We have integrated CA PAM with CA Advance Authentication (CA AA) via SAML, where CA AA id the Identity Provider and CA PAM is the Resource Provider.
When the CA PAM UI is opened in a Web Browser then everything works fine.
However when using the CA PAM Client a problem is seen.
It may be observed that when clicking on "Single Sign-On" button basically the CA AA part of the integration executes well.
But after the authentication occurs, when the UI returns back to the CA PAM then a page with errors appears.
The CA AA id the Identity Provider was responding to the PAM FDQN but the user was logged in to the PAM Client using the PAM IP.
The browser was working because they were using FQDN.
Login to CA PAM Client or browser using the IP or FQDN as configured in the CA AA Identity Provider.