Re: SSO implementation
Some things that drive how to approach the design: - What are you using as the infrastructure for SSO (MS Active Directory, Siteminder, Oracle, etc.) - What web server are you using - What platform are you on Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Wed, May 5, 2010 at 5:12 AM, Remedy Maniac wrote: > dear list, > > is anyone willing to help on such implementation? > > I have the choice: > - either the CAS authentication using the CAS client provided by Yale > University > - or the SSO class provided by BMC itself > > Both need better settings as they do not work. > > I have ARS 7.5 + Tomcat latest > > I have no money to buy anything (maybe a couple of hundred euros to discuss > - but no garantee) > I need help > > Serouche > > > ___ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are" > ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"
SSO implementation
dear list, is anyone willing to help on such implementation? I have the choice: - either the CAS authentication using the CAS client provided by Yale University - or the SSO class provided by BMC itself Both need better settings as they do not work. I have ARS 7.5 + Tomcat latest I have no money to buy anything (maybe a couple of hundred euros to discuss - but no garantee) I need help Serouche ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"
Re: OT: SSO Implementation
Thanks all for input.
I finally have midtier part working. Still researching on how to implement AREA
plugin in java.
Regards,
Chintan.
--- On Mon, 5/3/10, Axton wrote:
From: Axton
Subject: Re: OT: SSO Implementation
To: arslist@ARSLIST.ORG
Date: Monday, May 3, 2010, 8:38 PM
**
SSO with the mid-tier is a two part implementation. One part in the mid-tier
and the other part in an AREA plug-in.
Turn on the plug-in logs (if you have any type of AREA plug-in enabled) and
user logs (to see the authentication success/failure) and see what is happening
on the other end of the line.
Axton Grams
These are my opinions and do not represent anything but my opinion.
On Mon, May 3, 2010 at 3:09 PM, Jeff Lockemy (QMX Support Services)
wrote:
**
If you eventually decide to hire outside help… There is a
company called Optimal IdM that does work with implementing SSO:
http://www.optimalidm.com/services/default.aspx
One of our customers has used them for several implementations
already, and they are in the process of doing another one. Not sure what they
would charge you, but it might be worth looking into…
Cheers,
Jeff
Jeff Lockemy
QMX Support Services Inc.
(858) 366-8979
From: Action Request
System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of
Chintan
Shah
Sent: Monday, May 03, 2010 2:06 PM
To: arslist@ARSLIST.ORG
Subject: SSO Implementation
**
Hi all,
I would like to know if anybody has implemented methodology specified in
whitepaper here for single sign on.
http://documents.bmc.com/supportu/documents/57/12/65712/65712.pdf
I have been trying to integrate it but for some reason it goes back to
Remedy's Midtier login page...not sure where I should go to debug..since
Remedy doesnt provide Servlet code that fall back's to login page. I
have also made appropriate config file change on midtier.
Has anybody successfully implemented it?
Please share your ideas.
here's sample code that I am using (packaged class in a jar file and then put
it in Midter/WEB-INF/lib)
public class MyAuthenticator implements Authenticator {
public void init(Map cfg) {
}
public void destroy() {
}
public UserCredentials getAuthenticatedCredentials(
HttpServletRequest request, HttpServletResponse response)
throws IOException{
String
user = request.getHeader(userHeaderName);
String
pw=null;
String
authStr=null;
if
((user!=null&&user.length()>0) ) {
return new UserCredentials(user.toLowerCase(),pw,authStr);
}
else {
//2. user not auth'd; return null.
//embed
routing info in response object if necessary.
return new UserCredentials(myUserName,null,null);
}
}
}
Thanks
Chintan.
_attend WWRUG10 www.wwrug.com ARSlist: "Where the Answers Are"_
_attend WWRUG10 www.wwrug.com ARSlist: "Where the Answers Are"_
_attend WWRUG10 www.wwrug.com ARSlist: "Where the Answers Are"_
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"
Re: OT: SSO Implementation
SSO with the mid-tier is a two part implementation. One part in the
mid-tier and the other part in an AREA plug-in.
