Re: IIS remoteuser for Single-Sign On

[Roney Varghese]

Turn on ur plugin logs(fine) and let me know what auth error u see in  
there?

Regards,
Roney Varghese
Sent from my iPhone

On Apr 29, 2008, at 7:12 AM, "Pierson, Shawn" <[EMAIL PROTECTED]>  
wrote:

I added the mid tier ip address as well as 127.0.0.1 just in case.

-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG 
] On Behalf Of Roney Varghese
Sent: Monday, April 28, 2008 4:18 PM
To: arslist@ARSLIST.ORG
Subject: Re: IIS remoteuser for Single-Sign On

Dear Shawn,

Have you added the midtier ip address to the areasso.cfg file in the
AR Server/conf folder?

Regards,
Roney Varghese

Sent from my iPhone

On Apr 28, 2008, at 3:34 PM, "Pierson, Shawn" <[EMAIL PROTECTED]>
wrote:

Thanks Jarl,

That got me much further, and I can see that my login name is being
passed now.  However, I'm still having issues which I'll bring up
below.

The output log says:
SSO: Remote User Name (including domain): energy\spierson
SSO: Remote User Name (no domain): spierson
SSO: Setting username to lower case...
SSO: Authenticating with username: spierson
SSO: Using AuthString: Qk1DIFJlbWVkeSBBUlN5c3RlbQ==
ARERR [623] Authentication failed

So now it's clear that it is trying to pass my information, but for
some reason the authentication is still failing.  Any ideas on what
the next step in troubleshooting this should be?

Thanks again,

Shawn Pierson



-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG
] On Behalf Of Jarl Grøneng
Sent: Monday, April 28, 2008 3:10 PM
To: arslist@ARSLIST.ORG
Subject: Re: IIS remoteuser for Single-Sign On

Try change this in ..\Tomcat 5.5\conf\server.xml to this:
<Connector port="8009" tomcatAuthentication="false"
enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />

The one you change is:
tomcatAuthentication="true" to tomcatAuthentication="false"

--
Jarl


On Mon, Apr 28, 2008 at 8:33 PM, Pierson, Shawn
<[EMAIL PROTECTED]> wrote:
**


Good afternoon,

I'm trying to set up single sign on for the mid tier and have almost
everything working.  The one thing that still seems to be a problem
is
getting IIS to pass the authenticated user to Jakarta.  When I try
to log
into Remedy, I get the following in my tomcat logs:


SSO: Initialization: Version 2.04

SSO: Property values were loaded.

usermethod:remoteuser

usercase:lower

removedomain:T

headername:

attname:

authmethod:default

authcustom:

debuglogging:T

SSO ERROR: RemoteUser name is null or empty. Using default login  
page

This doesn't really help explain why it's happening, so in the
debug log
file but it does at least show that the sso.properties file is
being read
correctly.

Within IIS I have it set only to Integrated Windows Authentication
and
nothing else on the Authentication Methods form.  I think IIS isn't
passing
the Remote_User variable over to Jakarta, but I'm not really sure
where I
can verify that.  Does anyone else have any suggestions for me to
try?

I'm on Mid Tier 7.0.1 p6 with Apache Tomcat and IIS authenticating
against
Active Directory.

Thanks,

Shawn Pierson Private and confidential as detailed here. If you
cannot
access hyperlink, please e-mail sender. __Platinum Sponsor:
www.rmsportal.com ARSlist: "Where the Answers Are" html___

_______________________________________________________________________________




UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Private and confidential as detailed here: 
http://www.sug.com/disclaimers/default.htm#Mail
. If you cannot access the link, please e-mail sender.

_______________________________________________________________________________




UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

_______________________________________________________________________________


UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail 
 . If you cannot access the link, please e-mail sender.

_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"