Michael,
You cannot test that the flash plugin is installed by using Chrome. Google Chrome has flash built into it, so it would not use the plugin at all. If you want to test the plugin you can install Chromium (
https://www.chromium.org/getting-involved/download-chromium), which is the open source foundation for Chrome, Microsoft Edge, Opera, and the PAM Browser.
You will also need to make sure you installed the right plugin. You would have had to get it from here:
https://get.adobe.com/flashplayer/otherversions/ and selected "FP 32 for Opera and Chromium - PPAPI"
I hope that helps get to the bottom of this.
Original Message:
Sent: 08-19-2019 11:44 AM
From: Michael Pass
Subject: CA PAM vSphere Web Client 6.0
Hi Ralf,
Thanks for your responses. Yes, we are using the wildcard for the Access List.
We were able to get the Vsphere client learn mode working by updating the Launch url to include "https://<Local IP>:<First Port>/vsphere-client/login".
We can actually do learn mode now and inject creds during login.
The problem we see now is that flash doesn't appear to be loading into the PAM browser:
Original Message:
Sent: 08-16-2019 01:07 PM
From: Ralf Prigl
Subject: CA PAM vSphere Web Client 6.0
Michael, Does your Access List field look the same, i.e. do you also have the wildcard character in there to not limit which URLs the service can access? This does look though like you web server has additional security implemented that our instance doesn't have. It seems to block the right-click menu from coming up. The learn mode needs this. Hopefully whatever setting on the web server side blocks this can be relaxed temporarily to allow the Learn Mode to complete.
Original Message:
Sent: 08-16-2019 12:52 PM
From: Michael Pass
Subject: CA PAM vSphere Web Client 6.0
Hi Ed and Ralf... Thanks so much for your response.
We have set the service up similar to what you've attempted. The only difference is there isn't a requirement to "route through PAM", so that checkbox isn't checked (I don't believe that matters).
We are able to launch the browser but when trying "learn" the different fields, we get the following error:
We also have a different service for https://<Local IP>:<First Port>/ui and the learn tool works as expected.
Any information would be greatly appreciated.
Regards,
Michael Pass
Original Message:
Sent: 08-16-2019 12:37 PM
From: Edward Vogel
Subject: CA PAM vSphere Web Client 6.0
I have this working on my 3.3 system, with vSphere 6.7. Below is a screen capture of my service:
------------------------------
Principal Support Engineer
Broadcom
Original Message:
Sent: 08-15-2019 04:31 PM
From: Michael Pass
Subject: CA PAM vSphere Web Client 6.0
Hi Margaret,
Thanks for your response.
To provide more details:
- We are running PAM v3.3x in the test environment
- We are testing against VSphere client v6.5 and v6.7
Per the support matrix:
Any additional input would be greatly appreciated.
Regards,
Michael Pass
Original Message:
Sent: 08-15-2019 04:15 PM
From: Margaret Anttila
Subject: CA PAM vSphere Web Client 6.0
Hi Michael,
I did a quick test with PAM 3.2.4 and Vsphere client 6.7, and I get the same as you.
Since the page I get is expecting username and password, a colleague suggests we should be using HTML SSO and the Learn Mode.
I haven't tested this yet, and not sure if it is supported for the version you are on and Vsphere 6.5, but the docs also suggest this:
For Auto-Login Method, select the appropriate method, as described previously:
- CA PAM HTML Web SSO is best suited to websites that have user name and password entry fields. This method requires administrator configuration using the Learn Tool.
- CA PAM HTTP Web SSO is best suited to websites that receive user names and passwords programmatically, such as through Windows Authentication. This method does not require using the Learn Tool.
Regards,
Margaret
Original Message:
Sent: 08-15-2019 12:50 PM
From: Michael Pass
Subject: CA PAM vSphere Web Client 6.0
Hi all,
I'm working with a customer to implement auto login for vSphere Web Client 6.5.
I'm reference the product documentation:
https://docops.ca.com/ca-privileged-access-manager/3-1-4/en/implementing/provision-your-server/provisioning-devices/about-access-setup/create-tcp-udp-services/configure-automatic-login-to-web-portals/#ConfigureAutomaticLogintoWebPortals-vsphere6
Specifically the following:
Automatic Login to vSphere Web Client 6.0 Configuration
To configure automatic login to vSphere Web Client 6.0, use the following settings when completing the previous procedures:
Our service is configured as follows:
When we try to connect to VSphere client via Access Page, we see the client launch but credentials are not being injected.
Any idea on how to configure Auto-Login for VSphere client v6?
Thanks for any help that can be provided.
Michael Pass