Symantec Privileged Access Management

PAM 3.3.3

Web Portal load quickly manually in browser

Using PAM client. - the web page fails to load

Chris, Are you saying that the Web Portal loads quickly when you use a browser outside of PAM, or when you connect to PAM using a browser (IE) rather than the PAM client? Do you see any messages in the session logs when the web page fails to load?
Original Message:
Sent: 09-23-2020 11:20 AM
From: Chris Scott
Subject: CA PAM Web portal login works for some users / fails for others

PAM 3.3.3

Web Portal load quickly manually in browser

Using PAM client. - the web page fails to load

Resolved:

What does not work
The same version of vCenter in two different data centers.
1 TCP Service with vCenter URL
1 Device Group with both devices in it with TCP Service
1 Policy for device group

When I do a learn against site 1 web portal, then the automatic login for site 1 completes, but the automatic login for site 2 just sits at "login" tab 
When I do a learn against site 2 web portal, then the automatic login for site 2 completes, but the automatic login for site 1 just sits at "login" tab

What does work
The same version of vCenter in two different data centers.
2 Identical TCP services with vCenter URL (except name of service)
2 Device Groups, one for each site with its own respective TCP service
2 Policies, one for each device group (same PAM account)  

When I do a learn against site 1 web portal, then the automatic login for site 1 completes 
When I do a learn against site 2 web portal, then the automatic login for site 2 completes


Original Message:
Sent: 09-23-2020 05:00 PM
From: Ralf Prigl
Subject: CA PAM Web portal login works for some users / fails for others

Chris, Are you saying that the Web Portal loads quickly when you use a browser outside of PAM, or when you connect to PAM using a browser (IE) rather than the PAM client? Do you see any messages in the session logs when the web page fails to load?
Original Message:
Sent: 09-23-2020 11:20 AM
From: Chris Scott
Subject: CA PAM Web portal login works for some users / fails for others

PAM 3.3.3

Web Portal load quickly manually in browser

Using PAM client. - the web page fails to load

Glad you figured it out. 

The problem with service reuse is when the URL's that the login processes return are different, it behaves as you were seeing. 

Essentially learning tells PAM to inject credentials or click a button or whatever when it sees a page with URL X... if it never sees that URL, then the script will not complete.

I have often wished we could edit the learn scripts directly and use regex to identify pages, form elements, etc.  There are some sites/apps that the learn tool just will not work for due to urls or element names that change or unusual user interaction requirements.

Original Message:
Sent: 09-24-2020 08:56 AM
From: Chris Scott
Subject: CA PAM Web portal login works for some users / fails for others

Resolved:

What does not work
The same version of vCenter in two different data centers.
1 TCP Service with vCenter URL
1 Device Group with both devices in it with TCP Service
1 Policy for device group

When I do a learn against site 1 web portal, then the automatic login for site 1 completes, but the automatic login for site 2 just sits at "login" tab 
When I do a learn against site 2 web portal, then the automatic login for site 2 completes, but the automatic login for site 1 just sits at "login" tab

What does work
The same version of vCenter in two different data centers.
2 Identical TCP services with vCenter URL (except name of service)
2 Device Groups, one for each site with its own respective TCP service
2 Policies, one for each device group (same PAM account)  

When I do a learn against site 1 web portal, then the automatic login for site 1 completes 
When I do a learn against site 2 web portal, then the automatic login for site 2 completes


Original Message:
Sent: 09-23-2020 05:00 PM
From: Ralf Prigl
Subject: CA PAM Web portal login works for some users / fails for others

Chris, Are you saying that the Web Portal loads quickly when you use a browser outside of PAM, or when you connect to PAM using a browser (IE) rather than the PAM client? Do you see any messages in the session logs when the web page fails to load?
Original Message:
Sent: 09-23-2020 11:20 AM
From: Chris Scott
Subject: CA PAM Web portal login works for some users / fails for others

PAM 3.3.3

Web Portal load quickly manually in browser

Using PAM client. - the web page fails to load