The Access list can be obtained by initially running the CA PAM Browser without a list, then examining the session logs for each access attempt that was blocked. An example of the log entry for blocked access is the following:
Message 19015: CA PAM denied web portal AWS Management Console SSO's connection to the host amazonwebservices.d2.sc.omtrdc.net because it does not match an entry in the web portal's access list.
Each host (in the above example, "amazonwebservices.d2.sc.omtrdc.net") that you want to allow access to should be included in the Access List field, one line per host. Exclude any hosts that pose security risks.
Alternatively, all hosts...
- for a particular domain may be permitted by entering an asterisk and the domain: *.example.com
- for all domains may be permitted by entering just an asterisk
NOTE: This is not a secure solution, but permits rapid activation of a web portal.