build Path.
  3. Click the Libraries tab.
  4. Click Add External JARs.
  5. Browse to the $CSPM_CLIENT_HOME/cspmclient/lib folder and select the following files: cspmclient.jar, cwjssefips.jar and cwjcafips.jar.
  6. Close the Properties dialog.

Request Integration Algorithm

"Request integration" is the process of modifying your existing requestor to use Credential Manager to retrieve credential information instead of using hard-coded user names and passwords.

Integration methods for implementing the credential request are described in Integrate Applications with the Credential Manager A2A Client.

Typically, when you integrate your application or script with the A2A client, you use the cached version of the credential. However, the supplied credentials only give the requestor access to the data if the A2A client cache is up-to-date. The following algorithm uses the cached credentials for the first login attempt. If the login fails the A2A client cache is overridden, credentials are retrieved directly from the CA Privileged Access Manager appliance, and a second login is attempted. By using the cached credentials for the first login attempt, you help reduce the load on the CA Privileged Access Manager appliance and improve performance. However, the tradeoff is potentially incurring a failed login attempt if the cached credential has gone stale.

A failed login attempt can trigger an auditable security incident and possibly an account lockout condition if the number of failed login attempts exceeds the maximum that the policy allows.

Was this helpful?

Please log in to post comments.