CyberArk plugin incompatibility with the server SOAP endpoint

After an upgrade to CloudBees CI 2.516.1.28665 or later, in the controller logs, the following exception happens when trying to fetch a CyberArk credential using the CloudBees CyberArk Credentials Provider plugin, and the credential retrieval fails.

com.fasterxml.jackson.core.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (JSON String, Number, Array, Object or token 'null', 'true' or 'false') at [Source: REDACTED (StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION disabled); line: 3, column: 1] at PluginClassLoader for jackson2-api//com.fasterxml.jackson.core.JsonParser._constructReadException(JsonParser.java:2666) at PluginClassLoader for jackson2-api//com.fasterxml.jackson.core.base.ParserMinimalBase._reportUnexpectedChar(ParserMinimalBase.java:742) at PluginClassLoader for jackson2-api//com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddValue(ReaderBasedJsonParser.java:2054) at PluginClassLoader for jackson2-api//com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:780) at PluginClassLoader for jackson2-api//com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:5058) at PluginClassLoader for jackson2-api//com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4961) at PluginClassLoader for jackson2-api//com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3887) at PluginClassLoader for jackson2-api//com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3855) at PluginClassLoader for cloudbees-cyberark-credentials//com.cloudbees.jenkins.plugins.cyberark.credentials.CyberArkRestService.call(CyberArkRestService.java:66) at PluginClassLoader for cloudbees-cyberark-credentials//com.cloudbees.jenkins.plugins.cyberark.credentials.CyberArkUsernamePasswordCredential.getUsername(CyberArkUsernamePasswordCredential.java:285) Also: java.lang.Throwable: launched here …​ ---

As of December 31, 2024, CyberArk no longer supports calling the Web service using SOAP requests, and only supports calling the Web service using the REST API. Moreover, CyberArk has removed the SOAP interface for secrets retrieval in CyberArk 14. As a result, the CloudBees CyberArk Credentials Provider plugin was updated in version 324 to remove SOAP support, and now only supports the REST API.

CyberArk version 10 or later is required. For more information on the integration with CyberArk, refer to Call the Web Service using REST.

The issue is resolved by migrating the plugin configuration to use the CyberArk REST API endpoint instead of the deprecated SOAP interface.