Turn on the plug-in logs (if you have any type of AREA plug-in enabled) and
user logs (to see the authentication success/failure) and see what is
happening on the other end of the line.
Axton Grams
These are my opinions and do not represent anything but my opinion.
On Mon, May 3, 2010 at 3:09 PM, Jeff Lockemy (QMX Support Services) <
jlock...@gmail.com> wrote:
> **
>
> If you eventually decide to hire outside help… There is a company called
> Optimal IdM that does work with implementing SSO:
> http://www.optimalidm.com/services/default.aspx
>
>
>
> One of our customers has used them for several implementations already, and
> they are in the process of doing another one. Not sure what they would
> charge you, but it might be worth looking into…
>
>
>
> Cheers,
>
> Jeff
>
>
>
>
>
>
>
> * *
>
> *Jeff Lockemy***
>
> QMX Support Services Inc.
>
> (858) 366-8979
>
>
>
>
>
> *From:* Action Request System discussion list(ARSList) [mailto:
> arsl...@arslist.org] *On Behalf Of *Chintan Shah
> *Sent:* Monday, May 03, 2010 2:06 PM
> *To:* arslist@ARSLIST.ORG
> *Subject:* SSO Implementation
>
>
>
> **
>
> Hi all,
>
> I would like to know if anybody has implemented methodology specified in
> whitepaper here for single sign on.
> http://documents.bmc.com/supportu/documents/57/12/65712/65712.pdf
>
> I have been trying to integrate it but for some reason it goes back to
> Remedy's Midtier login page...not sure where I should go to debug..since
> Remedy doesnt provide Servlet code that fall back's to login page. I have
> also made appropriate config file change on midtier.
>
> Has anybody successfully implemented it?
>
> Please share your ideas.
>
> here's sample code that I am using (packaged class in a jar file and then
> put it in Midter/WEB-INF/lib)
>
>
> public class MyAuthenticator implements Authenticator {
>
> public void init(Map cfg) {
>
> }
> public void destroy() {
>
> }
>
> public UserCredentials getAuthenticatedCredentials(
> HttpServletRequest request, HttpServletResponse response)
> throws IOException{
>
> String user = request.getHeader(userHeaderName);
> String pw=null;
> String authStr=null;
> if ((user!=null&&user.length()>0) ) {
> return new
> UserCredentials(user.toLowerCase(),pw,authStr);
> }
> else { //2. user not auth'd; return null.
> //embed routing info in response object if necessary.
> return new UserCredentials(myUserName,null,null);
> }
> }
> }
>
>
> Thanks
> Chintan.
>
>
> _attend WWRUG10 www.wwrug.com ARSlist: "Where the Answers Are"_
> _attend WWRUG10 www.wwrug.com ARSlist: "Where the Answers Are"_
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"
Re: SSO Implementation
Hi LJ,
Yup..I have downloaded that and looking at it as well.
I believe there could be some configuration issue on our solaris server as on
Windows environment it works fine.
BTW, midtier version is 7.5 patch 4.
Thnx
Chintan.
--- On Mon, 5/3/10, LJ LongWing wrote:
From: LJ LongWing
Subject: Re: SSO Implementation
To: arslist@ARSLIST.ORG
Date: Monday, May 3, 2010, 12:02 PM
**
I have done quite a bit of research recently and utilized the
sample files given in AREA_SSO_ALL_v206MT_v209AREA.zip (found within the KB at
BMC)….it works pretty good….still working on getting it implemented
though.
From: Action Request
System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of
Chintan
Shah
Sent: Monday, May 03, 2010 12:06 PM
To: arslist@ARSLIST.ORG
Subject: SSO Implementation
**
Hi all,
I would like to know if anybody has implemented methodology specified in
whitepaper here for single sign on.
http://documents.bmc.com/supportu/documents/57/12/65712/65712.pdf
I have been trying to integrate it but for some reason it goes back to
Remedy's Midtier login page...not sure where I should go to debug..since
Remedy doesnt provide Servlet code that fall back's to login page. I
have also made appropriate config file change on midtier.
