Scribd
Upload
59 views2 pages

HTML 5

The document provides instructions for launching the HTML5GW container using Docker/Podman, including necessary configurations such as port mapping, certificate mounting, and endpoint address settings. It also includes troubleshooting tips for common issues and steps to configure the Password Vault Web Access (PVWA) for HTML5 access. Additionally, it outlines optional steps to enforce HTML5-only access and customize connection components.

Uploaded by

emailguugel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
59 views2 pages

HTML 5

The document provides instructions for launching the HTML5GW container using Docker/Podman, including necessary configurations such as port mapping, certificate mounting, and endpoint address settings. It also includes troubleshooting tips for common issues and steps to configure the Password Vault Web Access (PVWA) for HTML5 access. Additionally, it outlines optional steps to enforce HTML5-only access and customize connection components.

Uploaded by

emailguugel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

1.

Launch the HTML5GW container (Docker/Podman)


Run the following locally (no Alero/Remote Access required):

bash
Copy
Edit
./html5_console.sh run \
-p 8443:8443 -p 443:8443 \
-v /opt/cert:/opt/import:ro \
-e AcceptCyberArkEULA=yes \
-e EndPointAddress=https://<PVWA_HOST>/PasswordVault \
-e EnableJWTValidation=no \
-e IgnorePSMCertificateErrors=yes \
--net=cyberark \
--hostname html5gw.local.domain \
--name html5gw.local.domain \
docker.io/alerocyberark/psmhtml5
Why these options matter:
Port mapping: Exposes container port 8443 on both host 8443 and (optionally) host
443 too.

Certificates: Mounts /opt/cert directory with your trusted CA chain. Use GWCert,
GWKey, and GWCAFile if you're supplying TLS certs directly

EndPointAddress: Mandatory even when JWT validation is disabled

Network: Ensures container talks to other CyberArk components.


Naming consistency: Hostname must match --name, especially in load-balanced
environments

🔧 2. Troubleshooting tips
Ensure port 8443 is open on your host firewall (e.g. sudo ufw allow 8443)

If you see gateway issues or JWT errors, double-check EndPointAddress= in your


command — it’s necessary

Adjust PVWA’s HTML5GW port if not using standard 443 (e.g., set to 8443)

🧩 3. Configure PVWA (Password Vault Web Access)


In PVWA Admin → Configuration Options → Privileged Session Management → Configured
PSM Servers → [Your HTML5GW server] → Connection Details → PSM Gateway, set Enable
= Yes

Under Connection Components, locate your RDP or SSH component:

Add or reveal the parameter AllowSelectHTML5 in User Parameters.

Set ValueVisible = Yes (so users see HTML5 option)


privilegecloud.azurewebsites.net

🎯 4. Enforce HTML5-only access (optional)


To disable classic RDP downloads completely:

Set DefaultConnectionMethod globally to HTML5 in:

Admin → Configuration Options → Privileged Session Management → UI →


DefaultConnectionMethod = HTML5
Hide “Connect via RDP” toggle:

Within Connection Component settings, set parameter AllowSelectHTML5 as true by


default and visibility false
Reddit
.

✅ Summary Checklist Step Description


✅ Deploy HTML5GW container with proper port mapping and certs
✅ Open firewall port 8443
✅ Configure PVWA to enable and use HTML5 Gateway
✅ Customize connection components to show or enforce HTML5
✅ (Optional) Force HTML5 globally and hide RDP paths

You might also like