Unable to Access PAM Web Services
Article ID: 128537
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
PAM SAFENET LUNA HSM
CA Privileged Access Manager (PAM)
Issue/Introduction
When you create a policy for an user group to access a web service, you may find that you are not ableĀ Our customer was not able to access it. However, However, it works just fine when you configure a single user to access the web service.
The on-screen error reads:
This site can't be reached
The webpage at https://xxx.xxx.xx.xxx/ might be temporarily down or it may have moved permanently to a new web address.
In your Session log you will see this:
PAM-CMN-1043: CA PAM denied web portal HTTPS's connection to host 172.16.244.33 because it does not match an entry in the web portal's access list.
The on-screen error reads:
This site can't be reached
The webpage at https://xxx.xxx.xx.xxx/ might be temporarily down or it may have moved permanently to a new web address.
In your Session log you will see this:
PAM-CMN-1043: CA PAM denied web portal HTTPS's connection to host 172.16.244.33 because it does not match an entry in the web portal's access list.
Cause
The access list in TCP/UDP service is empty (by default). As long as the policy is defined with individual user, the access is allowed with empty access list but PAM mandates the access list when user group is associated with the policy.
Environment
PAM 3.x
Resolution
Add * in the access list on the web portal service page.
Feedback
Yes
No
Powered by
