Loading Applet in the Access Page from Browser

book

Article ID: 132094

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

When accessing PAM using a browser, the "Access" page shows "Loading Applet" and does not complete.

Cause

The root cause of the issue is not having the java installed on the local machine where CA PAM is installed. After CA PAM Browser login from IE (the only browser still with NPAPPI support which is required for the applets), java plays an important role to load the applets in the Access Page. Also, it depends on the Bitness of the browser and Java.

Environment

3.x all Versions

Resolution

Java Plugin is required on the browser to load the Java Applets and this is a prerequisite.

1) Is Java Runtime installed on the client machine connecting to PAM server.
If the Java Runtime is installed and if you are still encountering the same issue then it is possible the Java Runtime is not recognized by the Browser.
One reason could be if the bitness do not match. For example, if you have 64bit Browser and have 32bit Java installed, the Browser may not load the 32bit Java Plugin.

2) Is Java Plugin Enabled(Allowed) in the browser?
You can check if the Java Plugin is enabled by accessing this link. https://www.java.com/en/download/installed.jsp


You may need to contact your IT department if the Java Plugin is enabled but does not can check if Java is enabled by going to the Verify Java Version page." To resolve this, One should approach their Administrator and ask them to enable the Java for IE Browser because due to GPO policies and restrictions at their Machine level.

 

3) Java Security Level
Due to the changes in the security enforcement in Java itself, it is common to find certain sites need to be added in the exception list.
Add PAM Server URL to the exception list.



Note:
After Enabling Java, Access Page is loaded and able to see all the configured Devices but when you click on any Device to access or to launch, sometimes, you see the error, 


"Error: PAM-UI-1202 : Error getting Access Credentials: LiveConnect call for Applet ID(any value) is not allowed in this JVM instance."

To avoid this above error, follow the below steps i.e.,
  • In Internet Explorer, select Tools > Internet Options and in the dialog that opens, select Security. Select Internet and select Custom Level. 
  • Scroll to the option called Display mixed content and change it from Prompt to Enable. Click OK and confirm that you want to change this setting 
  • Add  IP or host name in the exception list of control panel->java->security
  • Login to the CA PAM, Go the configuration, In the Configuration > Security > Certificates > In Sign Applets Tab, resign the applets with the correct PAM Domain and sign applets.




If all above have been checked but still unable to load the Applet then you may need to contact your IT department for assistance.
At times it is the GPO that restricts certain set of machines from launching applications.
Whether a Java Applet can run on the client machine or not is dependent on the client machine settings.

In case if the PAM Server's Java Applet is causing problem and refusing to load, customer can collect Java Console logs and submit for review.

Additional Information

How to take the java console logs? 
Control panel->java->Advanced, select enable logging,tracing, show applets and select show console radio button 
after that try to login to PAM and access web portal in the Access Page. it will open a pop up and log all requests there. 
Copy the logs from that window and attach that log file to the case.
https://communities.ca.com/docs/DOC-231182850-ca-pam-platform-support-matrix-v321)

KB for PAM 2.8.x
https://knowledge.broadcom.com/external/article?articleId=13314

Attachments

1559050818885000132094_sktwi15okjw4363ba.jpeg get_app
1559050816813000132094_sktwi15okjw4363b9.jpeg get_app
1559050814819000132094_sktwi15okjw4363b8.jpeg get_app
1559050812367000132094_sktwi15okjw4363b7.jpeg get_app