Jiri, I can see the user name coming across successfully, but the authentication string is basically nonsense. I assume it is some sort of encrypted value, but without really understanding what it should look like, I'm not sure of what to make of it. For example, I see it coming across like this in the Tomcat logs:
SSO: Remote User Name (including domain): energy\spierson SSO: Remote User Name (no domain): spierson SSO: Setting username to lower case... SSO: Authenticating with username: spierson SSO: Using AuthString: Qk1DIFJlbWVkeSBBUlN5c3RlbQ== It appears to be working, except that the AuthString value I guess doesn't work. When I look in my browser, it's giving me the standard ARERR 8908 "Unknown User or Invalid Password" error message. -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Jiri Pospisil Sent: Tuesday, April 29, 2008 10:23 AM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On ++++++++++++++++++++++++++++++++++++++++++++++++++++++ Please Read The Disclaimer At The Bottom Of This Email ++++++++++++++++++++++++++++++++++++++++++++++++++++++ Shawn, we are on version 7.0.1 and I managed to configure SSO authentication on the mid-tier without changing/setting any configuration on the Remedy server side. I would look at your code which interrogates the HTTP request for the user name and authentication string. You can add some debugging messages there that would write into a file on the mid-tier server to see what is actually being passed to the Remedy authenticator. Regards Jiri Pospisil Remedy Administrator LCH.Clearnet -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] Behalf Of Pierson, Shawn Sent: 29 April 2008 16:10 To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Actually there everything seems to be working ok. In the areasso.cfg file I also have DEBUG-LOGGING: 1 so it will show everything, but I don't see where it's even trying to use the sso plugin there after it loads areasso.cfg. It does, however, show that it is trying to log me onto the system in the Tomcat logs. Any other suggestions? Thanks, Shawn Pierson -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Roney Varghese Sent: Tuesday, April 29, 2008 9:24 AM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Turn on ur plugin logs(fine) and let me know what auth error u see in there? Regards, Roney Varghese Sent from my iPhone On Apr 29, 2008, at 7:12 AM, "Pierson, Shawn" <[EMAIL PROTECTED]> wrote: > I added the mid tier ip address as well as 127.0.0.1 just in case. > > -----Original Message----- > From: Action Request System discussion list(ARSList) > [mailto:arslist@ARSLIST.ORG > ] On Behalf Of Roney Varghese > Sent: Monday, April 28, 2008 4:18 PM > To: arslist@ARSLIST.ORG > Subject: Re: IIS remoteuser for Single-Sign On > > Dear Shawn, > > Have you added the midtier ip address to the areasso.cfg file in the > AR Server/conf folder? > > Regards, > Roney Varghese > > Sent from my iPhone > > On Apr 28, 2008, at 3:34 PM, "Pierson, Shawn" <[EMAIL PROTECTED]> > wrote: > >> Thanks Jarl, >> >> That got me much further, and I can see that my login name is being >> passed now. However, I'm still having issues which I'll bring up >> below. >> >> The output log says: >> SSO: Remote User Name (including domain): energy\spierson >> SSO: Remote User Name (no domain): spierson >> SSO: Setting username to lower case... >> SSO: Authenticating with username: spierson >> SSO: Using AuthString: Qk1DIFJlbWVkeSBBUlN5c3RlbQ== >> ARERR [623] Authentication failed >> >> So now it's clear that it is trying to pass my information, but for >> some reason the authentication is still failing. Any ideas on what >> the next step in troubleshooting this should be? >> >> Thanks again, >> >> Shawn Pierson >> >> >> >> -----Original Message----- >> From: Action Request System discussion list(ARSList) >> [mailto:arslist@ARSLIST.ORG >> ] On Behalf Of Jarl Grøneng >> Sent: Monday, April 28, 2008 3:10 PM >> To: arslist@ARSLIST.ORG >> Subject: Re: IIS remoteuser for Single-Sign On >> >> Try change this in ..\Tomcat 5.5\conf\server.xml to this: >> <Connector port="8009" tomcatAuthentication="false" >> enableLookups="false" redirectPort="8443" protocol="AJP/1.3" /> >> >> The one you change is: >> tomcatAuthentication="true" to tomcatAuthentication="false" >> >> -- >> Jarl >> >> >> On Mon, Apr 28, 2008 at 8:33 PM, Pierson, Shawn >> <[EMAIL PROTECTED]> wrote: >>> ** >>> >>> >>> Good afternoon, >>> >>> I'm trying to set up single sign on for the mid tier and have almost >>> everything working. The one thing that still seems to be a problem >>> is >>> getting IIS to pass the authenticated user to Jakarta. When I try >>> to log >>> into Remedy, I get the following in my tomcat logs: >>> >>> >>> SSO: Initialization: Version 2.04 >>> >>> SSO: Property values were loaded. >>> >>> usermethod:remoteuser >>> >>> usercase:lower >>> >>> removedomain:T >>> >>> headername: >>> >>> attname: >>> >>> authmethod:default >>> >>> authcustom: >>> >>> debuglogging:T >>> >>> SSO ERROR: RemoteUser name is null or empty. Using default login >>> page >>> >>> This doesn't really help explain why it's happening, so in the >>> debug log >>> file but it does at least show that the sso.properties file is >>> being read >>> correctly. >>> >>> Within IIS I have it set only to Integrated Windows Authentication >>> and >>> nothing else on the Authentication Methods form. I think IIS isn't >>> passing >>> the Remote_User variable over to Jakarta, but I'm not really sure >>> where I >>> can verify that. Does anyone else have any suggestions for me to >>> try? >>> >>> I'm on Mid Tier 7.0.1 p6 with Apache Tomcat and IIS authenticating >>> against >>> Active Directory. >>> >>> Thanks, >>> >>> Shawn Pierson Private and confidential as detailed here. If you >>> cannot >>> access hyperlink, please e-mail sender. __Platinum Sponsor: >>> www.rmsportal.com ARSlist: "Where the Answers Are" html___ >> >> _______________________________________________________________________________ > > >> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org >> Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" >> >> Private and confidential as detailed here: >> http://www.sug.com/disclaimers/default.htm#Mail >> . If you cannot access the link, please e-mail sender. >> >> _______________________________________________________________________________ > > >> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org >> Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" > > Private and confidential as detailed here: > http://www.sug.com/disclaimers/default.htm#Mail > . If you cannot access the link, please e-mail sender. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender. ************************************************************************************************* This email is intended for the named recipient(s) only. Its contents are confidential and may only be retained by the named recipient(s) and may only be copied or disclosed with the consent of LCH.Clearnet Limited. If you are not an intended recipient please delete this e-mail and notify [EMAIL PROTECTED] The contents of this email are subject to contract in all cases, and LCH.Clearnet Limited makes no contractual commitment save where confirmed by hard copy. LCH.Clearnet Limited accepts no liability, including liability for negligence, in respect of any statement in this email. LCH.Clearnet Limited, Registered Office: Aldgate House, 33 Aldgate High Street, London EC3N 1EA. Recognised as a Clearing House under the Financial Services & Markets Act 2000. Reg in England No.25932 Telephone: +44 20 7426 7000 Internet: http://www.lchclearnet.com ************************************************************************************************* Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender.