I added the mid tier ip address as well as 127.0.0.1 just in case. -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Roney Varghese Sent: Monday, April 28, 2008 4:18 PM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On
Dear Shawn, Have you added the midtier ip address to the areasso.cfg file in the AR Server/conf folder? Regards, Roney Varghese Sent from my iPhone On Apr 28, 2008, at 3:34 PM, "Pierson, Shawn" <[EMAIL PROTECTED]> wrote: > Thanks Jarl, > > That got me much further, and I can see that my login name is being > passed now. However, I'm still having issues which I'll bring up > below. > > The output log says: > SSO: Remote User Name (including domain): energy\spierson > SSO: Remote User Name (no domain): spierson > SSO: Setting username to lower case... > SSO: Authenticating with username: spierson > SSO: Using AuthString: Qk1DIFJlbWVkeSBBUlN5c3RlbQ== > ARERR [623] Authentication failed > > So now it's clear that it is trying to pass my information, but for > some reason the authentication is still failing. Any ideas on what > the next step in troubleshooting this should be? > > Thanks again, > > Shawn Pierson > > > > -----Original Message----- > From: Action Request System discussion list(ARSList) > [mailto:arslist@ARSLIST.ORG > ] On Behalf Of Jarl Grøneng > Sent: Monday, April 28, 2008 3:10 PM > To: arslist@ARSLIST.ORG > Subject: Re: IIS remoteuser for Single-Sign On > > Try change this in ..\Tomcat 5.5\conf\server.xml to this: > <Connector port="8009" tomcatAuthentication="false" > enableLookups="false" redirectPort="8443" protocol="AJP/1.3" /> > > The one you change is: > tomcatAuthentication="true" to tomcatAuthentication="false" > > -- > Jarl > > > On Mon, Apr 28, 2008 at 8:33 PM, Pierson, Shawn > <[EMAIL PROTECTED]> wrote: >> ** >> >> >> Good afternoon, >> >> I'm trying to set up single sign on for the mid tier and have almost >> everything working. The one thing that still seems to be a problem >> is >> getting IIS to pass the authenticated user to Jakarta. When I try >> to log >> into Remedy, I get the following in my tomcat logs: >> >> >> SSO: Initialization: Version 2.04 >> >> SSO: Property values were loaded. >> >> usermethod:remoteuser >> >> usercase:lower >> >> removedomain:T >> >> headername: >> >> attname: >> >> authmethod:default >> >> authcustom: >> >> debuglogging:T >> >> SSO ERROR: RemoteUser name is null or empty. Using default login page >> >> This doesn't really help explain why it's happening, so in the >> debug log >> file but it does at least show that the sso.properties file is >> being read >> correctly. >> >> Within IIS I have it set only to Integrated Windows Authentication >> and >> nothing else on the Authentication Methods form. I think IIS isn't >> passing >> the Remote_User variable over to Jakarta, but I'm not really sure >> where I >> can verify that. Does anyone else have any suggestions for me to >> try? >> >> I'm on Mid Tier 7.0.1 p6 with Apache Tomcat and IIS authenticating >> against >> Active Directory. >> >> Thanks, >> >> Shawn Pierson Private and confidential as detailed here. If you >> cannot >> access hyperlink, please e-mail sender. __Platinum Sponsor: >> www.rmsportal.com ARSlist: "Where the Answers Are" html___ > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" > > Private and confidential as detailed here: > http://www.sug.com/disclaimers/default.htm#Mail > . If you cannot access the link, please e-mail sender. > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender.
