Re: Explicitly Invalidate Remedy Session
Dear All, Let me explain the problem again: We have a corporate portal. The user logs into the corporate portal. He clicks on a link for Remedy and we pass the username and password in the url and the user accesses remedy to register trouble tickets etc. Hence the login is transparent to users. The portal is based on frames and remedy opens in the content frame. When the user performs a portal logout in this window where Remedy is open in a frame, we call the logout http://server/arsys/shared/logoutservlet. This kills the Remedy session and works perfectly. This url works perfectly if the portal logout is being performed from the main portal window where remedy is in the content frame. However if during his interaction on the portal if the user clicks on a link which opens another portal window and he logs out from this second portal window, we again call the logout servlet.* But it does not kill the remedy session in the main portal window. * Is there a way where we can kill the user's remedy session from any of the open portal windows? Most clients want the corporate portal to be an access point for all application and users. Putting Remedy on the portal is a major security concern for any corporate if we are unable to kill the session I appreciate all the help as there integrations on hold due to this problem. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Explicitly Invalidate Remedy Session
Try using APPLICATION-PERFORM-EXIT on a button. - Original Message From: Prashant Patil [EMAIL PROTECTED] To: arslist@ARSLIST.ORG Sent: Monday, April 14, 2008 4:07:30 AM Subject: Re: Explicitly Invalidate Remedy Session ** Dear All, Let me explain the problem again: We have a corporate portal. The user logs into the corporate portal. He clicks on a link for Remedy and we pass the username and password in the url and the user accesses remedy to register trouble tickets etc. Hence the login is transparent to users. The portal is based on frames and remedy opens in the content frame. When the user performs a portal logout in this window where Remedy is open in a frame, we call the logout http://server/arsys/shared/logoutservlet. This kills the Remedy session and works perfectly. This url works perfectly if the portal logout is being performed from the main portal window where remedy is in the content frame. However if during his interaction on the portal if the user clicks on a link which opens another portal window and he logs out from this second portal window, we again call the logout servlet. But it does not kill the remedy session in the main portal window. Is there a way where we can kill the user's remedy session from any of the open portal windows? Most clients want the corporate portal to be an access point for all application and users. Putting Remedy on the portal is a major security concern for any corporate if we are unable to kill the session I appreciate all the help as there integrations on hold due to this problem. __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Explicitly Invalidate Remedy Session
LJ, Actually I would bet that the problem lies with the Portal design vs ARS license restrictions. I suggest that [EMAIL PROTECTED] needs to read up on ARS and the use of Load Balancers to understand the implications of the Mid-Tier/ARS and the Users (AKA: client) IP address restrictions. My guess (and I could be wrong) is that the Portal is not sticky and that the end user is not connecting to ARS via the same Portal web server all of the time. ( It is kind of a sessionID thing, but more physical than that for the license restrictions with ARS.) One way to solve it would be to have the Portal always route traffic to Host X when talking to ARS. Then any Login/Logout would be coming from that host. You may have to do some fancy content rewriting to make it all work, but I think that might make it possible to have the user bounce around in the Portal application (from web server to web server) and have all ARS traffic only be handled by a dedicated Portal to ARS host too. (But it is likely to much effort to be worth it IMHO.) -- Carey Matthew Black Remedy Skilled Professional (RSP) ARS = Action Request System(Remedy) Love, then teach Solution = People + Process + Tools Fast, Accurate, Cheap Pick two. On Mon, Apr 14, 2008 at 9:46 AM, LJ Longwing [EMAIL PROTECTED] wrote: ** The problem as I understand it is that each browser window has its own session ID, and your login from your browser is tied to that session ID, so when you call the logout from browser window 2, it's a different session ID, and as such, has nothing to do. I believe what you need to do is figure out a