muhammadnoman Trusted Contributor.
Trusted Contributor.
926 views

PAM AppSSO not entering credentials in Application

Hi Everyone,

I have configured AppSSO in PAM to access WinSCP as a RemoteApp but when trying to access RemoteApp via /pam(/myaccess) page, RDP connection opened automatically
and WinSCP app also within it but I dont know why credentials are not entered automatically by PAM.

While I have configured Account Domain for Appsso in credential vault, created rule and followed the documentation and performed all the prerequisites, Is there any special configuration
required for credentials to be entered by PAM automatically?

screen shot of appsso Credential Vault is as below:

https://pasteboard.co/HABW0Yd.png
https://pasteboard.co/HABYuWh.png

I just have only one RemoteApp server.

Please help.. I am stuck at this point and want to test this awesome feature of PAM.

Thanks
0 Likes
4 Replies
Micro Focus Expert
Micro Focus Expert

Re: PAM AppSSO not entering credentials in Application

So you are saying that RemoteApp published apps are launching correctly from PAM User Console, but the credential fill feature is not happening, correct?

Can you provide screenshots of how you have these cmdctrl rules configured? Also please provide a screenshot of how you have them positioned in the hierarchy of cmdctrl as well.
The configuration for this from PAM CmdCtrl perspective are the following: https://www.netiq.com/documentation/...l#t46m8uzps329
Note: If you can avoid nested rules with these, please do, otherwise, make special note of "If you are creating nested rules, ensure that you set the Application SSO to Yes in each and every rule in the nested hierarchy." (TID 7023299)

Are there Firewall(s) to be considered here (either network or Windows Firewall) ?
0 Likes
muhammadnoman Trusted Contributor.
Trusted Contributor.

Re: PAM AppSSO not entering credentials in Application

Hi tdharris,

Thanks for reply, appreciated.
Yes, the credential fill feature is not happening...

screenshot of AppSSO rule is below:
https://pasteboard.co/HCqRSfu.png

screenshot of hierarchy of cmdctrl:
https://pasteboard.co/HCqXx9j.png

I am not using nested rules.

Regards,
0 Likes
muhammadnoman Trusted Contributor.
Trusted Contributor.

Re: PAM AppSSO not entering credentials in Application

Hi tdharris,

Thanks for reply, appreciated.
Yes, the credential fill feature is not happening...

Note: we are not using any kind of firewall(either network or Windows Firewall) in this setup.

screenshot of AppSSO rule is below:
https://pasteboard.co/HCqRSfu.png

screenshot of hierarchy of cmdctrl:
https://pasteboard.co/HCqXx9j.png

I am not using nested rules.

Regards,
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: PAM AppSSO not entering credentials in Application

If the rdp session launches, then cmdctrl likely has authorized the session (can be verified by looking for 'cmdctrl request' statement in manager's unifid.log).

1) Can you provide a screenshot of the Rule Conditions for "WinSCP-remote" (i.e. not the Edit Rule view) ?
Should be "Command IN Application SSO" where that resolves to the Command being "<appsso>*"

2) Please verify in the Enterprise Credential Vault > Application SSO, that "WinSCP-remote" is used as both the Application Alias and Application Name. Please make sure these match exactly.

3) Disable any/all other rules in hierarchy except this one just for troubleshooting purposes.

4) CmdCtrl rule details:
- Session Capture: On, Video Capture: On, Authorize: Yes, Application SSO: Yes, "Stop if authorized"
- Make sure "Run Host" remains set to "All Hosts" for now
- Then try setting "Secondary Authentication" to "No"

5) Otherwise, perhaps DEBUG unifid.log from Manager and Agent may point to some issue when launching the session.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.