How to get extended debug information from the CA PAM Client or PAM browser
search cancel

How to get extended debug information from the CA PAM Client or PAM browser

book

Article ID: 266918

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Both the CA PAM Client and PAM Browser components are based upon the jxbrowser java browser which is in fact a Chromium browser

When launched in both instances (PAM client or even PAM browser) no debug information is provided either to the console or to the PAM Client

This article provides a way to start the PAM Client and any subsequent PAM browser so that more debug information is provided

Environment

CA PAM all releases

Resolution

To obtain extended debug, there are a set of options one can use. To set this up you can do the following

  • Set the following environment variable REMOTE_AUTO_TEST_PORT=9998  (other port numbers are also possible)
  • Run the following command in a cmd

"C:\<PAM-Client-ROOT-DIR>\CAPAMClient.exe"  -debug -debugBuild -console -devMode -notCombined -notMinified

When the CA PAM client is launched in this way, it will open a Dev Tools-like interface where it will be possible to track the http traffic through the PAM client or jxbrowser. The extended debug will be sent to the PAM Client log as well as the console.

The list of options given is the full one. However, please note that unless you are troubleshooting REST API call or extjs issues, the  -notCombined -notMinified options are not required. Not specifying them will on the other hand improve performance and it will avoid capturing unwanted requests.

Another thing to note: when starting the CA PAM Client in debug in this way, a chromium F12/Developer tools-like window should open where you can capture the traffic. Note however that if you intend to capture traffic for a Web Portal issue, you need to close this Developer-tools like window before you call the actual Web portal application: once this is done, a new like window will appear where you will be able to capture the said traffic.

Not doing so will just keep sending the specific CA PAM Client traffic to the web interface, so you will end up not capturing any traffic at all from the Web portal access

A final note: it is advisable to enable as well Applet Debug when troubleshooting such cases. This will throw additional messages into the CA PAM Client log which may complement the result of this extended debug

Powered by Wolken Software