way, prolly Java Script, to communicate between your multiple browser windows (should be possible) and have each of them perform the logout, because you aren't exactly sure which one did the login, I think that would solve your problem. From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Prashant Patil Sent: Monday, April 14, 2008 2:08 AM To: arslist@ARSLIST.ORG Subject: Re: Explicitly Invalidate Remedy Session ** Dear All, Let me explain the problem again: We have a corporate portal. The user logs into the corporate portal. He clicks on a link for Remedy and we pass the username and password in the url and the user accesses remedy to register trouble tickets etc. Hence the login is transparent to users. The portal is based on frames and remedy opens in the content frame. When the user performs a portal logout in this window where Remedy is open in a frame, we call the logout http://server/arsys/shared/logoutservlet. This kills the Remedy session and works perfectly. This url works perfectly if the portal logout is being performed from the main portal window where remedy is in the content frame. However if during his interaction on the portal if the user clicks on a link which opens another portal window and he logs out from this second portal window, we again call the logout servlet. But it does not kill the remedy session in the main portal window. Is there a way where we can kill the user's remedy session from any of the open portal windows? Most clients want the corporate portal to be an access point for all application and users. Putting Remedy on the portal is a major security concern for any corporate if we are unable to kill the sessionI appreciate all the help as there integrations on hold due to this problem. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Explicitly Invalidate Remedy Session
Another suggestion is to use Events The Portal Logout process could send an event to all Remedy windows and each window could perform the Logout Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Carey Matthew Black Sent: Monday, April 14, 2008 2:00 PM To: arslist@ARSLIST.ORG Subject: Re: Explicitly Invalidate Remedy Session LJ, Actually I would bet that the problem lies with the Portal design vs ARS license restrictions. I suggest that [EMAIL PROTECTED] needs to read up on ARS and the use of Load Balancers to understand the implications of the Mid-Tier/ARS and the Users (AKA: client) IP address restrictions. My guess (and I could be wrong) is that the Portal is not sticky and that the end user is not connecting to ARS via the same Portal web server all of the time. ( It is kind of a sessionID thing, but more physical than that for the license restrictions with ARS.) One way to solve it would be to have the Portal always route traffic to Host X when talking to ARS. Then any Login/Logout would be coming from that host. You may have to do some fancy content rewriting to make it all work, but I think that might make it possible to have the user bounce around in the Portal application (from web server to web server) and have all ARS traffic only be handled by a dedicated Portal to ARS host too. (But it is likely to much effort to be worth it IMHO.) -- Carey Matthew Black Remedy Skilled Professional (RSP) ARS = Action Request System(Remedy) Love, then teach Solution = People + Process + Tools Fast, Accurate, Cheap Pick two. On Mon, Apr 14, 2008 at 9:46 AM, LJ Longwing [EMAIL PROTECTED] wrote: ** The problem as I understand it is that each browser window has its own session ID, and your login from your browser is tied to that session ID, so when you call the logout from browser window 2, it's a different session ID, and as such, has nothing to do. I believe what you need to do is figure out a way, prolly Java Script, to communicate between your multiple browser windows (should be possible) and have each of them perform the logout, because you aren't exactly sure which one did the login, I think that would solve your problem. From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Prashant Patil Sent: Monday, April 14, 2008 2:08 AM To: arslist@ARSLIST.ORG Subject: Re: Explicitly Invalidate Remedy Session ** Dear All, Let me explain the problem again: We have a corporate portal. The user logs into the corporate portal. He clicks on a link for Remedy and we pass the username and password in the url and the user accesses remedy to register trouble tickets etc. Hence the login is transparent to users. The portal is based on frames and remedy opens in the content frame. When the user performs a portal logout in this window where Remedy is open in a frame, we call the logout http://server/arsys/shared/logoutservlet. This kills the