Re: BMC's Sample SSO White Paper/Code
Hi, Send me the whole arplugin log to my email address and I will take a look. Send me the whole file so I can see the startup information. Regards Danny dkellett ( at ) javasystemsolutions.com Single Sign On (SSO) for ARS and ITSM http://www.javasystemsolutions.com/jss/ssoplugin Danny so now I'm able to pass the authentication and am getting Unable to setup data connection error message. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett Sent: Tuesday, May 25, 2010 8:55 AM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code This is becuase you have them configured differently. In the QA server you have the SSO plugin configured. Where are the other server you have enabled the AREA LDAP plugin which is not configured and not needed. Look in the ar.conf file and remove any arealdap.so restart and try again Kind regards Danny Single Sign On (SSO) for ARS and ITSM http://www.javasystemsolutions.com/jss/ssoplugin Danny this is what I'm getting on the failed server: PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINEST AREAVerifyLoginCallback PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER ldap_init(jsqremedy2, 389) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER connect timeout previously: -1 PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER connect timeout used: 35000 PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER ldap_simple_bind(null, null) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: Can't connect to the LDAP server (LDAPERR Code 91) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: ldap_simple_bind failed [null] PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */-VL FAIL This is what I get on my qa server: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */+VL AREAVerifyLoginCallback -- user v096raro PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Username: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO v096raro PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Network Address: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO 149.83.18.20 PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Auth String: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Qk1DIFJlbWVkeSBBUlN5c3RlbQ== PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Login request not coming from the BOXI-IP, checking MID-TIER-IP's... PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO User logging in from a matching Authentication String and Mid-Tier IP: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO 149.83.18.20 PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO User passed AREA SSO authentication. Login Success PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */-VL OK PLGN TID: 000776 RPC ID: 000422 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7180 */+NS AREANeedToSyncCallback PLGN TID: 000776 RPC ID: 000422 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7180 */-NS OK -- 0 PLGN TID: 002876 RPC ID: 14 Queue: Prv: 10005 Client-RPC: 99 /* Tue May 25 2010 08:12:04.0480 */Plug-In Trace Log -- OFF From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett Sent: Monday, May 24, 2010 3:07 PM To: arslist@ARSLIST.ORG
Re: BMC's Sample SSO White Paper/Code
Thanks for all your help Danny. I got it working. I appreciate all the info you provided was EXTREMELY helpful. Rafael -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett Sent: Wednesday, May 26, 2010 4:07 AM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code Hi, Send me the whole arplugin log to my email address and I will take a look. Send me the whole file so I can see the startup information. Regards Danny dkellett ( at ) javasystemsolutions.com Single Sign On (SSO) for ARS and ITSM http://www.javasystemsolutions.com/jss/ssoplugin Danny so now I'm able to pass the authentication and am getting Unable to setup data connection error message. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett Sent: Tuesday, May 25, 2010 8:55 AM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code This is becuase you have them configured differently. In the QA server you have the SSO plugin configured. Where are the other server you have enabled the AREA LDAP plugin which is not configured and not needed. Look in the ar.conf file and remove any arealdap.so restart and try again Kind regards Danny Single Sign On (SSO) for ARS and ITSM http://www.javasystemsolutions.com/jss/ssoplugin Danny this is what I'm getting on the failed server: PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */+VL 390695 AREAVerifyLoginCallback -- user v096brtt PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINEST AREAVerifyLoginCallback PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER ldap_init(jsqremedy2, 389) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER connect timeout previously: -1 PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER connect timeout used: 35000 PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER ldap_simple_bind(null, null) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: Can't connect to the LDAP server (LDAPERR Code 91) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: ldap_simple_bind failed [null] PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */-VL FAIL This is what I get on my qa server: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */+VL AREAVerifyLoginCallback -- user v096raro PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Username: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO v096raro PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Network Address: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO 149.83.18.20 PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Auth String: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Qk1DIFJlbWVkeSBBUlN5c3RlbQ== PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Login request not coming from the BOXI-IP, checking MID-TIER-IP's... PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO User logging in from a matching Authentication String and Mid-Tier IP: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO 149.83.18.20 PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO User passed AREA SSO authentication. Login Success PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */-VL OK PLGN TID: 000776 RPC ID: 000422 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7180 */+NS AREANeedToSyncCallback PLGN TID: 000776 RPC ID: 000422 Queue: AREA Client-RPC: 390695
