search cancel

Publishing Web Portals that are not compatible with CA PAM Browser


Article ID: 105668


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)


We need to protect a set of Web Portals, and use Auto Login on them. When we try to publish it using CA PAM Browser, we cannot use the Web Portals as the Auto Login does not work. Those Web Portals are based on JavaScript and/or Flash and they are not working correctly on CA PAM Browser.


Component: CAPAMX


We have seen similar issues like this one and, for those customers, the solution was to use Microsoft Internet Explorer (or other Browser) published as a RDP Application, and configure Transparent Login for it. Please find below a set of instructions on how to do it:

1. Publish Internet Explorer (or your preferred Browser) in the RDP Collection, so it can be used by PAM; 
2. Create the RDP Application to run the browser; 
3. Execute the Learn Mode to generate a script to inject the credentials using Keystrokes. The resulting script would be similar to this: 

<window id=""> 
<inputfreeze action="enable"/> 
<sleep time="2000"/> 
<click x="126" y="115"/> 
<send id="window" username="true"/> 
<click x="128" y="139"/> 
<send id="window" password="true"/> 
<click x="50" y="347"/> 
<inputfreeze action="disable"/> 

4. Link the Transparent Login Script and an Account to the RDP Application. It requires the window title - if the page is omitting its title, then the window title would be one of the following: 

- Just the browser name; 
- An empty space followed by a dash and the browser name (for example " - Microsoft Internet Explorer" - without the quotes); 
- The web page file name followed by a dash and the browser name (for example "form.html - Microsoft Internet Explorer" - without the quotes). 

Please note that the script is configured to do keystrokes based on axis positioning (X and Y axis), so you must ensure that the browser window always start maximized to avoid misplacement of the cursor. Also, this script prevents user input while the Transparent Login is running, to avoid users intentionally misplacing the cursor to gain access to the password.