Remedy session and works perfectly. This url works perfectly if the portal logout is being performed from the main portal window where remedy is in the content frame. However if during his interaction on the portal if the user clicks on a link which opens another portal window and he logs out from this second portal window, we again call the logout servlet. But it does not kill the remedy session in the main portal window. Is there a way where we can kill the user's remedy session from any of the open portal windows? Most clients want the corporate portal to be an access point for all application and users. Putting Remedy on the portal is a major security concern for any corporate if we are unable to kill the sessionI appreciate all the help as there integrations on hold due to this problem. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Explicitly Invalidate Remedy Session
I'm engaging in this topic only from a theoretical/intellectual standpoint...so just keep that in mind during this discussion. :) If he were having any issues with separate web servers/load balancing, he would likely be complaining about either 'this user is connected from another machine', or 'Session invalid' errors, the first would manifest itself if you used two browsers on the same machine (not spawned from each other of course) to access the same mid-tier, the second would manifest itself if you had two mid-tiers that your portal was balancing you against without sticky sessions. Due to the fact that he isn't mentioning any 'errors' per se, but instead is talking about multiple browsers for the portal, I must assume that browser 1 has the remedy frame, and browser 2 is simply another window that's attached to the portal, this being the assumed case, I think that communication between windows to have all portal windows to issue a logout to the remedy server is about the only way he can avoid 'the hanging chad' as it were. -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Carey Matthew Black Sent: Monday, April 14, 2008 1:00 PM To: arslist@ARSLIST.ORG Subject: Re: Explicitly Invalidate Remedy Session LJ, Actually I would bet that the problem lies with the Portal design vs ARS license restrictions. I suggest that [EMAIL PROTECTED] needs to read up on ARS and the use of Load Balancers to understand the implications of the Mid-Tier/ARS and the Users (AKA: client) IP address restrictions. My guess (and I could be wrong) is that the Portal is not sticky and that the end user is not connecting to ARS via the same Portal web server all of the time. ( It is kind of a sessionID thing, but more physical than that for the license restrictions with ARS.) One way to solve it would be to have the Portal always route traffic to Host X when talking to ARS. Then any Login/Logout would be coming from that host. You may have to do some fancy content rewriting to make it all work, but I think that might make it possible to have the user bounce around in the Portal application (from web server to web server) and have all ARS traffic only be handled by a dedicated Portal to ARS host too. (But it is likely to much effort to be worth it IMHO.) -- Carey Matthew Black Remedy Skilled Professional (RSP) ARS = Action Request System(Remedy) Love, then teach Solution = People + Process + Tools Fast, Accurate, Cheap Pick two. On Mon, Apr 14, 2008 at 9:46 AM, LJ Longwing [EMAIL PROTECTED] wrote: ** The problem as I understand it is that each browser window has its own session ID, and your login from your browser is tied to that session ID, so when you call the logout from browser window 2, it's a different session ID, and as such, has nothing to do. I believe what you need to do is figure out a way, prolly Java Script, to communicate between your multiple browser windows (should be possible) and have each of them perform the logout, because you aren't exactly sure which one did the login, I think that would solve your problem. From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Prashant Patil Sent: Monday, April 14, 2008 2:08 AM To: arslist@ARSLIST.ORG Subject: Re: Explicitly Invalidate Remedy Session ** Dear All, Let me explain the problem again: We have a corporate portal. The user logs into the corporate portal. He clicks on a link for Remedy and we pass the username and password in the url and the user accesses remedy to register trouble tickets etc. Hence the login is transparent to users. The portal is based on frames and remedy opens in the content frame. When the user performs a portal logout in this window where Remedy is open in a frame, we call the logout http://server/arsys/shared/logoutservlet. This kills the Remedy session and works perfectly. This url