Blog Viewer

Tech Tip - CA Privileged Access Manager: Transparent Login fails with Java application

By wonsa03 posted 10-04-2017 12:23 AM

  

CA Privileged Access Manager Tech Tip by Kelly Wong, Principal Support Engineer for 4th October 2017

Issue

Failing to configure transparent login with application that spawn another process when it starts up.

Cause

At this point of time, CA PAM/ transparent login does not support use cases where batch file (.bat) or native launcher (.exe) starts up another (actual) application. This is because the Launch Path defined in RDP Application setup (Services >> RDP Applications) does not match with the actual application's launch path. 

Workaround

Create a custom Java launcher (.jar) for the application and specify the Launch Path in RDP Application with the following format: 
"<actual application>" -jar <custom Java launcher> 


For example: "C:\Program Files (x86)\Java\jre1.8.0_101\bin\javaw.exe" -jar C:\LocalAdmin\LocalAdmin.jar 

Additional Information

Troubleshooting Windows transparent login problems passing data to backend:

https://support.ca.com/us/knowledge-base-articles.TEC1297096.html

 

 

2 comments
2 views

Comments

12-07-2017 01:14 PM

Hi Kelly,

tried to follow your article for launching java based app over RDP using PAM 2.8.2 - we ran into an issue while launching the jlnp file, the RDP session would open just fine from PAM and launch path is also verified, but as soon as javaws.exe runs the RDP session gets closed (signout and exit). If the Transparent login is turned off, PAM throws an error message not enough privileges  to launch java.exe. 

your thoughts please. 

10-04-2017 02:44 PM

Thank you for sharing this tip with the community Kelly!

Tech Tip - CA Privileged Access Manager: Transparent Login fails with Java application