I can't get "Single Sign-On" together with CA PAM to work when CA PAM Client is used

Document ID : KB000008786
Last Modified Date : 22/06/2018
Show Technical Document Details
Issue:

We have integrated CA PAM with CA Advance Authentication (CA AA) via SAML, where CA AA id the Identity Provider and CA PAM is the Resource Provider.

When the CA PAM UI is opened in a Web Browser then everything works fine. 
However when using the CA PAM Client a problem is seen.

It may be observed that when clicking on "Single Sign-On" button basically the CA AA part of the integration executes well.
But after the authentication occurs, when the UI returns back to the CA PAM then a page with errors appears. 

 

SSO_Error_Client.jpg

Environment:
All PAM Releases
Cause:

The CA AA id the Identity Provider was responding to the PAM FDQN but the user was logged in to the PAM Client using the PAM IP. 

The browser was working because they were using  FQDN.

Resolution:

Login to CA PAM Client or browser using the IP or FQDN as configured in the CA AA Identity Provider.