works perfectly if the portal logout is being performed from the main portal window where remedy is in the content frame. However if during his interaction on the portal if the user clicks on a link which opens another portal window and he logs out from this second portal window, we again call the logout servlet. But it does not kill the remedy session in the main portal window. Is there a way where we can kill the user's remedy session from any of the open portal windows? Most clients want the corporate portal to be an access point for all application and users. Putting Remedy on the portal is a major security concern for any corporate if we are unable to kill the sessionI appreciate all the help as there integrations on hold due to this problem. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where
Re: Explicitly Invalidate Remedy Session
Hi Carey, Using LogoutServlet I did the following test. Our portal has this scenario as explained below for performing remedy logout process. Browser 1 (Main portal window) - Click on remedy link which will perform transparent login and show remedy form to user. Browser 2 (child portal window) - User clicks on portal logout link. Portal logout process steps are : a) Perform logout for remedy user (by calling logout servlet) b) logout user from portal. Result : Remedy session will still remain active for that user. How can i be sure that user logout has been performed for that user. Thanks Prashant On Mon, Mar 17, 2008 at 2:30 PM, Carey Matthew Black [EMAIL PROTECTED] wrote: Prashant, This is the wrong URL. http://server/arsys/shared/logout.jsp That jsp is just the ok, we are done with the logout process... now what do we show the user? output file. You need to make a call to the LogoutServlet. You can pass it a goto value of the logout.jsp, or any other file you want to. See BasicGuide-630.2006.05.09.pdf pages 452 and 453 for details. http://server/arsys/servlet/LoginServlet Keep in mind that this may not totally free the users session, but it will at least have a shot at not requiring a one hour timeout. -- Carey Matthew Black Remedy Skilled Professional (RSP) ARS = Action Request System(Remedy) Love, then teach Solution = People + Process + Tools Fast, Accurate, Cheap Pick two. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Explicitly Invalidate Remedy Session
Prashant, The LogoutServlet is the right way to go. It however will not violate the BMC license agreement for how licenses are to be used. ( There are restrictions on the number of IP addresses, how long the license/token will be held to a give IP, and other conditions that can not be circumvented without breaking the EULA.) So far I think your description of how you are using ARS is vague, and the exact nature of the problem has also not been described. Can you quantify/qualify what the actual problem is that your having after the session is not closed? Can you explain what you mean by transparent login? ( Is a generic ARS user account being used or is the individuals personal credentials being used?) Are you using a load balancer design in your portal that might be changing IP addresses when it is talking to ARS for the user? I can see a possibility that any or all of the above would lead to complications in using ARS connectivity from a portal. Also please know that the exact version of ARS (server and client) may also play into this discussion due to bugs and the alike in the specific ARS API's your using. ( So knowing that kind of detail can also be helpful to the discussion.) -- Carey Matthew Black Remedy Skilled Professional (RSP) ARS = Action Request System(Remedy) Love, then teach Solution = People + Process + Tools Fast, Accurate, Cheap Pick two. On Tue, Mar 18, 2008 at 3:39 AM, Prashant Patil [EMAIL PROTECTED] wrote: ** Hi Carey, Using LogoutServlet I did the following test. Our portal has this scenario as explained below for performing remedy logout process. Browser 1 (Main portal window) - Click on remedy link which will perform transparent login and show remedy form to user. Browser 2 (child portal window) - User clicks on portal logout link. Portal logout process steps are : a) Perform logout for remedy user (by calling logout servlet) b) logout user from portal. Result : Remedy session will still remain active for that user. How can i be sure that user logout has been performed for that user. Thanks Prashant On Mon, Mar 17, 2008 at 2:30 PM, Carey Matthew Black [EMAIL PROTECTED] wrote: Prashant, This is the wrong URL. http://server/arsys/shared/logout.jsp That jsp is just the ok, we are done with the logout process... now what do we show the user? output file. You need to make a call to the LogoutServlet. You can pass it a goto value of the logout.jsp, or any other file you want to. See BasicGuide-630.2006.05.09.pdf pages 452 and 453 for details. http://server/arsys/servlet/LogoutServlet Keep in mind that this may not totally free the users session, but it will at least have a shot at not requiring a one hour timeout. -- Carey Matthew Black Remedy Skilled Professional (RSP) ARS = Action Request System(Remedy) Love, then teach Solution = People + Process + Tools Fast, Accurate, Cheap Pick two. __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Explicitly Invalidate Remedy Session