Has anybody successfully implemented it?
Please share your ideas.
here's sample code that I am using (packaged class in a jar file and then put
it in Midter/WEB-INF/lib)
public class MyAuthenticator implements Authenticator {
public void init(Map cfg) {
}
public void destroy() {
}
public UserCredentials getAuthenticatedCredentials(
HttpServletRequest
request, HttpServletResponse response)
throws IOException{
String
user = request.getHeader(userHeaderName);
String
pw=null;
String
authStr=null;
if
((user!=null&&user.length()>0) ) {
return new UserCredentials(user.toLowerCase(),pw,authStr);
}
else {
//2. user not auth'd; return null.
//embed
routing info in response object if necessary.
return new UserCredentials(myUserName,null,null);
}
}
}
Thanks
Chintan.
_attend WWRUG10 www.wwrug.com ARSlist: "Where the Answers Are"_
_attend WWRUG10 www.wwrug.com ARSlist: "Where the Answers Are"_
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"
OT: SSO Implementation
If you eventually decide to hire outside help. There is a company called
Optimal IdM that does work with implementing SSO:
http://www.optimalidm.com/services/default.aspx
One of our customers has used them for several implementations already, and
they are in the process of doing another one. Not sure what they would
charge you, but it might be worth looking into.
Cheers,
Jeff
Jeff Lockemy
QMX Support Services Inc.
(858) 366-8979
From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Chintan Shah
Sent: Monday, May 03, 2010 2:06 PM
To: arslist@ARSLIST.ORG
Subject: SSO Implementation
**
Hi all,
I would like to know if anybody has implemented methodology specified in
whitepaper here for single sign on.
http://documents.bmc.com/supportu/documents/57/12/65712/65712.pdf
I have been trying to integrate it but for some reason it goes back to
Remedy's Midtier login page...not sure where I should go to debug..since
Remedy doesnt provide Servlet code that fall back's to login page. I have
also made appropriate config file change on midtier.
Has anybody successfully implemented it?
Please share your ideas.
here's sample code that I am using (packaged class in a jar file and then
put it in Midter/WEB-INF/lib)
public class MyAuthenticator implements Authenticator {
public void init(Map cfg) {
}
public void destroy() {
}
public UserCredentials getAuthenticatedCredentials(
HttpServletRequest request, HttpServletResponse response)
throws IOException{
String user = request.getHeader(userHeaderName);
String pw=null;
String authStr=null;
if ((user!=null&&user.length()>0) ) {
return new
UserCredentials(user.toLowerCase(),pw,authStr);
}
else { //2. user not auth'd; return null.
//embed routing info in response object if necessary.
return new UserCredentials(myUserName,null,null);
}
}
}
Thanks
Chintan.
_attend WWRUG10 www.wwrug.com ARSlist: "Where the Answers Are"_
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"
SSO Implementation
Listers, (I admit, this is a bit of an advert!) Sadly, it's not just a case of knocking together some code and implementing SSO, because invariably you'll end up with a solution that you wouldn't want to roll out into production - there are a whole range of SSO bugs in the AR System that need addressing, and you'll only find them as users start calling you. That's why JSS built a solution and, three years after we started, are still developing it while also assisting many of the largest BMC VARs and clients. Of course, anyone could say that, so have a look at what our customers are saying: http://www.javasystemsolutions.com/jss/quotes Also, did I mention that we've secured BMC RKM with SSO? I should point out that there isn't an SSO interface to RKM, so you won't find a KB entry on it. You can see it in action in this movie: http://www.javasystemsolutions.com/movies/SSOPlugin-WhatsNewInVersion3 Read all about it on page 28 of this magazine: http://www.javasystemsolutions.com/documentation/maternamonitor.pdf You can evaluate the solution for free, today. John -- John Baker, Web Technologies Consultant / SSO Support. http://www.javasystemsolutions.com ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"
Re: SSO Implementation
I have done quite a bit of research recently and utilized the sample files
given in AREA_SSO_ALL_v206MT_v209AREA.zip (found within the KB at BMC)..it
works pretty good..still working on getting it implemented though.
