I have got a setup of CA Single Sign-On and now I am trying to integrate CA Privileged Access Manager with the SSO. I have tried the steps given in the PAM Documents for the integration by creating "Application" at SSO end. However it is not working. First thing that I am confused about is that the resource needs to be "Unprotected" at SSO end as per the documentation. Then how would the user get the login page.
I have tried protecting it as well but still nothing happened.
Then I tried protecting PAM by creating Domain Objects (Domain, Rules, Realm, etc) and after that when I access the https://pamdns/index.php it is redirecting the User to the Login Page on the browser I can see that, however I am getting a 500 Internal server error.
I have checked the logs in CA PAM but no luck. Can anyone help me with some detailed steps for this integration?
To initiate Single Sign-On from PAM, click on the 'Single Sign-On' button when you get the PAM login prompt:
Java Applet will launch and you will be prompt to login from pamlogin.fcc:
If the Federation login failed, ensure that you are connecting using PAM FQDN, check the logs from both ends and run a Test from Config >> Security:
My apologies, I have jumped the gun earlier, presuming that you are using CA SSO as identity authentication to CA PAM.
Looks like the confusion is with the following step:
In the Default Resource Protection field, select Unprotected.
It should be ‘Protected’ (default settings).
I have corrected the documentation in source. The public doc will be updated shortly. Sorry for the misinformation!
Thank you Tim for the correction. Also please include some information with the screen shots if possible.
First of all thank you for the information.
I see the problem now. When I open my PAM Client, I actually don't see the SSO option only. Do you have any idea is I am missing some configurations?
However in the SSO configuration I see the SSO is enabled. Bit confused why I am not able to see the SSO option. Tried uninstalling and reinstalling the client.
I have inserted the images for your quick reference.
There are two areas which CA SSO can be involved (three if you include using CA SSO as Radius Server):
I would request you to please share some document if possible for the step by step configurations. I am kind of stuck.
Tech Tip - CA Privileged Access Manager: Use CA Single Sign-On as Identity Authentication to CA PAM