Symantec Privileged Access Management

Hi guys,

I'm trying to configure a transparent login to a CISCO ASA Network device. The customer uses ASDM client (java).

I managed to obtain the installer for Windows, installed the tool and - using Launch4J - I wrapped the .jar class into an .exe file.
Then I published the RDP Application (this exe file).

Finally I succeded to write the transparent login config in PAM and - with the DEBUG - it works like a charm.

When I tried to access to the device using the Policy I've done nothing happens and, after the Windows auto-login and the usual cmd.exe, there is an immediate sign-out.

I've used Tomcat in "FINE" log, but no entries to explain what happens.

Any hints? Ideas?

It's pretty important, I'm in the middle of a project delivery.

Regards, Dario

Dario,

We do not support the java applets for RDP applications, but we have a workaround created by one of the engineers; this may or may not work for you. 

This workaround is to publish the javaw.exe & allow the jar file to be called via the command line parameters. Please see the information below for more info.  Since this is not officially supported there is not much more we will be able to do to help if this doesn't work for you.

Also, we only officially support Windows 32-bit applications. Even if Launch4J is making a 32-bit executable, the application inside is still Java.

Regards,

Anthony

Transparent Login with a Java Tool

In general Java apps don’t work well. This is because they do not use standard windows forms, so the Learn Tool Control Viewer can’t read them.

Below I will provide an e.g. of a case that I worked. This doesn’t mean that all the java tools have same behavior.

This is the current jar that I want to use with Transparent Login:

• 1)  Publish the Jar file. In this cases I published the LocalAdmin.jar
• 2)  Launch the Learn Mode from the server you have published the jar.
• 3)  Run the jar file (LocalAdmin.jar in my case). You may notice that the tool is not recognized by the Learn Tool so we have to configure the Transparent Login Config user by clicking on Text input->Keystrokes.
• 

In my e.g. I need the username and password:

<window id="">
<send id="window" username="true"/>
<send id="window" text="{TAB}"/>
<send id="window" password="true"/>
<send id="window" text="{ENTER}"/>
</window>

• 4)  Now let’s validate and debug the tool with the Learn Tool:
  1. a.  Click on the Debug button and browse the javaw.exe file in the ‘App path:’ field.
  2. 
  3. b.   Enter the window Title of the tool. In this case is Login.
  4. c.  Enter the username and password.
  5. d.  Click on Run.
  6. e.  Run the java file (C:\LocalAdmin\LocalAdmin.jar)
  7. f.   You should see that the fields are automatically completing with the user and password provided in the Debug.
     And you should see the following information displayed in the command prompt:
  8. 
• 5)  If the result is successful then configure the RDP Application Service with the following comedmand:

“<JAVA PATH>\javaw.exe” – jar <jar file

In my e.g. I have the following line:
"C:\Program Files (x86)\Java\jre1.8.0_101\bin\javaw.exe" -jar C:\LocalAdmin\LocalAdmin.jar

Thanks mate, this solved my use case!! I used exactly your steps...

Just one final observation: the .sh launcher for unix uses a lot of Java Options to start the client and I would like to reproduce this in Windows. I tried as command line paramaters when publishing or on the RDP App execution path but with no success. This is a nice to have, not a must. Just pretty curious on how can this be managed.

Thanks again,

Dario

I facing a issue with ASDM jar. On the debug mode, everything run OK, the host/user/password are automatically completed. But TL script isn't loaded when directly connect to the remote app. I sure that the transparent login is enabled the policy. Help me troubleshoot this case.

Hi Chung,

Did you get any access denied warning or you just logged out? You have to publish the jar file. Do you have enabled the TL in the RDP App service?

I have this setup running in my environment, you need to publish javaw.Exe with arguments of asdm jar files, I am not online else would have shared the script, try to reach support they will give us the script.