From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Chintan Shah
Sent: Monday, May 03, 2010 12:06 PM
To: arslist@ARSLIST.ORG
Subject: SSO Implementation
**
Hi all,
I would like to know if anybody has implemented methodology specified in
whitepaper here for single sign on.
http://documents.bmc.com/supportu/documents/57/12/65712/65712.pdf
I have been trying to integrate it but for some reason it goes back to
Remedy's Midtier login page...not sure where I should go to debug..since
Remedy doesnt provide Servlet code that fall back's to login page. I have
also made appropriate config file change on midtier.
Has anybody successfully implemented it?
Please share your ideas.
here's sample code that I am using (packaged class in a jar file and then
put it in Midter/WEB-INF/lib)
public class MyAuthenticator implements Authenticator {
public void init(Map cfg) {
}
public void destroy() {
}
public UserCredentials getAuthenticatedCredentials(
HttpServletRequest request, HttpServletResponse response)
throws IOException{
String user = request.getHeader(userHeaderName);
String pw=null;
String authStr=null;
if ((user!=null&&user.length()>0) ) {
return new
UserCredentials(user.toLowerCase(),pw,authStr);
}
else { //2. user not auth'd; return null.
//embed routing info in response object if necessary.
return new UserCredentials(myUserName,null,null);
}
}
}
Thanks
Chintan.
_attend WWRUG10 www.wwrug.com ARSlist: "Where the Answers Are"_
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"
Re: SSO Implementation
We implemented it twice using BMC's sample code as a base and Integrated
Windows Authentication to glean the user's credentials from the client machine.
You need to redirect the user to /arsys/home. We did this using an IIS
redirection, there may be other ways to accomplish this that I am not aware
of...
From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Chintan Shah
Sent: Monday, May 03, 2010 1:06 PM
To: arslist@ARSLIST.ORG
Subject: SSO Implementation
**
Hi all,
I would like to know if anybody has implemented methodology specified in
whitepaper here for single sign on.
http://documents.bmc.com/supportu/documents/57/12/65712/65712.pdf
I have been trying to integrate it but for some reason it goes back to Remedy's
Midtier login page...not sure where I should go to debug..since Remedy doesnt
provide Servlet code that fall back's to login page. I have also made
appropriate config file change on midtier.
Has anybody successfully implemented it?
Please share your ideas.
here's sample code that I am using (packaged class in a jar file and then put
it in Midter/WEB-INF/lib)
public class MyAuthenticator implements Authenticator {
public void init(Map cfg) {
}
public void destroy() {
}
public UserCredentials getAuthenticatedCredentials(
HttpServletRequest request, HttpServletResponse response)
throws IOException{
String user = request.getHeader(userHeaderName);
String pw=null;
String authStr=null;
if ((user!=null&&user.length()>0) ) {
return new UserCredentials(user.toLowerCase(),pw,authStr);
}
else { //2. user not auth'd; return null.
//embed routing info in response object if necessary.
return new UserCredentials(myUserName,null,null);
}
}
}
Thanks
Chintan.
_attend WWRUG10 www.wwrug.com ARSlist: "Where the Answers Are"_
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"
SSO Implementation
Hi all,
I would like to know if anybody has implemented methodology specified in
whitepaper here for single sign on.
http://documents.bmc.com/supportu/documents/57/12/65712/65712.pdf
I have been trying to integrate it but for some reason it goes back to Remedy's
Midtier login page...not sure where I should go to debug..since Remedy doesnt
provide Servlet code that fall back's to login page. I have also made
appropriate config file change on midtier.
Has anybody successfully implemented it?