I'll take a stab at this ... I believe what the user is looking for is a way to ensure a user has logged out of Remedy, or possible a way to actually force a logout of a user through workflow. As understand it the only way to actually force the logout of a user is to use the Admin tool and clear the user from Managed User Licenses list. This can only be done once every few hours (or something like that ). I do not believe there is a call (API, JScript) you can make that allows you to specify which user to logout. The next way to log a user out is to run PERFORM-ACTION-EXIT-APP on the web which will log the user out. However, when to do this is on the web is the tricky part. If you do this on window close, and the user has many Remedy web windows open, they will lose their sessions on those windows. If your web application runs in only one window then this could be a solution. Note: some an interesting test I performed on Firefox using tabs. Open a control panel form. Double click a record from a table field on that form which opens a record in a new tab. Go back to control panel and double click another table record which opens another record in a new tab. Go back to the control panel and click a logout button which does a PERFORM-ACTION-EXIT-APP. The two new tabs that had opened get closed and the user is sent to a logout.jsp page. This only seems to work if the new tabs are opened from a Remedy form. No, we do not have any custom code that knows which tabs are opened. Frank On Tue, Mar 18, 2008 at 7:16 AM, Carey Matthew Black [EMAIL PROTECTED] wrote: Prashant, The LogoutServlet is the right way to go. It however will not violate the BMC license agreement for how licenses are to be used. ( There are restrictions on the number of IP addresses, how long the license/token will be held to a give IP, and other conditions that can not be circumvented without breaking the EULA.) So far I think your description of how you are using ARS is vague, and the exact nature of the problem has also not been described. Can you quantify/qualify what the actual problem is that your having after the session is not closed? Can you explain what you mean by transparent login? ( Is a generic ARS user account being used or is the individuals personal credentials being used?) Are you using a load balancer design in your portal that might be changing IP addresses when it is talking to ARS for the user? I can see a possibility that any or all of the above would lead to complications in using ARS connectivity from a portal. Also please know that the exact version of ARS (server and client) may also play into this discussion due to bugs and the alike in the specific ARS API's your using. ( So knowing that kind of detail can also be helpful to the discussion.) -- Carey Matthew Black Remedy Skilled Professional (RSP) ARS = Action Request System(Remedy) Love, then teach Solution = People + Process + Tools Fast, Accurate, Cheap Pick two. On Tue, Mar 18, 2008 at 3:39 AM, Prashant Patil [EMAIL PROTECTED] wrote: ** Hi Carey, Using LogoutServlet I did the following test. Our portal has this scenario as explained below for performing remedy logout process. Browser 1 (Main portal window) - Click on remedy link which will perform transparent login and show remedy form to user. Browser 2 (child portal window) - User clicks on portal logout link. Portal logout process steps are : a) Perform logout for remedy user (by calling logout servlet) b) logout user from portal. Result : Remedy session will still remain active for that user. How can i be sure that user logout has been performed for that user. Thanks Prashant On Mon, Mar 17, 2008 at 2:30 PM, Carey Matthew Black [EMAIL PROTECTED] wrote: Prashant, This is the wrong URL. http://server/arsys/shared/logout.jsp That jsp is just the ok, we are done with the logout process... now what do we show the user? output file. You need to make a call to the LogoutServlet. You can pass it a goto value of the logout.jsp, or any other file you want to. See BasicGuide-630.2006.05.09.pdf pages 452 and 453 for details. http://server/arsys/servlet/LogoutServlet Keep in mind that this may not totally free the users session, but it will at least have a shot at not requiring a one hour timeout. -- Carey Matthew Black Remedy Skilled Professional (RSP) ARS = Action Request System(Remedy) Love, then teach Solution = People + Process + Tools Fast, Accurate, Cheap Pick two. __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the
