Thank you so much for your assistance Ralf. You saved the day for me. I want to give back to the community by posting this step-by-step procedure.
During PKI configuration if you find yourself unable to log back into PAM, use the config credentials to log back in and uncheck the “Login Page Without CAC” checkbox.
This happened to me and I wanted to document it to help others. I inadvertently put a check mark in the “Login Page Without CAC” option after uploading the root certificates and logged off to test. When I tried to login with my CAC, I couldn’t. I got an “Access Denied” error. Since I put a check mark in the “Login Page Without CAC” option, I no longer had the option to login with username and password and couldn’t even get back into PAM to uncheck it. My buddy Ralf of CA Technologies helped me get back in and uncheck it.
1) Navigate to the your PAM Server URL and add a /config at the end of it.
https://yourPAMservername/config/
2) Enter credentials
Username: config
Password: Use the password that was set by your PAM Admin. If you don’t have the password, try the default password which is config. If the config password doesn’t work, you can reset it from the VM.
3) Open the VM console. Scroll down to "Reset Password". Select OK to confirm action.
4) Once the config password has been reset, try to login to the config page again using the "config" for username and "config" for password without the quotes
5) Click Config and go to the Security tab
6) Uncheck “Login Page Without CAC” and click update. Then logoff and you’re all set!