Please share your ideas.
here's sample code that I am using (packaged class in a jar file and then put
it in Midter/WEB-INF/lib)
public class MyAuthenticator implements Authenticator {
public void init(Map cfg) {
}
public void destroy() {
}
public UserCredentials getAuthenticatedCredentials(
HttpServletRequest request, HttpServletResponse response)
throws IOException{
String user = request.getHeader(userHeaderName);
String pw=null;
String authStr=null;
if ((user!=null&&user.length()>0) ) {
return new UserCredentials(user.toLowerCase(),pw,authStr);
}
else { //2. user not auth'd; return null.
//embed routing info in response object if necessary.
return new UserCredentials(myUserName,null,null);
}
}
}
Thanks
Chintan.
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"
Outbound web services stop working after SSO implementation
Hi listers, Well, here is the situation. server group on solaris/oracle/apache 7.01 patch 7. After installing SSO last night the outbound web service calls stop working. arerror.log shows 9130 errors the strange thing about the plugin.log is that you can see the call, but there is no SOAP envilope shown or any other details specific to normal run, just few lines indicating that the call is made, service name, address, namespace, etc and then the generic java.lang.NullPointerException and that the call has FAILED. Any past experiences? Regards, Nicky Madjarov phone: 973-202-4278 Find out how to bust your AR System performance @ http://www.SpeedUpARS.com ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: "Where the Answers Are"
Re: Remedy SSO Implementation - Help needed
Hi Tim,
Thanks for your advice. I was able to compile the Authenticator program and
the class file is created. As said in BMC guide, I have created a jar file
also, using the class file. Now I am trying to compile the AREA plugin
program. Will update you as soon as I move forward.
Thanks & Regards,
Thivagar Sankaran
_
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Tim Richardson
Sent: Saturday, March 08, 2008 1:29 AM
To: arslist@ARSLIST.ORG
Subject: Re: Remedy SSO Implementation - Help needed
**
Hello Thivagar,
Yes, I am doing this for version 7 and while I don't have everything working
yet, I did run into this problem and solved it.
Try adding MidTier.jar to your classpath.
My execution looks like this:
javac -classpath arapi71.jar:MidTier.jar:. MyParticularAuthenticator.java
Like I said, I don't have it working all the way as I still have a missing
library, but when I added MidTier.jar, the error you have went away.
Good luck with it and if you do get it work (or if i do) let's share.
Tim
Thivagar Sankaran <[EMAIL PROTECTED]> wrote:
**
Hi List,
I am into the process of implementing SSO. I have the architecture as below:
ARS 6.3
Windows Server 2003
Web Server - Sun Apps Server
Mid Tier 6.3
I wanted to create a custom SSO. When I read into the white paper from
remedy, they have asked to create a java file. I created a java file called
AreaLdapAuthenticator from the sample they attached. I experience some
problems while compiling the AreaLdapAuthenticator.java file.
I execute the following command -
javac -classpath "C:\Sun\AppServer\lib\j2ee.jar" AreaLdapAuthenticator.java
And get the following errors -
C:\Documents and Settings\Administrator\Desktop>javac
AreaLdapAuthenticator.java
AreaLdapAuthenticator.java:11: package com.remedy.arsys.session does not
exist
import com.remedy.arsys.session.Authenticator;
^
AreaLdapAuthenticator.java:12: package com.remedy.arsys.session does not
exist
import com.remedy.arsys.session.UserCredentials;
^
AreaLdapAuthenticator.java:14: cannot resolve symbol
symbol : class Authenticator
location: class com.naviline.ssoAreaLdap.AreaLdapAuthenticator
public class AreaLdapAuthenticator implements Authenticator {
^
AreaLdapAuthenticator.java:23: cannot resolve symbol
symbol : class UserCredentials
location: class com.naviline.ssoAreaLdap.AreaLdapAuthenticator
public UserCredentials
getAuthenticatedCredentials(HttpServletRequest request, HttpServletResponse
response) throws IOException {
^
AreaLdapAuthenticator.java:47: cannot resolve symbol
symbol : class UserCredentials
location: class com.naviline.ssoAreaLdap.AreaLdapAuthenticator
return new UserCredentials(user,"recipe",null);
^
5 errors
Did I miss something in class path? Please help me to sort this out.