Explicitly Invalidate Remedy Session
Hi All, We have a corporate portal where the users perform login and have access to the remedy system to register trouble tickets etc. The portal is based on frames and remedy opens in the content frame. Now the situation is whenever the user performs portal logout we need to make sure to kill the user's remedy session. To achieve this we are calling the url: http://server/arsys/shared/logout.jsp This url works perfectly if the portal logout is being performed from the main portal window where remedy is in the content frame.Please note that at the time of portal logout the user might be on a new browser window of the portal. The url does not work if we call it from any new browser window of the portal. Is there a way where we can kill the user's remedy session from any of the open portal windows? Thanks Prashant ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Explicitly Invalidate Remedy Session
Hi Prashant, Could you please share the methods used to achieve remedy login inside the corporate portal? Thanks Regards, Thivagar Sankaran ITIL Foundation - Certified ARS Remedy 6.3 _ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Prashant Patil Sent: Monday, March 17, 2008 11:35 AM To: arslist@ARSLIST.ORG Subject: Explicitly Invalidate Remedy Session ** Hi All, We have a corporate portal where the users perform login and have access to the remedy system to register trouble tickets etc. The portal is based on frames and remedy opens in the content frame. Now the situation is whenever the user performs portal logout we need to make sure to kill the user's remedy session. To achieve this we are calling the url: http://server/arsys/shared/logout.jsp This url works perfectly if the portal logout is being performed from the main portal window where remedy is in the content frame.Please note that at the time of portal logout the user might be on a new browser window of the portal. The url does not work if we call it from any new browser window of the portal. Is there a way where we can kill the user's remedy session from any of the open portal windows? Thanks Prashant __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are smime.p7s Description: S/MIME cryptographic signature
Re: Explicitly Invalidate Remedy Session
Hi Thivagar, You can do that with the url format: http://server/arsys/servlet/LoginServlet?server=serverusername=usernamepwd=pwdgoto=/arsys/forms/server/form_name Regards, Prashant On Mon, Mar 17, 2008 at 9:21 AM, Thivagar Sankaran [EMAIL PROTECTED] wrote: ** Hi Prashant, Could you please share the methods used to achieve remedy login inside the corporate portal? Thanks Regards, Thivagar Sankaran ITIL Foundation – Certified ARS Remedy 6.3 -- *From:* Action Request System discussion list(ARSList) [mailto: [EMAIL PROTECTED] *On Behalf Of *Prashant Patil *Sent:* Monday, March 17, 2008 11:35 AM *To:* arslist@ARSLIST.ORG *Subject:* Explicitly Invalidate Remedy Session ** Hi All, We have a corporate portal where the users perform login and have access to the remedy system to register trouble tickets etc. The portal is based on frames and remedy opens in the content frame. Now the situation is whenever the user performs portal logout we need to make sure to kill the user's remedy session. To achieve this we are calling the url: http://server/arsys/shared/logout.jsp This url works perfectly if the portal logout is being performed from the main portal window where remedy is in the content frame.Please note that at the time of portal logout the user might be on a new browser window of the portal. The url does not work if we call it from any new browser window of the portal. Is there a way where we can kill the user's remedy session from any of the open portal windows? Thanks Prashant __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Explicitly Invalidate Remedy Session