Re: BMC's Sample SSO White Paper/Code
Your welcome :) Danny Single Sign On (SSO) for ARS and ITSM http://www.javasystemsolutions.com/jss/ssoplugin -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Rodriguez, Rafael J x23718 Sent: 26 May 2010 17:16 To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code Thanks for all your help Danny. I got it working. I appreciate all the info you provided was EXTREMELY helpful. Rafael -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett Sent: Wednesday, May 26, 2010 4:07 AM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code Hi, Send me the whole arplugin log to my email address and I will take a look. Send me the whole file so I can see the startup information. Regards Danny dkellett ( at ) javasystemsolutions.com Single Sign On (SSO) for ARS and ITSM http://www.javasystemsolutions.com/jss/ssoplugin Danny so now I'm able to pass the authentication and am getting Unable to setup data connection error message. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett Sent: Tuesday, May 25, 2010 8:55 AM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code This is becuase you have them configured differently. In the QA server you have the SSO plugin configured. Where are the other server you have enabled the AREA LDAP plugin which is not configured and not needed. Look in the ar.conf file and remove any arealdap.so restart and try again Kind regards Danny Single Sign On (SSO) for ARS and ITSM http://www.javasystemsolutions.com/jss/ssoplugin Danny this is what I'm getting on the failed server: PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */+VL 390695 AREAVerifyLoginCallback -- user v096brtt PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINEST AREAVerifyLoginCallback PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER ldap_init(jsqremedy2, 389) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER connect timeout previously: -1 PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER connect timeout used: 35000 PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER ldap_simple_bind(null, null) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: Can't connect to the LDAP server (LDAPERR Code 91) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: ldap_simple_bind failed [null] PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */-VL FAIL This is what I get on my qa server: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */+VL AREAVerifyLoginCallback -- user v096raro PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Username: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO v096raro PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Network Address: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO 149.83.18.20 PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Auth String: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Qk1DIFJlbWVkeSBBUlN5c3RlbQ== PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Login request not coming from the BOXI-IP, checking MID-TIER-IP's... PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO User logging in from a matching Authentication String and Mid-Tier IP: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO 149.83.18.20 PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO User passed AREA SSO
Re: BMC's Sample SSO White Paper/Code
Ben thanks for the info. I did have all the physical IPs but I just added the virtual IPs for the load-balancer and I restarted ARS Service as well as tomcat and I'm still getting the same result. Anything else that you can think of? Rafael From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Zaayer, Ben (Information Technology) Sent: Monday, May 24, 2010 2:46 PM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code ** Rafael, we are using the same plug-in provided by BMC's sample code and have a config file, areasso.cfg on the AR Server, that must contain all of the Mid Tier IP addresses, as well as any load-balanced virtual IPs or it will give that error message. Also, on the Mid Tier box make sure that your config.properties and sso.properties in the WEB-INF\classes directories are configured properly. Almost every time we have run into this error it was because one of the Mid Tier or load balanced IPs changed. Ben From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Rodriguez, Rafael J x23718 Sent: Saturday, May 22, 2010 3:48 PM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code ** Hello Danny here is a sample of my arplugin log PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0540 */Plug-In Trace Log -- ON (AR Plugin Server 7.5.00 Patch 003 200909200825) PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0850 */AREAPlug-In Loaded: AREA.SSO version 1 PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0850 */ ARPluginSetPropertiesdefined PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0850 */ ARPluginInitialization defined PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0850 */ ARPluginTermination defined PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0850 */ ARPluginCreateInstance