🧩 Usage Example

Users within the company work on a network that can only access the Internet due to security policies. However, the intranet application at https://test.domain.com , which is an internal resource, is only open to the company's intranet network , and user devices cannot access this resource directly .

👉 At this point, PAM360 HTTPS Gateway Server steps in and establishes a secure and auditable HTTPS bridge (proxy) between users and this application open to the internal network.
In this way, users can securely access the relevant web application via the PAM360 interface without their devices establishing a direct connection.

🔧 Extra Information (For Configuration)

• A certificate must be prepared in Java KeyStore (JKS) format.

You can add your .pfx certificate to the Pam360>Certificates field and export it as a keystore file.

• Relevant HTTPS resource URLs must be defined in PAM360
• The Pam server must be able to access the websites that will be connected via HTTPS Gateway.

You can check by trying to access the relevant link via browser on the Pam server.

⚙️ PAM360 – HTTPS Gateway Server Configuration

After PAM360 installation, HTTPS Gateway Server is enabled by default . However, you can reconfigure it according to your specific needs.

📍 Configuration Steps:

1. Access Path:
   Admin > Configuration > HTTPS Gateway Server
2. Port:
• Default: 8285
• If this port is used by another application, replace it with a suitable free port.
3. KeyStore Path:
• Default file: httpsCerts.keystore (location: PAM360 conf folder)
• If you want more security:
• Create a new KeyStore file with the .keystore extension.
• Enter the full path of the file you created in this field. (You can put your keystore file in the conf file and enter the file path in this field.)
4. KeyStore Password:
• If you created a new KeyStore, enter the password you set when creating it here.
5. Save and Start:
• After completing the configuration, click the "Update" button to save the settings and start the server.
  
  

🎥 HTTPS Gateway – Session Record Prerequisite

( Valid: PAM360 Build 7400 and later )

• If session recording is enabled for HTTPS Gateway connections ,
  For the user to start a session via the PAM360 web interface:
  ✅ Must have an active PAM360 browser extension session .
  Afterwards, these connections can be recorded and monitored.
  
  

✨ PAM360 – Autofill Feature for Websites and Applications

(Current Version: Build 7400 and later )

📌 Feature Description:

PAM360 supports auto-filling of website login information in sessions initiated via HTTPS Gateway . This feature automatically fills in the username and password fields.

🔑 Terms of Use and Steps:

1. Login information (username/password) must be registered in PAM360 .
2. On the target website login screen, the PAM360 extension icon appears next to the login field.
3. By clicking on the icon and selecting an account, the relevant username and password will be automatically filled in.
4. To log in, the user must manually press the Enter key .

📝 Notes:

• When a new user logs in to the website, the extension offers you to save this information.
• The recorded information can be added to PAM360 as a personal or corporate account .
• This feature only works if the PAM360 browser extension is installed .
  

⚠️ HTTPS Gateway Server – Restrictions

1. 1- Only HTTPS Connections Are Supported:
   2- Only HTTPS based web connections can be used.
2. 3- Sites Other Than Target Are Not Redirected:
   4- If users go to a site other than the defined target URL, traffic does not pass through the gateway .
3. 5- External Authentication Services Not Supported:
   6- External authentication processes such as Login, SSO etc. do not work through the gateway .
4. 7- Absolute CSS/JS Paths Not Supported:
   8- Sites with style or script files that use absolute paths may not display correctly .
5. 9- Trusted Domain Restriction:
   10- Sites that only accept requests from certain domains will not work.
6. 11- Conflict with Other ManageEngine Products:
   Session conflicts may occur with sites such as Password Manager Pro and ServiceDesk Plus due to the use of shared cookies . This may lead to unexpected session dismissals .
7. 12- Single Session Per Browser:
   Only one HTTPS connection can be initiated per browser session .

🛠️ Troubleshoot Steps and Possible Problems

(For HTTPS Gateway Connection Problems)

❗ Possible Problem 1 :

If the PAM360 server cannot directly reach the target HTTPS connection , the connection through the HTTPS Gateway will fail .

🔍 Troubleshooting Steps:

1. ✅ Test Direct Access to Website via Browser:
• First, from a device that has access to the PAM360 server (preferably on the same network or via the server where PAM360 is installed)
  Try opening the target HTTPS address in a browser :
  Example: https://intranet.company.com:8443
• If the page does not open, there is a connection problem.
2. 🧪 Test DNS and Network Connection:
• Check whether the target address is resolved and the access status with the following commands from the command line:
  
  ping destination-address
  nslookup destination-address
3. 📝 If There is a DNS Resolution Problem (ping failed but IP is known):
• If DNS resolution fails but the IP address is known, add a manual record to the hosts file of the PAM360 server:
• File (Windows):
  C:\Windows\System32\drivers\etc\hosts
• Sample entry:
  
  192.168.1.25     intranet.company.com​
4. 🔄 Restart PAM360 Service After Changes:
• It is recommended to restart the PAM360 service for the changes made to the hosts file to take effect.

🟢 Result:

• For PAM360's HTTPS Gateway connection to work, direct and seamless access to the target web address must be provided.
• This connection should be verified with browser testing, ping/nslookup checks and, if necessary, updating the hosts file.
  
  

❗ Possible Problem 2 :
🔄 Unlimited Simultaneous Use of Multiple ManageEngine Application Services (Conflict-Free Sessions)

Because ManageEngine PAM360 and some other ManageEngine products (e.g. ServiceDesk Plus, Password Manager Pro, etc.) use common cookie names (JSESSIONID and JSESSIONIDSSO) , running multiple applications simultaneously in the same browser may lead to session conflicts and unexpected exits.

✅ Solution: Prevent Session Conflicts by Customizing PAM360 Cookie Settings

Note: It is recommended that you backup your files before editing.

1. Edit the system_properties.conf file

• File path: <PAM360_Installation_Directory>/conf
• Open the system_properties.conf file with administrator (admin) permissions .
• Add the following lines to the bottom of the file:

org.apache.catalina.authenticator.Constants.SSO_SESSION_COOKIE_NAME=PAMJSESSIONIDSSO
org.apache.catalina.SESSION_COOKIE_NAME=PAMSESSIONID

This step ensures that PAM360 uses different cookie names with other ManageEngine applications .

2. Update web.xml file

• Open the web.xml file in the same folder, again with administrator permission.
• Update the <session-config> section as follows:

<session-config> ​
    <session-timeout >450 </session-timeout >
    <cookie-config> ​
        <name >PAMSESSIONID </name >
    </cookie-config>​
</session-config>​

This setting allows PAM360 to operate in isolation from other applications by customizing the session cookie name .