Publishing Web Portals that are not compatible with CA PAM Browser

book

Article ID: 105668

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

We need to protect a set of Web Portals, and use Auto Login on them. When we try to publish it using CA PAM Browser, we cannot use the Web Portals as the Auto Login does not work. Those Web Portals are based on JavaScript and/or Flash and they are not working correctly on CA PAM Browser.

Environment

Release:
Component: CAPAMX

Resolution

We have seen similar issues like this one and, for those customers, the solution was to use Microsoft Internet Explorer (or other Browser) published as a RDP Application, and configure Transparent Login for it. Please find below a set of instructions on how to do it:

1. Publish Internet Explorer (or your preferred Browser) in the RDP Collection, so it can be used by PAM; 
2. Create the RDP Application to run the browser; 
3. Execute the Learn Mode to generate a script to inject the credentials using Keystrokes. The resulting script would be similar to this: 

<window id=""> 
<inputfreeze action="enable"/> 
<sleep time="2000"/> 
<click x="126" y="115"/> 
<send id="window" username="true"/> 
<click x="128" y="139"/> 
<send id="window" password="true"/> 
<click x="50" y="347"/> 
<inputfreeze action="disable"/> 
</window> 

4. Link the Transparent Login Script and an Account to the RDP Application. It requires the window title - if the page is omitting its title, then the window title would be one of the following: 

- Just the browser name; 
- An empty space followed by a dash and the browser name (for example " - Microsoft Internet Explorer" - without the quotes); 
- The web page file name followed by a dash and the browser name (for example "form.html - Microsoft Internet Explorer" - without the quotes). 

Please note that the script is configured to do keystrokes based on axis positioning (X and Y axis), so you must ensure that the browser window always start maximized to avoid misplacement of the cursor. Also, this script prevents user input while the Transparent Login is running, to avoid users intentionally misplacing the cursor to gain access to the password.