defined PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0850 */ ARPluginDeleteInstance defined PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0850 */ ARPluginEventundefined PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0850 */ AREAVerifyLoginCallback defined PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0850 */ AREANeedToSyncCallback defined PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0850 */ AREAFreeCallback defined PLGN TID: 004320 RPC ID: 008143 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:44.2790 */-VL FAIL PLGN TID: 004320 RPC ID: 008144 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:44.3860 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 004320 RPC ID: 008144 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:45.4960 */-VL FAIL PLGN TID: 004320 RPC ID: 008145 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:45.5260 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 004320 RPC ID: 008145 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:46.3930 */-VL FAIL PLGN TID: 004320 RPC ID: 008146 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:46.4240 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 004320 RPC ID: 008146 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:47.4880 */-VL FAIL PLGN TID: 004320 RPC ID: 008147 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:47.5030 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 004320 RPC ID: 008147 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:48.5380 */-VL FAIL PLGN TID: 004320 RPC ID: 008148 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:48.5530 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 004320 RPC ID: 008148 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:49.5110 */-VL FAIL PLGN TID: 004320 RPC ID: 008149 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:49.5410 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 004320 RPC ID: 008149 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:50.5150 */-VL FAIL PLGN TID: 004320 RPC ID: 008150 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:50.5300 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 004320 RPC ID
Re: BMC's Sample SSO White Paper/Code
This is becuase you have them configured differently. In the QA server you have the SSO plugin configured. Where are the other server you have enabled the AREA LDAP plugin which is not configured and not needed. Look in the ar.conf file and remove any arealdap.so restart and try again Kind regards Danny Single Sign On (SSO) for ARS and ITSM http://www.javasystemsolutions.com/jss/ssoplugin Danny this is what I'm getting on the failed server: PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINEST AREAVerifyLoginCallback PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER ldap_init(jsqremedy2, 389) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER connect timeout previously: -1 PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER connect timeout used: 35000 PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER ldap_simple_bind(null, null) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: Can't connect to the LDAP server (LDAPERR Code 91) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: ldap_simple_bind failed [null] PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */-VL FAIL This is what I get on my qa server: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */+VL AREAVerifyLoginCallback -- user v096raro PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Username: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO v096raro PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Network Address: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO 149.83.18.20 PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Auth String: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Qk1DIFJlbWVkeSBBUlN5c3RlbQ== PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Login request not coming from the BOXI-IP, checking MID-TIER-IP's... PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO User logging in from a matching Authentication String and Mid-Tier IP: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO 149.83.18.20 PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO User passed AREA SSO authentication. Login Success PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */-VL OK PLGN TID: 000776 RPC ID: 000422 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7180 */+NS AREANeedToSyncCallback PLGN TID: 000776 RPC ID: 000422 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7180 */-NS OK -- 0 PLGN TID: 002876 RPC ID: 14 Queue: Prv: 10005 Client-RPC: 99 /* Tue May 25 2010 08:12:04.0480 */Plug-In Trace Log -- OFF From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett Sent: Monday, May 24, 2010 3:07 PM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code ** Sorry Rafael, I didn't see you replied. The log is not verbose enough. Make sure you have the plugin log level set to ALL From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Zaayer, Ben (Information Technology) Sent: 24 May 2010 19:46 To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code ** Rafael, we are using the same plug-in provided by BMC's sample code and have a config file, areasso.cfg on the AR Server, that must contain all of the Mid Tier IP addresses, as well as any load-balanced virtual IPs or it will give
Re: BMC's Sample SSO White Paper/Code
