I get the message "Error: Applet is not available!" when trying to open a connection to several target servers.
Article ID: 128423
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
PAM SAFENET LUNA HSM
CA Privileged Access Manager (PAM)
Issue/Introduction
After upgrading the PAM server to release 3.2.0 the following situation has been found:
If the users are authenticated by SAML when logging into the PAM Server, the following error message is displayed when trying to access any computer in their Access list, regardless of it is a SSH or RDP connection:
"Error: Applet is not available!"
If the users are authenticated by SAML when logging into the PAM Server, the following error message is displayed when trying to access any computer in their Access list, regardless of it is a SSH or RDP connection:
"Error: Applet is not available!"
Cause
The issue here is caused by a mismatch in the certificates. The default certificates, which are being used by SAML, were signed with the Full Qualified Domain Name.
Customer was trying to log in using the IP Address of the PAM Server instead of using its FQDN. This was causing a handshake exception.
In the PAM Client log file (logs.log) we found the following error message:
Customer was trying to log in using the IP Address of the PAM Server instead of using its FQDN. This was causing a handshake exception.
In the PAM Client log file (logs.log) we found the following error message:
<yyyy-mm-dd hh:mm:ss> DEBUG - javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching <PAM Server FQDN> found.
Environment
PAM server 3.2.0.341 and PAM Server 3.2.2
Resolution
Clear the PAM Client cache.
Log in to the PAM Server from the PAM Client using the Fully Qualified Domain Name.
Log in to the PAM Server from the PAM Client using the Fully Qualified Domain Name.
Additional Information
See how to Clear the PAM Client cache.
Feedback
Yes
No
Powered by