Thanks Prashant, Will it ask for login? Do you have SSO implemented? If yes, could you please share me the documents if any? Regards, Thivagar Sankaran ITIL Foundation - Certified ARS Remedy 6.3 _ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Prashant Patil Sent: Monday, March 17, 2008 12:12 PM To: arslist@ARSLIST.ORG Subject: Re: Explicitly Invalidate Remedy Session ** Hi Thivagar, You can do that with the url format: http://server/arsys/servlet/LoginServlet?server=serverusername=usernam epwd=pwdgoto=/arsys/forms/server/form_name Regards, Prashant On Mon, Mar 17, 2008 at 9:21 AM, Thivagar Sankaran [EMAIL PROTECTED] wrote: ** Hi Prashant, Could you please share the methods used to achieve remedy login inside the corporate portal? Thanks Regards, Thivagar Sankaran ITIL Foundation - Certified ARS Remedy 6.3 _ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Prashant Patil Sent: Monday, March 17, 2008 11:35 AM To: arslist@ARSLIST.ORG Subject: Explicitly Invalidate Remedy Session ** Hi All, We have a corporate portal where the users perform login and have access to the remedy system to register trouble tickets etc. The portal is based on frames and remedy opens in the content frame. Now the situation is whenever the user performs portal logout we need to make sure to kill the user's remedy session. To achieve this we are calling the url: http://server/arsys/shared/logout.jsp This url works perfectly if the portal logout is being performed from the main portal window where remedy is in the content frame.Please note that at the time of portal logout the user might be on a new browser window of the portal. The url does not work if we call it from any new browser window of the portal. Is there a way where we can kill the user's remedy session from any of the open portal windows? Thanks Prashant __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are smime.p7s Description: S/MIME cryptographic signature
Re: Explicitly Invalidate Remedy Session
Thivagar, If the username and password are correct it wont ask for login and will be redirected to the specified form. Well we do not have SSO implemented! Regards, Prashant On Mon, Mar 17, 2008 at 9:56 AM, Thivagar Sankaran [EMAIL PROTECTED] wrote: ** Thanks Prashant, Will it ask for login? Do you have SSO implemented? If yes, could you please share me the documents if any? Regards, Thivagar Sankaran ITIL Foundation – Certified ARS Remedy 6.3 ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Explicitly Invalidate Remedy Session
Thanks, Prashant. I am wondering then how the authentication happens while redirecting to the specified form. Regards, Thivagar Sankaran ITIL Foundation - Certified ARS Remedy 6.3 _ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Prashant Patil Sent: Monday, March 17, 2008 12:41 PM To: arslist@ARSLIST.ORG Subject: Re: Explicitly Invalidate Remedy Session ** Thivagar, If the username and password are correct it wont ask for login and will be redirected to the specified form. Well we do not have SSO implemented! Regards, Prashant On Mon, Mar 17, 2008 at 9:56 AM, Thivagar Sankaran [EMAIL PROTECTED] wrote: ** Thanks Prashant, Will it ask for login? Do you have SSO implemented? If yes, could you please share me the documents if any? Regards, Thivagar Sankaran ITIL Foundation - Certified ARS Remedy 6.3 __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are smime.p7s Description: S/MIME cryptographic signature
Re: Explicitly Invalidate Remedy Session
Prashant, This is the wrong URL. http://server/arsys/shared/logout.jsp That jsp is just the ok, we are done with the logout process... now what do we show the user? output file. You need to make a call to the LogoutServlet. You can pass it a goto value of the logout.jsp, or any other file you want to. See BasicGuide-630.2006.05.09.pdf pages 452 and 453 for details. http://server/arsys/servlet/LoginServlet Keep in mind that this may not totally free the users session, but it will at least have a shot at not requiring a one hour timeout. -- Carey Matthew Black Remedy Skilled Professional (RSP) ARS = Action Request System(Remedy) Love, then teach Solution = People + Process + Tools Fast, Accurate, Cheap Pick two. On Mon, Mar 17, 2008 at 1:05 AM, Prashant Patil [EMAIL PROTECTED] wrote: ** Hi All, We have a corporate portal where the users perform login and have access to the remedy system to register trouble tickets etc. The portal is based on frames and remedy opens in the content frame. Now the situation is whenever the user performs portal logout we need to make sure to kill the user's remedy session. To achieve this we are calling the url: http://server/arsys/shared/logout.jsp This url works perfectly if the portal logout is being performed from the main portal window where remedy is in the content frame.Please note that at the time of portal logout the user might be on a new browser window of the portal. The url does not work if we call it from any new browser window of the portal. Is there a way where we can kill the user's remedy session from any of the open portal windows?Thanks Prashant ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are