If you need both enabled you have to configure the area hub plug-in, then stack the arealdap and areasso plug-ins on top of the area hub plug-in, which is what we do. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett Sent: Tuesday, May 25, 2010 7:55 AM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code This is becuase you have them configured differently. In the QA server you have the SSO plugin configured. Where are the other server you have enabled the AREA LDAP plugin which is not configured and not needed. Look in the ar.conf file and remove any arealdap.so restart and try again Kind regards Danny Single Sign On (SSO) for ARS and ITSM http://www.javasystemsolutions.com/jss/ssoplugin Danny this is what I'm getting on the failed server: PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINEST AREAVerifyLoginCallback PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER ldap_init(jsqremedy2, 389) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER connect timeout previously: -1 PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER connect timeout used: 35000 PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER ldap_simple_bind(null, null) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: Can't connect to the LDAP server (LDAPERR Code 91) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: ldap_simple_bind failed [null] PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */-VL FAIL This is what I get on my qa server: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */+VL AREAVerifyLoginCallback -- user v096raro PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Username: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO v096raro PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Network Address: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO 149.83.18.20 PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Auth String: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Qk1DIFJlbWVkeSBBUlN5c3RlbQ== PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Login request not coming from the BOXI-IP, checking MID-TIER-IP's... PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO User logging in from a matching Authentication String and Mid-Tier IP: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO 149.83.18.20 PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO User passed AREA SSO authentication. Login Success PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */-VL OK PLGN TID: 000776 RPC ID: 000422 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7180 */+NS AREANeedToSyncCallback PLGN TID: 000776 RPC ID: 000422 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7180 */-NS OK -- 0 PLGN TID: 002876 RPC ID: 14 Queue: Prv: 10005 Client-RPC: 99 /* Tue May 25 2010 08:12:04.0480 */Plug-In Trace Log -- OFF From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett Sent: Monday, May 24, 2010 3:07 PM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code ** Sorry Rafael, I didn't see you replied. The log is not verbose enough. Make sure you have the plugin log level set to ALL From: Action Request System discussion list
Re: BMC's Sample SSO White Paper/Code
Thanks Ben I've checked this and all seems ok from network communication standpoint. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ben Chernys Sent: Tuesday, May 25, 2010 8:41 AM To: arslist@ARSLIST.ORG Subject: FW: BMC's Sample SSO White Paper/Code ** Also check actual communication. ie traceroute / tracert and telnet ... May be a firewall issue. Cheers Ben From: Ben Chernys [mailto:ben.cher...@softwaretoolhouse.com] Sent: May 25, 2010 2:33 PM To: 'arslist@ARSLIST.ORG' Subject: RE: BMC's Sample SSO White Paper/Code From your own logs: PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: Can't connect to the LDAP server (LDAPERR Code 91) from winldap.h LDAP_CONNECT_ERROR = 0x5b, (same error codes in UNIX) 0x5b == 91 in decimal. Suggest you check communication to LDAP and setting thereof: ports, servers etc. Cheers Ben Chernys Senior Software Architect Software Tool House Inc. Canada / Deutschland / Germany Mobile: +49 171 380 2329GMT + 1 + [ DST ] Email: Ben.Chernys _AT_ softwaretoolhouse.com mailto:ben.cher...@softwaretoolhouse.com Web: www.softwaretoolhouse.com http://www.softwaretoolhouse.com/ Check out Software Tool House's free Diary Editor. Meta-Update, our premium ARS Data tool, lets you automate your imports, migrations, in no time at all, without programming, without staging forms, without merge workflow. http://www.softwaretoolhouse.com/ http://www.softwaretoolhouse.com/ http://www.softwaretoolhouse.com/ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Rodriguez, Rafael J x23718 Sent: May 25, 2010 2:18 PM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code ** Danny this is what I'm getting on the failed server: PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINEST AREAVerifyLoginCallback PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER ldap_init(jsqremedy2, 389) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER connect timeout previously: -1 PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER connect timeout used: 35000 PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER ldap_simple_bind(null, null) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: Can't connect to the LDAP server (LDAPERR Code 91) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: ldap_simple_bind failed [null] PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */-VL FAIL This is what I get on my qa server: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */+VL AREAVerifyLoginCallback -- user v096raro PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Username: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO v096raro PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Network Address: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO 149.83.18.20 PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Auth String: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Qk1DIFJlbWVkeSBBUlN5c3RlbQ== PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Login request not coming from the BOXI-IP, checking MID-TIER-IP's... PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO User logging in from a matching Authentication String and Mid-Tier IP: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO 149.83.18.20 PLGN TID: 000776 RPC ID: 000421 Queue: AREA
