During login user's PIV Certificate is not populating in the PAM client
search cancel

During login user's PIV Certificate is not populating in the PAM client

book

Article ID: 245574

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

User's login is not possible as the user's PIV certificate does not get populated in the PAM client. Refer to the login screen below, note there is know PIV certificate to select for the login connection..

Background:

1. A new PIV card assigned to this user that cannot login.

2. A new PAM client was installed on the user's laptop.

 

Environment

Release : 3.x, 4.x

Component :

Cause

Possible causes:

a. PAM client installed on user's laptop in a filesystem location where the user does not have required write privileges.

b. Use's laptop may not have all Trusted Root certificates

c.. May need to update the certificate chain in the PAM appliance as User's PIV certificate may be using a newer CA certificate that is not currently trusted by PAM.

 

 

Resolution

The user had installed the PAM client in the windows "Program Files" location where PAM did not have appropriate write privileges. Once the PAM client was re-installed in user's user profile location the issue was resolved as PIV certificate to establish the user's identity is populated and is selectable for login.

Additional Information

None.