Missing documentation for runtime tokens in CA PAM documentation
search cancel

Missing documentation for runtime tokens in CA PAM documentation


Article ID: 15072


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)


When defining TCP/UDP services we can make use of several runtime tokens like "<Local IP>" and "<First Port>". These are shown in examples, but there is no documentation that would tell us which parameters are available and what they resolve to. What tokens are available for use in the client application string, or in the launch URL for Web Portals?


Release: PAMDKT99500-2.8-Privileged Access Manager-NSX API PROXY


The following case insensitive tokens are available as of CA PAM 2.8.2:

<Local IP> - The local IP as specified in the "Local IP" section of the service.

<First Port> - The first port defined in the "Port(s)" field of the service. If the port is defined as a <remote port>:<local port> pair, this token resolves to the local port value, i.e. the number after the colon character. 

<Second Port> - The second port in the "Port(s)" field, if it contains two entries separated by a space character. For number pairs separated by a colon the token resolves to the second number like for the <First Port> token.

<USER> - Name of the target account when an account is configured for auto-logon in the user (group) <-> device (group) policy that grants access to this service.

<PASSWORD> - Password of the target account configured for auto-logon.

<Device Name> - Name (not address) of the device that is accessed using this service. This token is new in 2.8.2 and not available in prior releases.


The following is an example of a Client Application string for a service running a local WinSCP executable that uses most of the available tokens. It the service is defined as shown in the image below, <Local IP> will resolve to and <First Port> to 13222.

"C:\Program Files (x86)\WinSCP\WinSCP.exe" sftp://<User>:<Password>@<Local IP>:<First Port> /sessionname=<Device Name>

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKe4AAG" alt="WinSCP_Service.jpg" width="937" height="276">


1558717941881000015072_sktwi1f5rjvs16ur5.jpeg get_app