search cancel

Web Portal with long service name fails if Route Through CA PAM is checked

book

Article ID: 229772

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

We are having trouble with a Web Portal TCP service. When the "Route Through CA PAM" ("Route Through Symantec PAM" for 4.0) option is checked, it doesn't load. A new PAM browser window is launched but just shows "Loading". When the option is unchecked, the portal loads without problem. But long term we want to block direct access to the Web Portal and require routing through PAM. We have other similar Web Portal services that do not have this problem. The one with the problem has a longer service name.

Environment

Release : 3.4.X and 4.0.X (all supported releases as of Dec 2021)

Component : PRIVILEGED ACCESS MANAGEMENT

Cause

PAM saves a string including the service name in a database table holding information on current connections to target devices. The size of this string currently is limited to 100 characters. 51 characters are used for a substring other than the service name. This causes the problem described above when the service name exceeds 49 characters.

Resolution

For the time being, limit your service names to less than 50 characters. Short names are preferred anyway since longer names likely will be truncated on the access page.

As of January 2022, a fix has been coded by PAM Engineering to resolve the problem in PAM 4.0.2 and future PAM releases.