Thanks & Regards,
Thivagar Sankaran
Remedy Team
__Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
html___
__Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
html___
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
smime.p7s
Description: S/MIME cryptographic signature
Re: Remedy SSO Implementation - Help needed
Hello Thivagar,
Yes, I am doing this for version 7 and while I don't have everything working
yet, I did run into this problem and solved it.
Try adding MidTier.jar to your classpath.
My execution looks like this:
javac -classpath arapi71.jar:MidTier.jar:. MyParticularAuthenticator.java
Like I said, I don't have it working all the way as I still have a missing
library, but when I added MidTier.jar, the error you have went away.
Good luck with it and if you do get it work (or if i do) let's share.
Tim
Thivagar Sankaran <[EMAIL PROTECTED]> wrote:
** st1\:*{behavior:url(#default#ieooui) }Hi List,
I am into the process of implementing SSO. I have the architecture as below:
ARS 6.3
Windows Server 2003
Web Server Sun Apps Server
Mid Tier 6.3
I wanted to create a custom SSO. When I read into the white paper from
remedy, they have asked to create a java file. I created a java file called
AreaLdapAuthenticator from the sample they attached. I experience some problems
while compiling the AreaLdapAuthenticator.java file.
I execute the following command -
javac -classpath "C:\Sun\AppServer\lib\j2ee.jar" AreaLdapAuthenticator.java
And get the following errors -
C:\Documents and Settings\Administrator\Desktop>javac
AreaLdapAuthenticator.java
AreaLdapAuthenticator.java:11: package com.remedy.arsys.session does not exist
import com.remedy.arsys.session.Authenticator;
^
AreaLdapAuthenticator.java:12: package com.remedy.arsys.session does not exist
import com.remedy.arsys.session.UserCredentials;
^
AreaLdapAuthenticator.java:14: cannot resolve symbol
symbol : class Authenticator
location: class com.naviline.ssoAreaLdap.AreaLdapAuthenticator
public class AreaLdapAuthenticator implements Authenticator {
^
AreaLdapAuthenticator.java:23: cannot resolve symbol
symbol : class UserCredentials
location: class com.naviline.ssoAreaLdap.AreaLdapAuthenticator
public UserCredentials getAuthenticatedCredentials(HttpServletRequest
request, HttpServletResponse response) throws IOException {
^
AreaLdapAuthenticator.java:47: cannot resolve symbol
symbol : class UserCredentials
location: class com.naviline.ssoAreaLdap.AreaLdapAuthenticator
return new UserCredentials(user,"recipe",null);
^
5 errors
Did I miss something in class path? Please help me to sort this out.
Thanks & Regards,
Thivagar Sankaran
Remedy Team
__Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" html___
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
Remedy custom SSO Implementation - Help needed
Hi List,
I am into the process of implementing SSO. I have the architecture as below:
ARS 6.3
Windows Server 2003
Web Server – Sun Apps Server
Mid Tier 6.3
I wanted to create a custom SSO. When I read into the white paper from
remedy, they have asked to create a java file. I created a java file called
AreaLdapAuthenticator from the sample they attached. I experience some
problems while compiling the AreaLdapAuthenticator.java file.
