Unable to Access PAM Web Services

book

Article ID: 128537

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

When you create a policy for an user group to access a web service, you may find that you are not ableĀ  Our customer was not able to access it. However, However, it works just fine when you configure a single user to access the web service.

The on-screen error reads:
This site can't be reached
The webpage at https://xxx.xxx.xx.xxx/ might be temporarily down or it may have moved permanently to a new web address.

In your Session log you will see this:
PAM-CMN-1043: CA PAM denied web portal HTTPS's connection to host 172.16.244.33 because it does not match an entry in the web portal's access list.

Cause

The access list in TCP/UDP service is empty (by default). As long as the policy is defined with individual user, the access is allowed with empty access list but PAM mandates the access list when user group is associated with the policy.

Environment

PAM 3.x

Resolution

Add * in the access list on the web portal service page.