Re: BMC's Sample SSO White Paper/Code
Yes, I noticed this after sending the plugin logs. Apparently we had some settings in production referencing ldap which we do not have in QA. I have made the changes and will be restarting services after hours today. I will let you know how it goes. Thanks Rafael -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett Sent: Tuesday, May 25, 2010 8:55 AM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code This is becuase you have them configured differently. In the QA server you have the SSO plugin configured. Where are the other server you have enabled the AREA LDAP plugin which is not configured and not needed. Look in the ar.conf file and remove any arealdap.so restart and try again Kind regards Danny Single Sign On (SSO) for ARS and ITSM http://www.javasystemsolutions.com/jss/ssoplugin Danny this is what I'm getting on the failed server: PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINEST AREAVerifyLoginCallback PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER ldap_init(jsqremedy2, 389) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER connect timeout previously: -1 PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER connect timeout used: 35000 PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER ldap_simple_bind(null, null) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: Can't connect to the LDAP server (LDAPERR Code 91) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: ldap_simple_bind failed [null] PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */-VL FAIL This is what I get on my qa server: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */+VL AREAVerifyLoginCallback -- user v096raro PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Username: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO v096raro PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Network Address: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO 149.83.18.20 PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Auth String: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Qk1DIFJlbWVkeSBBUlN5c3RlbQ== PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Login request not coming from the BOXI-IP, checking MID-TIER-IP's... PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO User logging in from a matching Authentication String and Mid-Tier IP: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO 149.83.18.20 PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO User passed AREA SSO authentication. Login Success PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */-VL OK PLGN TID: 000776 RPC ID: 000422 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7180 */+NS AREANeedToSyncCallback PLGN TID: 000776 RPC ID: 000422 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7180 */-NS OK -- 0 PLGN TID: 002876 RPC ID: 14 Queue: Prv: 10005 Client-RPC: 99 /* Tue May 25 2010 08:12:04.0480 */Plug-In Trace Log -- OFF From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett Sent: Monday, May 24, 2010 3:07 PM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code ** Sorry Rafael, I didn't see you replied. The log is not verbose enough. Make
Re: BMC's Sample SSO White Paper/Code
Thanks Ben, I actuall do not currently have a need for ldap so I have removed it for now. Rafael -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Zaayer, Ben (Information Technology) Sent: Tuesday, May 25, 2010 10:40 AM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code If you need both enabled you have to configure the area hub plug-in, then stack the arealdap and areasso plug-ins on top of the area hub plug-in, which is what we do. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett Sent: Tuesday, May 25, 2010 7:55 AM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code This is becuase you have them configured differently. In the QA server you have the SSO plugin configured. Where are the other server you have enabled the AREA LDAP plugin which is not configured and not needed. Look in the ar.conf file and remove any arealdap.so restart and try again Kind regards Danny Single Sign On (SSO) for ARS and ITSM http://www.javasystemsolutions.com/jss/ssoplugin Danny this is what I'm getting on the failed server: PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINEST AREAVerifyLoginCallback PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER ldap_init(jsqremedy2, 389) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER connect timeout previously: -1 PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER connect timeout used: 35000 PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER ldap_simple_bind(null, null) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: Can't connect to the LDAP server (LDAPERR Code 91) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: ldap_simple_bind failed [null] PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */-VL FAIL This is what I get on my qa server: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */+VL AREAVerifyLoginCallback -- user v096raro PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Username: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO v096raro PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Network Address: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO 149.83.18.20 PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Auth String: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Qk1DIFJlbWVkeSBBUlN5c3RlbQ== PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Login request not coming from the BOXI-IP, checking MID-TIER-IP's... PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO User logging in from a matching Authentication String and Mid-Tier IP: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO 149.83.18.20 PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO User passed AREA SSO authentication. Login Success PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */-VL OK PLGN TID: 000776 RPC ID: 000422 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7180 */+NS AREANeedToSyncCallback PLGN TID: 000776 RPC ID: 000422 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7180 */-NS OK -- 0 PLGN TID: 002876 RPC ID: 14 Queue: Prv: 10005 Client-RPC: 99 /* Tue May 25 2010 08:12:04.0480 */Plug-In Trace Log -- OFF From: Action Request System discussion list
