Web Portal with PAM browser stops to appear when there is unmatch access list.


Article ID: 125334


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)


At the end user site, he considers to take the session recording with using the web console of the application named "DB Ace" that is released from the System Exe corp via PAM. 
When he tried to access the web console by using the CA PAM browser, it did not show up anything.(White screen) 

Then, the below log was updated. 

PAM-CMN-1043 = CA PAM denied web portal DBmaintenance2's connection to host fonts.googleapis.com because it does not match an entry in the web portal's access list. 

This product looks trying to get the CSS to the fonts.googleapis.com, he added the target domain to the access list, and it started to work. 

(1) When he did not set anythinig to the Access List, white screen appears on the "CA PAM browser". What the "CA PAM browser" stop all connection when the PAM-CMN-1043 occurs is a design? Is it possible to show up the screen by ignoring the contents by PAM-CMN-1043? 
*) When he uses the "Native browser"(IE11), even if it does not access the fonts.googleapis.com, the web screen shows up. 

(2) As per the written by #1, when it uses the "native browser", even if the fonts.googleapis.com cannot be accessed, the web console shows up. But when he uses the "native browser", may I understand it is impossible to remain the log and session log? Is there the way to remain the log when the native browser is used?

<Please see attached file for image>

Native Browser


CA Privileged Access Manager r3.x


When error occurs in the communication on the PAM Browser, it stops to appear the content, even if the Native Browser appears ignoring the error. What the PAM browser stops to show at the situation is a design.
And what the native browser does not remain the audit log, it is a design.


1558690883968000125334_sktwi1f5rjvs16gfa.jpeg get_app