I get the message "Error: Applet is not available!" when trying to open a connection to several target servers.

Article Id: 128423

Status: Published

Updated On: 19-03-2019 03:38

Products:

CA Privileged Access Manager - Cloakware Password Authority (PA) , PAM SAFENET LUNA HSM , CA Privileged Access Manager (PAM) , CA Privileged Access Manager (PAM)

Issue/Introduction:

After upgrading the PAM server to release 3.2.0 the following situation has been found:

If the users are authenticated by SAML when logging into the PAM Server, the following error message is displayed when trying to access any computer in their Access list, regardless of it is a SSH or RDP connection:

"Error: Applet is not available!"

Cause:

The issue here is caused by a mismatch in the certificates. The default certificates, which are being used by SAML, were signed with the Full Qualified Domain Name.
Customer was trying to log in using the IP Address of the PAM Server instead of using its FQDN. This was causing a handshake exception.
In the PAM Client log file (logs.log) we found the following error message:

<yyyy-mm-dd hh:mm:ss> DEBUG - javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching <PAM Server FQDN> found.

Environment:

PAM server 3.2.0.341 and PAM Server 3.2.2

Resolution:

Clear the PAM Client cache.
Log in to the PAM Server from the PAM Client using the Fully Qualified Domain Name.

Additional Information:

See how to Clear the PAM Client cache.