Re: BMC's Sample SSO White Paper/Code
I think the response from Danny is more to the point. This seems to be the LDAP plug-in and not the sample plug-in you were talking about (given the name). To wit: AREA.SSO vs. ARSYS.AREA.LDAP Cheers Ben _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Rodriguez, Rafael J x23718 Sent: May 25, 2010 6:45 PM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code ** Thanks Ben I've checked this and all seems ok from network communication standpoint. _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ben Chernys Sent: Tuesday, May 25, 2010 8:41 AM To: arslist@ARSLIST.ORG Subject: FW: BMC's Sample SSO White Paper/Code ** Also check actual communication. ie traceroute / tracert and telnet ... May be a firewall issue. Cheers Ben _ From: Ben Chernys [mailto:ben.cher...@softwaretoolhouse.com] Sent: May 25, 2010 2:33 PM To: 'arslist@ARSLIST.ORG' Subject: RE: BMC's Sample SSO White Paper/Code From your own logs: PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: Can't connect to the LDAP server (LDAPERR Code 91) from winldap.h LDAP_CONNECT_ERROR = 0x5b, (same error codes in UNIX) 0x5b == 91 in decimal. Suggest you check communication to LDAP and setting thereof: ports, servers etc. Cheers Ben Chernys Senior Software Architect Software Tool House Inc. Canada / Deutschland / Germany Mobile: +49 171 380 2329GMT + 1 + [ DST ] Email:mailto:ben.cher...@softwaretoolhouse.com Ben.Chernys _AT_ softwaretoolhouse.com Web: http://www.softwaretoolhouse.com/ www.softwaretoolhouse.com Check out Software Tool House's free Diary Editor. Meta-Update, our premium ARS Data tool, lets you automate your imports, migrations, in no time at all, without programming, without staging forms, without merge workflow. http://www.softwaretoolhouse.com/ http://www.softwaretoolhouse.com/ http://www.softwaretoolhouse.com/ _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Rodriguez, Rafael J x23718 Sent: May 25, 2010 2:18 PM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code ** Danny this is what I'm getting on the failed server: PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINEST AREAVerifyLoginCallback PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER ldap_init(jsqremedy2, 389) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER connect timeout previously: -1 PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER connect timeout used: 35000 PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER ldap_simple_bind(null, null) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: Can't connect to the LDAP server (LDAPERR Code 91) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: ldap_simple_bind failed [null] PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */-VL FAIL This is what I get on my qa server: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */+VLAREAVerifyLoginCallback -- user v096raro PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Username: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO v096raro PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Network Address: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO 149.83.18.20 PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Auth String: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Qk1DIFJlbWVkeSBBUlN5c3RlbQ== PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Login request not coming from the BOXI-IP, checking MID-TIER-IP's
Re: BMC's Sample SSO White Paper/Code
Danny so now I'm able to pass the authentication and am getting Unable to setup data connection error message. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett Sent: Tuesday, May 25, 2010 8:55 AM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code This is becuase you have them configured differently. In the QA server you have the SSO plugin configured. Where are the other server you have enabled the AREA LDAP plugin which is not configured and not needed. Look in the ar.conf file and remove any arealdap.so restart and try again Kind regards Danny Single Sign On (SSO) for ARS and ITSM http://www.javasystemsolutions.com/jss/ssoplugin Danny this is what I'm getting on the failed server: PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINEST AREAVerifyLoginCallback PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER ldap_init(jsqremedy2, 389) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER connect timeout previously: -1 PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER connect timeout used: 35000 PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:30.6390 */ARSYS.AREA.LDAP FINER ldap_simple_bind(null, null) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: Can't connect to the LDAP server (LDAPERR Code 91) PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */ARSYS.AREA.LDAP SEVERE Bind: ldap_simple_bind failed [null] PLGN TID: 005300 RPC ID: 000285 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:04:31.5810 */-VL FAIL