I spent sometime to try to figure out how to add a website account into Vault and use PVWA to log in Website using CyberArk PAS without revealing password. There are many documents relating to this topic but the steps are not clear enough for me at the beginning. I summarized all steps together in this post. Hopefully it will helps if someone has same confusion as I.
Enable Chrome in PSM Server
-
Remove the read-only permission from the PSMConfigureAppLocker.xml file.
-
In the Hardening subfolder of PSM installation folder, open the PSMConfigureAppLocker.xml configuration file and edit the AllowedApplications section:At the beginning of the Google Chrome processes section, remove the following line:
<!– If relevant, uncomment this part to allow Google Chrome webform based connection clients
At the end of the Google Chrome processes section, remove the following line:
End of Google Chrome process comment –>
Specifically, make sure that the following lines are uncommented:
<Application Name=”PSM-WebAppDispatcher” Type=”Exe” SessionType=”*” Path=”C:\Program Files (x86)\CyberArk\PSM\Components\CyberArk.PSM.WebAppDispatcher.exe” Method=”Hash” />
<Application Name=”chromedriver” Type=”Exe” SessionType=”*” Path=”C:\Program Files (x86)\CyberArk\PSM\Components\chromedriver.exe” Method=”Hash” />
<Application Name=”PSM-ProgressBar” Type=”Exe” SessionType=”*” Path=”C:\Program Files (x86)\CyberArk\PSM\Components\CyberArk.ProgressBar.exe” Method=”Hash” /><Application Name=”GoogleChrome” Type=”Exe” Path=”C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” Method=”Hash” />
<Application Name=”IExplore32″ Type=”Exe” Path=”c:\Program Files (x86)\Internet Explorer\iexplore.exe” Method=”Publisher” />
<Application Name=”IExplore64″ Type=”Exe” Path=”c:\Program Files (x86)\Internet Explorer\iexplore.exe” Method=”Publisher” />Verify that the path specified in the xml matches the browser installation path. Save the PSMConfigureAppLocker.xml configuration file and close it.
Use the following command to run PowerShell and start the script:
CD “C:\Program Files (x86)\CyberArk\PSM\Hardening”
./PSMConfigureAppLocker.ps1
Create a new connection component
Create a new platform
- Duplicate a existing Generic Web App platform.
- Edit it.
- Assign PSM and the new created connection component to new platform
Create a Website Account
System Type : Website
Assign to Platform : 51Sec-Generic Web App
Store in Safe : 51Sec-Personal-Test
Username : admin
Address: blog.51sec.org/wp-login.php
Password: Password123456!
References
- Microsoft Office 365 Marketplace
- Microsoft Office 365 Implementation Guide
- Web Applications for PSM
- https://www.reddit.com/r/CyberARk/comments/5rkekp/office_365_with_cyberark/
- Secure Web Application Connectors Framework Installation Guide
- Secure Web Application Connectors Framework Developers Guide
- PSM Use Google Chrome: PSM for Web Applications
Very important information, always eager to read your blog