Symantec Privileged Access Management

  • 1.  Transparent Login Config Examples....

    Posted May 30, 2017 12:07 PM

    Hello,

     

    As there are 3 examples of this in the PAM (MS SSMS 2008, PuTTY & WinSCP) are there any more examples available from people on here or that CA have seen that could be shared in one place on here potentially?

     

    I know they may not work straight away in everyone's environments but may give people like myself a place to start?

     

    Just a thought as I have only just stumbled across this feature today after reading this:

     

    https://communities.ca.com/ideas/235732880-allow-configuration-of-jx-browser-within-ca-pam

     

    And then this:

     

    https://communities.ca.com/message/241964517-transparent-login-for-client-checkpoint

     

    Sorry if this has been covered elsewhere :-)



  • 2.  Re: Transparent Login Config Examples....

    Posted May 30, 2017 07:20 PM

    Hi Marcus.

     

    The sample transparent login config scripts provided are designated for the common applications.

     

    Just wondering, if you are seeking transparent login config for a specific application in mind.

     

    Thank you.



  • 3.  Re: Transparent Login Config Examples....

    Posted May 31, 2017 04:01 AM

    Morning

     

    We have the issue with the McAfee NSM and pop up blockers which led me to the first thread, but we also have a number of other 'Thick' client applications that we haven't got routing through the PAM yet and was hopeful this could be a way of getting those to work, just starting to read up on the transparent login config now to see what it can offer really as its new to me

     

    Thanks



  • 4.  Re: Transparent Login Config Examples....

    Broadcom Employee
    Posted May 31, 2017 07:41 AM

    Hi Marcus

    We don't have a common repository for TL configurations, unfortunately. For TL each application is- in a way- a world of its own. For instance: for most java applications you have to use keystrokes and mousecliks, or take into account the size of the screen.

     

    Do you have some more specifics of the problems you have ?



  • 5.  Re: Transparent Login Config Examples....

    Posted Jul 05, 2017 07:13 AM

    Afternoon

     

    Just started looking at this, but need to get my theory right to get SSO working !!

     

    My theory is I need to access the NSM web based URL's via a Windows Terminal server, I assume that whichever credentials are being used to access the Terminal Server need to be the same credentials that are being used on the NSM. So can't be an AD account to get onto the server and then an NSM local account to logon to the NSM url?

     

    So first thing I have done (Fallen at the first hurdle!) is create an RDP application for Internet Explorer with the launch path being where this is located on the Terminal Server, I haven't done anything with TLS yet!

     

    I then set this up as a service on the Terminal Server and created a policy for it, but I get an error - Access is denied. This initial program cannot be started.

     

    So not got as far as any TLS activity yet, or do I need to have that in place for Internet Explorer for this to start?

     

    Any advice would be great for anyone that has got a browser working via TLS.



  • 6.  Re: Transparent Login Config Examples....

    Posted May 11, 2018 01:49 PM

    Please see below latest working TLC script for MS SQL Management Studio 2016 (SSMS). Note the REGEXP in front of CLASS, backslash (\) in front of (.) and (.*)? after "app". This is to accommodate ever changing value of app ID resulting of script not able to execute.

     

     

    <window id="">
    <combobox id="[REGEXPCLASS:WindowsForms10\.COMBOBOX.app(.*)?; INSTANCE:2]" type="text" value="ec2-54-86-157-250.compute-1.amazonaws.com"/>
    <combobox id="[REGEXPCLASS:WindowsForms10\.COMBOBOX.app(.*)?; INSTANCE:3]" type="index" value="1"/>
    <edit id="[CLASS:Edit; INSTANCE:2]" username="true"/>
    <edit id="[REGEXPCLASS:WindowsForms10\.EDIT.app(.*)?; INSTANCE:1]" password="true"/>
    <click id="[REGEXPCLASS:WindowsForms10\.BUTTON.app(.*)?; INSTANCE:1]"/>
    </window>