Actually there everything seems to be working ok. In the areasso.cfg file I also have DEBUG-LOGGING: 1 so it will show everything, but I don't see where it's even trying to use the sso plugin there after it loads areasso.cfg. It does, however, show that it is trying to log me onto the system in the Tomcat logs.
Any other suggestions? Thanks, Shawn Pierson -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Roney Varghese Sent: Tuesday, April 29, 2008 9:24 AM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Turn on ur plugin logs(fine) and let me know what auth error u see in there? Regards, Roney Varghese Sent from my iPhone On Apr 29, 2008, at 7:12 AM, "Pierson, Shawn" <[EMAIL PROTECTED]> wrote: > I added the mid tier ip address as well as 127.0.0.1 just in case. > > -----Original Message----- > From: Action Request System discussion list(ARSList) > [mailto:arslist@ARSLIST.ORG > ] On Behalf Of Roney Varghese > Sent: Monday, April 28, 2008 4:18 PM > To: arslist@ARSLIST.ORG > Subject: Re: IIS remoteuser for Single-Sign On > > Dear Shawn, > > Have you added the midtier ip address to the areasso.cfg file in the > AR Server/conf folder? > > Regards, > Roney Varghese > > Sent from my iPhone > > On Apr 28, 2008, at 3:34 PM, "Pierson, Shawn" <[EMAIL PROTECTED]> > wrote: > >> Thanks Jarl, >> >> That got me much further, and I can see that my login name is being >> passed now. However, I'm still having issues which I'll bring up >> below. >> >> The output log says: >> SSO: Remote User Name (including domain): energy\spierson >> SSO: Remote User Name (no domain): spierson >> SSO: Setting username to lower case... >> SSO: Authenticating with username: spierson >> SSO: Using AuthString: Qk1DIFJlbWVkeSBBUlN5c3RlbQ== >> ARERR [623] Authentication failed >> >> So now it's clear that it is trying to pass my information, but for >> some reason the authentication is still failing. Any ideas on what >> the next step in troubleshooting this should be? >> >> Thanks again, >> >> Shawn Pierson >> >> >> >> -----Original Message----- >> From: Action Request System discussion list(ARSList) >> [mailto:arslist@ARSLIST.ORG >> ] On Behalf Of Jarl Grøneng >> Sent: Monday, April 28, 2008 3:10 PM >> To: arslist@ARSLIST.ORG >> Subject: Re: IIS remoteuser for Single-Sign On >> >> Try change this in ..\Tomcat 5.5\conf\server.xml to this: >> <Connector port="8009" tomcatAuthentication="false" >> enableLookups="false" redirectPort="8443" protocol="AJP/1.3" /> >> >> The one you change is: >> tomcatAuthentication="true" to tomcatAuthentication="false" >> >> -- >> Jarl >> >> >> On Mon, Apr 28, 2008 at 8:33 PM, Pierson, Shawn >> <[EMAIL PROTECTED]> wrote: >>> ** >>> >>> >>> Good afternoon, >>> >>> I'm trying to set up single sign on for the mid tier and have almost >>> everything working. The one thing that still seems to be a problem >>> is >>> getting IIS to pass the authenticated user to Jakarta. When I try >>> to log >>> into Remedy, I get the following in my tomcat logs: >>> >>> >>> SSO: Initialization: Version 2.04 >>> >>> SSO: Property values were loaded. >>> >>> usermethod:remoteuser >>> >>> usercase:lower >>> >>> removedomain:T >>> >>> headername: >>> >>> attname: >>> >>> authmethod:default >>> >>> authcustom: >>> >>> debuglogging:T >>> >>> SSO ERROR: RemoteUser name is null or empty. Using default login >>> page >>> >>> This doesn't really help explain why it's happening, so in the >>> debug log >>> file but it does at least show that the sso.properties file is >>> being read >>> correctly. >>> >>> Within IIS I have it set only to Integrated Windows Authentication >>> and >>> nothing else on the Authentication Methods form. I think IIS isn't >>> passing >>> the Remote_User variable over to Jakarta, but I'm not really sure >>> where I >>> can verify that. Does anyone else have any suggestions for me to >>> try? >>> >>> I'm on Mid Tier 7.0.1 p6 with Apache Tomcat and IIS authenticating >>> against >>> Active Directory. >>> >>> Thanks, >>> >>> Shawn Pierson Private and confidential as detailed here. If you >>> cannot >>> access hyperlink, please e-mail sender. __Platinum Sponsor: >>> www.rmsportal.com ARSlist: "Where the Answers Are" html___ >> >> _______________________________________________________________________________ > > >> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org >> Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" >> >> Private and confidential as detailed here: >> http://www.sug.com/disclaimers/default.htm#Mail >> . If you cannot access the link, please e-mail sender. >> >> _______________________________________________________________________________ > > >> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org >> Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" > > Private and confidential as detailed here: > http://www.sug.com/disclaimers/default.htm#Mail > . If you cannot access the link, please e-mail sender. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender.