This is what I get on my qa server: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */+VL AREAVerifyLoginCallback -- user v096raro PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Username: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO v096raro PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Network Address: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO 149.83.18.20 PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Auth String: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Qk1DIFJlbWVkeSBBUlN5c3RlbQ== PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO Login request not coming from the BOXI-IP, checking MID-TIER-IP's... PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO User logging in from a matching Authentication String and Mid-Tier IP: PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO 149.83.18.20 PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */AREA.SSO INFO User passed AREA SSO authentication. Login Success PLGN TID: 000776 RPC ID: 000421 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7020 */-VL OK PLGN TID: 000776 RPC ID: 000422 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7180 */+NS AREANeedToSyncCallback PLGN TID: 000776 RPC ID: 000422 Queue: AREA Client-RPC: 390695 /* Tue May 25 2010 08:11:35.7180 */-NS OK -- 0 PLGN TID: 002876 RPC ID: 14 Queue: Prv: 10005 Client-RPC: 99 /* Tue May 25 2010 08:12:04.0480 */Plug-In Trace Log -- OFF From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett Sent: Monday, May 24, 2010 3:07 PM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code ** Sorry Rafael, I didn't see you replied. The log is not verbose enough. Make sure you have the plugin log level set to ALL From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Zaayer
Re: BMC's Sample SSO White Paper/Code
Axton, this only occurs when I try access the SSO Siteminder protected URL. If i bypass the protected url I can login using arsystem authentication without any issues. Rafael From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Friday, May 21, 2010 6:29 PM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code ** Usually an ARERR 623 means that the password given in the ARServer configuration in the Mid-Tier configuration does not match the password configured for the Mid-Tier User password on the ARServer. Axton Grams The statements above are just my opinion. On Fri, May 21, 2010 at 1:34 PM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Hello list, Just wanted to find out if any of you have experienced this issue and if so what recommendations are there to troubleshoot and resolve. Below is my setup info: ARS Server 7.5 Patch3 (Server Group with a load-balancer in front of app servers) SQL 2005 WIN 2003 Mid-Tier 7.5 Patch 4 (4 load-balanced machines) IIS 6.0 Servlet Engine Tomcat 5.25 My issue is that I used BMC's sample SSO instructions and was able to setup easily enough with no issues on my Dev and QA environments which are all stand-alone machines; no load-balncers and no server groups and all works fine. I attempted to use this in our production environment and we're getting ARERR [623] Authentication Failed message. Any ideas? Rafael Rodriguez|Manager Remedy/Mid-Tier Enterprise|Broadridge Financial Solutions 2 Journal Square Plaza|Jersey City, NJ 07306| 201.714.3718 p This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: BMC's Sample SSO White Paper/Code
What does your arplugin log say? Danny Sso for ARS Javasyatemsolutions.com Sent from my iPhone On 22 May 2010, at 12:10, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Axton, this only occurs when I try access the SSO Siteminder protected URL. If i bypass the protected url I can login using arsystem authentication without any issues. Rafael From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Friday, May 21, 2010 6:29 PM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code ** Usually an ARERR 623 means that the password given in the ARServer configuration in the Mid-Tier configuration does not match the password configured for the Mid-Tier User password on the ARServer. Axton Grams The statements above are just my opinion. On Fri, May 21, 2010 at 1:34 PM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Hello list, Just wanted to find out if any of you have experienced this issue and if so what recommendations are there to troubleshoot and resolve. Below is my setup info: ARS Server 7.5 Patch3 (Server Group with a load-balancer in front of app servers) SQL 2005 WIN 2003 Mid-Tier 7.5 Patch 4 (4 load-balanced machines) IIS 6.0 Servlet Engine Tomcat 5.25 My issue is that I used BMC's sample SSO instructions and was able to setup easily enough with no issues on my Dev and QA environments which are all stand-alone machines; no load-balncers and no server groups and all works fine. I attempted to use this in our production environment and we're getting ARERR [623] Authentication Failed message. Any ideas? Rafael Rodriguez|Manager Remedy/Mid-Tier Enterprise|Broadridge Financial Solutions 2 Journal Square Plaza|Jersey City, NJ 07306| 201.714.3718 p This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: BMC's Sample SSO White Paper/Code
