Problems configuring autoconnect to web applications from PAM
Article ID: 100017
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
CA Privileged Access Manager (PAM)
Issue/Introduction
We are having issues when attempting to use autoconnect to connect to web applications such as Datadomain and Airwave devices from PAM.
Environment
Release:
Component: CAPAMX
Component: CAPAMX
Resolution
Devices such as Datadomain and Airwave are accessed via a browser. This requires a web portal be created as a first step. For the Datadomain the service should be set as follows:
Launch URL: https://<Local IP>:<First Port>
Browser type: PAM Browser
Access List: *, or whatever limitations you wish to assign
Application Protocol: Web Portal
Auto Login Method: HTML Web SSO
Ports: 443
With this service assigned to a datadomain device, and policy(with an appropriate target account assigned) you will be able to identify the UserID, Password and Submit button locations in Learn Mode. Once this is all done autoconnect to the datadomain device will be possible.
In theory, autoconnect to the Airwave would work in the same way. In practice we have found that the code of the Airwave login page does not allow for automated insertion of UserID and Password. Javascript via jQuery has capability to check if the original event, for instance a click event, was triggered by a 'human' (detected via mouse interaction) or not. Some web applications, such as Airwave apparently, incorporate such functionality to prevent any data submission to a server that is triggered by script. So although the click() function has been called, the page won't allow the data to be submitted to the server. This was confirmed by Engineering using Selenium (a framework for automating web testing), outside of PAM. In short, some web pages will not allow for automated logins.
Launch URL: https://<Local IP>:<First Port>
Browser type: PAM Browser
Access List: *, or whatever limitations you wish to assign
Application Protocol: Web Portal
Auto Login Method: HTML Web SSO
Ports: 443
With this service assigned to a datadomain device, and policy(with an appropriate target account assigned) you will be able to identify the UserID, Password and Submit button locations in Learn Mode. Once this is all done autoconnect to the datadomain device will be possible.
In theory, autoconnect to the Airwave would work in the same way. In practice we have found that the code of the Airwave login page does not allow for automated insertion of UserID and Password. Javascript via jQuery has capability to check if the original event, for instance a click event, was triggered by a 'human' (detected via mouse interaction) or not. Some web applications, such as Airwave apparently, incorporate such functionality to prevent any data submission to a server that is triggered by script. So although the click() function has been called, the page won't allow the data to be submitted to the server. This was confirmed by Engineering using Selenium (a framework for automating web testing), outside of PAM. In short, some web pages will not allow for automated logins.
Feedback
Yes
No
Powered by
