We are trying to setup a TCP/UDP service with application protocol "Web Portal" to allow PAM users to connect to a web portal through PAM with auto-logon. The web portal URL is fixed. But when we enter the correct URL in the Launch URL field under the "Basic Info" tab and try to save the service, we get error "Invalid value specified for Launch URL". Initially we thought that maybe the URL is too long, but when we removed all parameters just for testing, we still got the error.

What is a valid Launch URL for a Web Portal service?

PAM 3.x and 4.x

A TCP/UDP service can be assigned to multiple devices. Therefore PAM does not accept a hard-coded URL as Launch URL. It has to include a variable that will PAM allow to connect this service to the address of the device that the service is assigned to. Valid formats are:

1. http[s]://<Local IP>[/.*]
You can use this if your web service listens on the default HTTP or HTTPS port.
2. http[s]://<Local IP>:<First Port>[/.*]
Use this if you configure the Port field as <target device web portal port>, or <target device web portal port>:<local port that the PAM agent is listening on for this service> (example 443:44443, 443:*). This is the most commonly used format.
3. http[s]://127.x.y.z[/.*]
Connect to a local service.

This is not counting built-in services for AWS or Office 365 integration.
When you assign the service to a device and then create a policy between a user and a device, when the user launches the Web Portal, PAM will connect the user to the specified URL, with <Local IP> replaced by the device address in case 1, or <Local IP>:<First Port> replaced by the device address and first port specified in the Ports field in case 2.