search cancel

I can't get "Single Sign-On" together with CA PAM to work when CA PAM Client is used

book

Article ID: 8786

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)

Issue/Introduction

We have integrated CA PAM with CA Advance Authentication (CA AA) via SAML, where CA AA id the Identity Provider and CA PAM is the Resource Provider.

When the CA PAM UI is opened in a Web Browser then everything works fine. 
However when using the CA PAM Client a problem is seen.

It may be observed that when clicking on "Single Sign-On" button basically the CA AA part of the integration executes well.
But after the authentication occurs, when the UI returns back to the CA PAM then a page with errors appears. 

Environment

All PAM Releases

Cause

The CA AA id the Identity Provider was responding to the PAM FDQN but the user was logged in to the PAM Client using the PAM IP. 

The browser was working because they were using  FQDN.

Resolution

Login to CA PAM Client or browser using the IP or FQDN as configured in the CA AA Identity Provider.

Attachments

1558700711806000008786_sktwi1f5rjvs16k8p.jpeg get_app