Symantec Privileged Access Management

Hi,

For one Web portal, user authentication prompt is popping up like dialogue box.  So using Web SSO HTML learning mode cannot mark the appropriate field for auto-login. CA Support confirmed that it cannot be done using PAM so suggested us to use jumphost for transparent login. Can anyone help how to configure transparent login so that users can do auto-login using jumphost ?

Thanks,

Hi,

Is it a public web site, so I can take a look?

Usually web pages login page does post some login form, and that is the part the this kind of login forms can be automated.
In some cases the form gets a nonce token, that makes it more difficult, but in general using some scripting language (like js) this can be automated.

Then there are web and visual automation tools, like the ones PAM supplies for Transparent Login (to be carried from the jump host), that can be used to simulate the human action introducing credentials, RPA technologies are leveraging that currently very successfully. You can choose your own automation tool if PAM supplied tool does not fulfil your needs, some name drops like AutoHotKey, Greasemonkey and other alike specialised on web automation.

The PAM supplied tool for the Jump Box, is started from the PAM UI, right selecting "learn mode", from a superuser on the access page on a Windows Machine (this is the jump box you need to prepare following up  PAM manual instructions to set up a specific app to be launched as a Terminal Server). Then you will get some graphical tools to prepare your login script: launch the app (in your case a web browser), click buttons, type username and password, click other buttons, wait, etc.  This is stored as a script you can even edit manually.  This way you will leverage a web browser in the Windows Terminal Server that is more stable and less subject to small changes that can distort the login script intent.

I know it is more work than the "web learn mode", but Jump Box "learn mode" is also powerful, and otherwise you still have options.

regards,

Original Message:
Sent: 11-08-2019 04:14 AM
From: vijayakumarc chandrasekaran
Subject: Transparent login to Web portal using jumphost

Hi,

For one Web portal, user authentication prompt is popping up like dialogue box.  So using Web SSO HTML learning mode cannot mark the appropriate field for auto-login. CA Support confirmed that it cannot be done using PAM so suggested us to use jumphost for transparent login. Can anyone help how to configure transparent login so that users can do auto-login using jumphost ?

Thanks,

Hello Eduard,

Thanks for your response. Actually it is a Blue Coat proxy web GUI. Herewith i attached the screenshot of the login page.

Thanks,
Vijay
Original Message:
Sent: 11-08-2019 05:05 AM
From: EDUARD Palomeras
Subject: Transparent login to Web portal using jumphost

Hi,

Is it a public web site, so I can take a look?

Usually web pages login page does post some login form, and that is the part the this kind of login forms can be automated.
In some cases the form gets a nonce token, that makes it more difficult, but in general using some scripting language (like js) this can be automated.

Then there are web and visual automation tools, like the ones PAM supplies for Transparent Login (to be carried from the jump host), that can be used to simulate the human action introducing credentials, RPA technologies are leveraging that currently very successfully. You can choose your own automation tool if PAM supplied tool does not fulfil your needs, some name drops like AutoHotKey, Greasemonkey and other alike specialised on web automation.

The PAM supplied tool for the Jump Box, is started from the PAM UI, right selecting "learn mode", from a superuser on the access page on a Windows Machine (this is the jump box you need to prepare following up  PAM manual instructions to set up a specific app to be launched as a Terminal Server). Then you will get some graphical tools to prepare your login script: launch the app (in your case a web browser), click buttons, type username and password, click other buttons, wait, etc.  This is stored as a script you can even edit manually.  This way you will leverage a web browser in the Windows Terminal Server that is more stable and less subject to small changes that can distort the login script intent.

I know it is more work than the "web learn mode", but Jump Box "learn mode" is also powerful, and otherwise you still have options.

regards,

Original Message:
Sent: 11-08-2019 04:14 AM
From: vijayakumarc chandrasekaran
Subject: Transparent login to Web portal using jumphost

Hi,

For one Web portal, user authentication prompt is popping up like dialogue box.  So using Web SSO HTML learning mode cannot mark the appropriate field for auto-login. CA Support confirmed that it cannot be done using PAM so suggested us to use jumphost for transparent login. Can anyone help how to configure transparent login so that users can do auto-login using jumphost ?

Thanks,

Some web pages will not allow you to specify the fields and submit button.  You can determine this with the Learn Tool.  The Control Viewer has several functions.  One of which is to identify the correct Window Title.  Sometimes, it will be different that what you see on the web page.  With Control Viewer open drag the Browse Tool to the window for the Web page you're trying to use, specifically to the username field, the password field or the submit button.  If the web page allows the fields and button to be accessed separately you will see a red border around each after the Browse Tool is dragged to it.  If not, you will see the red border around the whole page.  If this is the case you will have to use mouse clicks and/or text input tools.

------------------------------
Principal Support Engineer
Broadcom
------------------------------

Original Message:
Sent: 11-08-2019 04:14 AM
From: vijayakumarc chandrasekaran
Subject: Transparent login to Web portal using jumphost

Hi,

For one Web portal, user authentication prompt is popping up like dialogue box.  So using Web SSO HTML learning mode cannot mark the appropriate field for auto-login. CA Support confirmed that it cannot be done using PAM so suggested us to use jumphost for transparent login. Can anyone help how to configure transparent login so that users can do auto-login using jumphost ?

Thanks,

Here is a link to a Tech Tip I wrote some time back:  https://community.broadcom.com/HigherLogic/System/DownloadDocumentFile.ashx?DocumentFileKey=bf81ba77-ca87-41a9-89e1-8831c8de92a9&forceDialog=0.  It explains the basics of getting Windows Transparent Login working.

------------------------------
Principal Support Engineer
Broadcom
------------------------------

Original Message:
Sent: 11-08-2019 01:52 PM
From: Edward Vogel
Subject: Transparent login to Web portal using jumphost

Some web pages will not allow you to specify the fields and submit button.  You can determine this with the Learn Tool.  The Control Viewer has several functions.  One of which is to identify the correct Window Title.  Sometimes, it will be different that what you see on the web page.  With Control Viewer open drag the Browse Tool to the window for the Web page you're trying to use, specifically to the username field, the password field or the submit button.  If the web page allows the fields and button to be accessed separately you will see a red border around each after the Browse Tool is dragged to it.  If not, you will see the red border around the whole page.  If this is the case you will have to use mouse clicks and/or text input tools.

------------------------------
Principal Support Engineer
Broadcom

Original Message:
Sent: 11-08-2019 04:14 AM
From: vijayakumarc chandrasekaran
Subject: Transparent login to Web portal using jumphost

Hi,

For one Web portal, user authentication prompt is popping up like dialogue box.  So using Web SSO HTML learning mode cannot mark the appropriate field for auto-login. CA Support confirmed that it cannot be done using PAM so suggested us to use jumphost for transparent login. Can anyone help how to configure transparent login so that users can do auto-login using jumphost ?

Thanks,