Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
HeikoAnkenbrand
Champion Champion
Champion

R81 SmartConsole config file doesn't work

I have a problem with the SmartConsole config file and version R81.

Is this no longer supported from R81 or is this a bug?

I'll try the following:

 

"C:\Program Files (x86)\CheckPoint\SmartConsole\R81\PROGRAM\SmartConsole.exe" -p D:\SmartConsoleP.xml

 

And the file SmartConsoleP.xml for the SmartConsole login:

 

<?xml version="1.0" encoding="utf-8"?>
	<RemoteLaunchParemeters xmlns:xsi="http‌‌/www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http‌‌/www.w3.org/2001/XMLSchema">
		<Username>admin</Username>
		<ServerIP>x.y.z.w</ServerIP>
		<DomainName></DomainName>
		<ReadOnly>False</ReadOnly>
		<CloudDemoMode>False</CloudDemoMode>
		<Password>this is secret</Password>
	</RemoteLaunchParemeters>

 

PS:
This works without problems with version R80.10 - R80.40.

 

➜ CCSM Elite, CCME, CCTE
14 Replies
Dima_M
Employee
Employee

Hi Heiko,

Thanks for reporting, we're already working to fix this issue. If you would like to get a private HotFix, please submit a Service Request.

HeikoAnkenbrand
Champion Champion
Champion

Thanks

➜ CCSM Elite, CCME, CCTE
0 Kudos
randolchen
Participant

Hi,

Same here, I just ran into this. I tried the latest version R81 (81.0.9500.549) as of today (Build 549 published 2021-02-04)  but the problem persists. Is any fix available? I just opened a SR just in case. Maybe DEVs updated something on the Syntaxis of the XML.

@HeikoAnkenbrand by the way, just in case you need it... I realized that R80.x didnt recognize the ReadOnly option (<ReadOnly>True</ReadOnly>), after a very long testing session I figure it out this (<IsReadOnly>1</IsReadOnly>) as a working workaround to connect Read Only "R80.x".

Thanks.

RChen
Arne_Boettger
Collaborator

Thank you for that information. Unfortunately, our request for a private Hotfix for R80.30 was denied and we were told to monitor the release notes of SmartConsole for a fixed version.

 

best regards, Arne

0 Kudos
the_rock
Legend
Legend

Yes, I have the same issue as well...glad they are working on the fix.

0 Kudos
Sagivw
Employee
Employee

Hi Heiko,

As Dima_m mentioned, we are working on a fix- It is important to state that this is not actually an issue, but that the feature was adjusted so that you can no longer use it with the password in clear text within the XML file but using an SSO token instead. (duo to Security reasons) 

It has been integrated as so in the latest SC build for all versions- we are currently integrating the fix that will allow you to use it with clear text password for R80.30 and R80.20 (no ETA at the moment, still under testing) as for R80.40 and above- according to my understanding, it will not be reinstated.

Official documentation about all of this is inbound.

 

Hope that clarifies things 🙂

****after checking again with the development team the login with SSO token option is not available for the SmartConsole admin****

randolchen
Participant

Exactly, is not an issue but would have been great if LoginParam would remain working until developers implemented something new and more secure like token or so. Because if you get to that build on R80.40 or R81 there is no option right now...

Just to share how I use LoginParams:
I implemented a "bit more secure" way and was calling the paramfile from a secure server that generate the xml based on some permisions, etc.
First the web app generate a bat file that contains this script obuscated, and the bat autodeletes after running:

SmartConsole.exe -p https://myinternalapp.local/app/connect?to=ONETIMETOKEN

The url will generate the XML file. but will never be stored on the machine. and its one time. so the next time I use the URL or the BAT file will not work, even if I manage to make copies before they auto delete.

I'm waiting for the new connection method to rewrite my code.

RChen
0 Kudos
BABaracus
Explorer

To RChen's point, and similar to what he's describing, we've achieved with a password vault in version prior to R81.

We were using cyberark to launch smartconsole and populate username/password fields in the XML with variables by making a request to the cyberark API. After upgrading to R81 we are now dead in the water. Our only workaround has been to allow access to smartconsole through the web UI - but this is not ideal as it lacks features our admins require. For now the workaround has been installing smarconsole directly on user desktop vms and letting them run it locally without monitoring or password management - also not ideal.  We will adjust our code as well whenever CP documents their new method for launching from CLIs. 

 

BA 

0 Kudos
barakco
Explorer

Hi,  
  
Does anyone know if there is a solution for R81.10?

0 Kudos
Lloic
Explorer

Hello,

Actually exactly the same case here as BABaracus and barakco.
Moving from R80.30 with LoginParam to R81.10 with ... Nothing ?!

Does anyone get the support of Checkpoint on that ? Except an private hotfix...?

Thanks.

0 Kudos
Sagivw
Employee
Employee

Please see sk175463

0 Kudos
barakco
Explorer

Hi , 

i see that logging with xml is not supported. Do you have any solution to inject user/password with Cyberark?

0 Kudos
Sagivw
Employee
Employee

Hi barakco,

I am not aware of any other methods- I believe that Cyberark should handle that directly with our R&D, I would suggest contacting them.

0 Kudos
Ruan_Kotze
Advisor

While it doesn't directly fix your issue, this might be a workaround for CyberArk until integration is fixed again.

Establish a RDP connection to a jump box with SmartConsole installed using PSM (so that you get session recording).  The user will need to check check out the password via PVWA and use that to login.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events