Application SSO is not authorized when cmdctrl rule is placed as a child in hierarchy

  • 7023299
  • 23-Aug-2018
  • 23-Aug-2018

Environment

Privileged Account Manager 3.5

Situation

Application SSO does not work when the cmdctrl application rules are places as children to some parent cmdctrl rule:

> Rules
  > Application SSO - "Works"

> Rules
  > Parent rule without any condition criteria
    > Application SSO - "Does not work"


Application Single Sign-On (AppSSO): Remote App and Direct Access Modes

Remote App Mode:
Launching Application SSO session from User Console (MyAccess) reports the following:
FAILED TO LAUNCH THE SESSION
You are not authorized to access this remote desktop session

Direct Access Mode:
Run as privileged user launches app, but does not auto-fill privileged credentials.

Resolution

Application SSO requires that any parent rule(s) in Command Control need to have the following configuration:

  • Rule Condition: "command IN Application SSO"
  • Modify the rule so that "Application SSO" checkbox has "Yes" selected

Cause

Requirements for AppSSO on parent rules in Command Control hierarchy.

Status

Reported to Engineering

Additional Information

Example pseudocode for the parent rule(s):

Begin Rule :Application SSO
IF (command IN Application SSO)
THEN
       Set Application SSO : yes

       < Child AppSSO rules contained here >

END IF
END RULE :Application SSO