Hello Danny here is a sample of my arplugin log PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0540 */Plug-In Trace Log -- ON (AR Plugin Server 7.5.00 Patch 003 200909200825) PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0850 */AREAPlug-In Loaded: AREA.SSO version 1 PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0850 */ ARPluginSetPropertiesdefined PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0850 */ ARPluginInitialization defined PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0850 */ ARPluginTermination defined PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0850 */ ARPluginCreateInstance defined PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0850 */ ARPluginDeleteInstance defined PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0850 */ ARPluginEventundefined PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0850 */ AREAVerifyLoginCallback defined PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0850 */ AREANeedToSyncCallback defined PLGN TID: 005728 RPC ID: 00 Queue: Dispatcher Client-RPC: 00 /* Tue May 18 2010 09:55:18.0850 */ AREAFreeCallback defined PLGN TID: 004320 RPC ID: 008143 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:44.2790 */-VL FAIL PLGN TID: 004320 RPC ID: 008144 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:44.3860 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 004320 RPC ID: 008144 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:45.4960 */-VL FAIL PLGN TID: 004320 RPC ID: 008145 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:45.5260 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 004320 RPC ID: 008145 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:46.3930 */-VL FAIL PLGN TID: 004320 RPC ID: 008146 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:46.4240 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 004320 RPC ID: 008146 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:47.4880 */-VL FAIL PLGN TID: 004320 RPC ID: 008147 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:47.5030 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 004320 RPC ID: 008147 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:48.5380 */-VL FAIL PLGN TID: 004320 RPC ID: 008148 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:48.5530 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 004320 RPC ID: 008148 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:49.5110 */-VL FAIL PLGN TID: 004320 RPC ID: 008149 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:49.5410 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 004320 RPC ID: 008149 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:50.5150 */-VL FAIL PLGN TID: 004320 RPC ID: 008150 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:50.5300 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 004320 RPC ID: 008150 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:51.6100 */-VL FAIL PLGN TID: 004320 RPC ID: 008151 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:51.6400 */+VL AREAVerifyLoginCallback -- user v096brtt PLGN TID: 004320 RPC ID: 008151 Queue: AREA Client-RPC: 390695 /* Tue May 18 2010 20:36:52.5980 */-VL FAIL PLGN TID: 005032 RPC ID: 14 Queue: Prv: 10005 Client-RPC: 99 /* Tue May 18 2010 20:53:54.7910 */Plug-In Trace Log -- OFF END OF LOG FILE From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett Sent: Saturday, May 22, 2010 10:32 AM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code ** What does your arplugin log say? Danny Sso for ARS Javasyatemsolutions.com Sent from my iPhone On 22 May 2010, at 12:10, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Axton, this only occurs when I try access the SSO Siteminder protected URL. If i bypass the protected url I can login using arsystem authentication without any issues. Rafael From: Action Request System discussion list(ARSList
Re: BMC's Sample SSO White Paper/Code
Usually an ARERR 623 means that the password given in the ARServer configuration in the Mid-Tier configuration does not match the password configured for the Mid-Tier User password on the ARServer. Axton Grams The statements above are just my opinion. On Fri, May 21, 2010 at 1:34 PM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Hello list, Just wanted to find out if any of you have experienced this issue and if so what recommendations are there to troubleshoot and resolve. Below is my setup info: ARS Server 7.5 Patch3 (Server Group with a load-balancer in front of app servers) SQL 2005 WIN 2003 Mid-Tier 7.5 Patch 4 (4 load-balanced machines) IIS 6.0 Servlet Engine Tomcat 5.25 My issue is that I used BMC's sample SSO instructions and was able to setup easily enough with no issues on my Dev and QA environments which are all stand-alone machines; no load-balncers and no server groups and all works fine. I attempted to use this in our production environment and we're getting ARERR [623] Authentication Failed message. Any ideas? Rafael Rodriguez*|*Manager Remedy/Mid-Tier Enterprise*|*Broadridge Financial Solutions 2 Journal Square Plaza*|*Jersey City, NJ 07306*|* 201.714.3718 p This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: BMC's Sample SSO White Paper/Code
Use the free one offered from devtechnogy group contact Michael.campbell@ devtechnology. Com Free. Already works with dept of navy and Dla and other military sites Sent from my iPhone On May 21, 2010, at 2:34 PM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Hello list, Just wanted to find out if any of you have experienced this issue and if so what recommendations are there to troubleshoot and resolve. Below is my setup info: ARS Server 7.5 Patch3 (Server Group with a load-balancer in front of app servers) SQL 2005 WIN 2003 Mid-Tier 7.5 Patch 4 (4 load-balanced machines) IIS 6.0 Servlet Engine Tomcat 5.25 My issue is that I used BMC's sample SSO instructions and was able to setup easily enough with no issues on my Dev and QA environments which are all stand-alone machines; no load-balncers and no server groups and all works fine. I attempted to use this in our production environment and we're getting ARERR [623] Authentication Failed message. Any ideas? Rafael Rodriguez|Manager Remedy/Mid-Tier Enterprise|Broadridge Financial Solutions 2 Journal Square Plaza|Jersey City, NJ 07306| 201.714.3718 p image001.gif This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are