I get the message "Error: Applet is not available!" when trying to open a connection to several target servers.

book

Article ID: 128423

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

After upgrading the PAM server to release 3.2.0 the following situation has been found:

If the users are authenticated by SAML when logging into the PAM Server, the following error message is displayed when trying to access any computer in their Access list, regardless of it is a SSH or RDP connection:

"Error: Applet is not available!"

Cause

The issue here is caused by a mismatch in the certificates. The default certificates, which are being used by SAML, were signed with the Full Qualified Domain Name.
Customer was trying to log in using the IP Address of the PAM Server instead of using its FQDN. This was 
causing a handshake exception.
In the PAM Client log file (logs.log) we found the following error message:
 
<yyyy-mm-dd hh:mm:ss> DEBUG - javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching <PAM Server FQDN> found.

 

Environment

PAM server 3.2.0.341 and PAM Server 3.2.2

Resolution

Clear the PAM Client cache.
Log in to the PAM Server from the PAM Client using the Fully Qualified Domain Name.

Additional Information

See how to Clear the PAM Client cache.