The CA PAM Client works in Mac but when you try to launch an SSH TCP/UDP service, you get a 'loop reject' message.
If you reproduce the same steps in the browser you get the following message:
<<Unable to start Mac Assistant software. Reason: Cannot run program "/usr/local/bin/xcd_assistant": error=, Operation not permitted.>>
This means that the user that is executing the client does not have permission to execute the Mac Assistant (xcd_assistant).
Resolution:
Check on the file properties and grant execute permissions to the /usr/local/bin/xcd_assistant file.