I execute the following command -
javac -classpath "C:\Sun\AppServer\lib\j2ee.jar" AreaLdapAuthenticator.java
And get the following errors -
C:\Documents and Settings\Administrator\Desktop>javac
AreaLdapAuthenticator.java
AreaLdapAuthenticator.java:11: package com.remedy.arsys.session does not
exist
import com.remedy.arsys.session.Authenticator;
^
AreaLdapAuthenticator.java:12: package com.remedy.arsys.session does not
exist
import com.remedy.arsys.session.UserCredentials;
^
AreaLdapAuthenticator.java:14: cannot resolve symbol
symbol : class Authenticator
location: class com.naviline.ssoAreaLdap.AreaLdapAuthenticator
public class AreaLdapAuthenticator implements Authenticator {
^
AreaLdapAuthenticator.java:23: cannot resolve symbol
symbol : class UserCredentials
location: class com.naviline.ssoAreaLdap.AreaLdapAuthenticator
public UserCredentials
getAuthenticatedCredentials(HttpServletRequest request, HttpServletResponse
response) throws IOException {
^
AreaLdapAuthenticator.java:47: cannot resolve symbol
symbol : class UserCredentials
location: class com.naviline.ssoAreaLdap.AreaLdapAuthenticator
return new UserCredentials(user,"recipe",null);
^
5 errors
Did I miss something in class path? Please help me to sort this out.
Thanks & Regards,
Thivagar Sankaran
Remedy Team
--
View this message in context:
http://www.nabble.com/Remedy-custom-SSO-Implementation---Help-needed-tp15891208p15891208.html
Sent from the ARS (Action Request System) mailing list archive at Nabble.com.
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
Remedy SSO Implementation - Help needed
Hi List,
I am into the process of implementing SSO. I have the architecture as below:
ARS 6.3
Windows Server 2003
Web Server - Sun Apps Server
Mid Tier 6.3
I wanted to create a custom SSO. When I read into the white paper from
remedy, they have asked to create a java file. I created a java file called
AreaLdapAuthenticator from the sample they attached. I experience some
problems while compiling the AreaLdapAuthenticator.java file.
I execute the following command -
javac -classpath "C:\Sun\AppServer\lib\j2ee.jar" AreaLdapAuthenticator.java
And get the following errors -
C:\Documents and Settings\Administrator\Desktop>javac
AreaLdapAuthenticator.java
AreaLdapAuthenticator.java:11: package com.remedy.arsys.session does not
exist
import com.remedy.arsys.session.Authenticator;
^
AreaLdapAuthenticator.java:12: package com.remedy.arsys.session does not
exist
import com.remedy.arsys.session.UserCredentials;
^
AreaLdapAuthenticator.java:14: cannot resolve symbol
symbol : class Authenticator
location: class com.naviline.ssoAreaLdap.AreaLdapAuthenticator
public class AreaLdapAuthenticator implements Authenticator {
^
AreaLdapAuthenticator.java:23: cannot resolve symbol
symbol : class UserCredentials
location: class com.naviline.ssoAreaLdap.AreaLdapAuthenticator
public UserCredentials
getAuthenticatedCredentials(HttpServletRequest request, HttpServletResponse
response) throws IOException {
^
AreaLdapAuthenticator.java:47: cannot resolve symbol
symbol : class UserCredentials
location: class com.naviline.ssoAreaLdap.AreaLdapAuthenticator
return new UserCredentials(user,"recipe",null);
^
5 errors
Did I miss something in class path? Please help me to sort this out.
Thanks & Regards,
Thivagar Sankaran
Remedy Team
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
smime.p7s
Description: S/MIME cryptographic signature
Re: Problems with SSO implementation during modification of a Helpdesk ticket.
