This article covers the following use case

* A web portal service is defined in pam to connect to a given web portal. Say https://example.com/index.html

* Access to this web portal is possible with two kinds of users: [email protected], and [email protected]

* So basically example2.com is federated with example.com so that users in example2.com may access https://example.com/index.html

Under these circumstances, the expected behavior would be that when accessing https://example.com/index.html and specifying [email protected], since both domains are federated, the customer would be redirected to the applications in example.com on successful authentication

This is not happening: access to portal example.com using [email protected] works fine, but using [email protected] one gets an error that SAML2 could not be found and the access fails

CA PAM several versions up to 4.1.6

This may be caused by having a proxy defined in the network and not having Web portal traffic go through it. When the authentication to the same domain is done, it works as it may go through the initial pam connection through proxy, but connecting to a second domain may make it try to reach the final web site directly and this may not be allowed if there is a systems proxy that forces connection through it.

1. Find out what system proxy your organization is running. 

To find the system proxy on a Windows machine, you can follow these steps:

1. Open the Command Prompt as an administrator.
2. Type"netsh winhttp show proxy" and press Enter.
3. The proxy server details will be displayed.

Alternatively, you can also find the proxy settings through the Internet Options menu:

1. Press the Windows key to open the Start menu.
2. Type “Internet Options” in the search bar and press Enter.
3. Switch to the Connections tab and click on LAN settings.
4. The proxy server details will be displayed.

In CA PAM you may have to define such proxy. See documentation page Configure Web Proxy Definitions.