Hi Roney and List My Env ARS 7.0.1 Midtier 7.0.1 Win 2003 server Webserver - IIS JSP engine - Tomcat I am working on Implementing a Custom SSO solution. I followed the steps suggested in the Whitepaper from Remedy regarding SSO. Its not working and I did the following, 1. Created this SSOAuthenticator.java file from the sample in the whitepaper. In this file I am sending 2 values in the password and Auth fields. My goal is to check for these values in AREA and if found return ok else return failure. 2. Copied the SSOAuthenticator.class file to C:\apps\midtier\WEB-INF\lib\com\remedy\arsys\sso 3. Added an Entry in the config.properties file under C:\apps\midtier\WEB-INF\class folder. # arsystem.authenticator=com.remedy.arsys.sso.SSOAuthenticator ## 4. Created a c file areasamp.c compiled and copied the dll to C:\apps\arsystem. 5. added the line Plugin: areasamp.dll in ar.cfg 6. Restarted Tomcat. 7. Restarted IIS. 8. Restarted the arplugin server. 9. Restarted remedy Services. 10.From the client through IE browser fired the request to http://localhost/arsys/shared/login.html <http://localhost/arsys/shared/login.html> which will redirect to login.jsp(Before the login.jsp is fired the user will be Authenticated using Netpoint and that is working fine.). The Login page is displayed. If it's working correctly I should not see the Login page. Since you have already done this successfully, Can you explain the steps that you did so that I can verify If I have missed out any piece of it. Thank you Suresh From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Roney Samuel Sent: Wednesday, January 17, 2007 9:20 AM To: arslist@ARSLIST.ORG Subject: Re: Problems with SSO implementation during modification of a Helpdesk ticket. Content-Disposition: inline ** Dear Fellow Listers, Just to let everybody know we have finally fixed the problem and soon we would have SSO successfully up and working on our system. The Problem was that our Filter workflow was causing the issues with the Midtier being asked to re-authenticate the user. Apparently when the Core field 4 is set using workflow on the MidTier It asks to re-authenticate the users and does not pass the Auth String so we had to analyse and change the workflow on the HPD:Helpdesk and other forms to fix this issue. Let me know if any of you have faced such an issue...Appreciate all the help and support. Thanks Regards, Roney Samuel Varghese. On 1/11/07, Roney Samuel <[EMAIL PROTECTED]> wrote: Dear Listers, Environment : MidTier : Windows 20003 Standard Edition SP1 6.3 Patch 18 ARS Server : ARS 6.3 patch 14 Jsp Engine : Servlet Exec 5.0 ISAPI Web Server : IIS 6.0 Problem : We have a custom SSO implemented for our environment, SSO works fine and the logged in user gets authenticated via the SSO plugin, the logged in user is able to submit tickets as well, however when he tries to modify a Helpdesk ticket he gets an error message saying Invalid password or authentication string for an existing user. This happens only for the Helpdesk form, the same user can modify other non ITSM forms without any problems. On further research of the problem I found that on Modify of the Helpdesk form two API calls are made AREANeedToSyncCallback and AREAVerifyLoginCallback. During the process of calling the AREAVerifyLoginCallback function on Modify the default Auth String is being passed as empty. I would really appreciate if anybody could give their valuable insights on this problem. Appreciate all the help and support. Thanks a lot Example of the User getting authenticated with SSO. /* Tue Jan 09 2007 05:42:17.5850 */ +VL AREAVerifyLoginCallback -- user rvarghes /* Tue Jan 09 2007 05:42:17.5850 */ Username: /* Tue Jan 09 2007 05:42: 17.5850 */ rvarghes /* Tue Jan 09 2007 05:42:17.5850 */ Network Address: /* Tue Jan 09 2007 05:42:17.5850 */ 10.30.62.131 /* Tue Jan 09 2007 05:42:17.5850 */ Auth String: /* Tue Jan 09 2007 05:42: 17.5850 */ Qk1DIFJlbWVkeSBBUlN5c3RlbQ== /* Tue Jan 09 2007 05:42:17.5850 */ < AREA.SSO> User logging in from a matching Authentication String and Mid-Tier IP: /* Tue Jan 09 2007 05:42: 17.5850 */ 10.30.62.131 /* Tue Jan 09 2007 05:42: 17.5850 */ User passed AREA SSO authentication. Login Success Example of the same User not getting authenticated with SSO On Modify of heldpesk Ticket. /* Tue Ja
Re: Problems with SSO implementation during modification of a Helpdesk ticket.
Dear Fellow Listers, Just to let everybody know we have finally fixed the problem and soon we would have SSO successfully up and working on our system. The Problem was that our Filter workflow was causing the issues with the Midtier being asked to re-authenticate the user. Apparently when the Core field 4 is set using workflow on the MidTier It asks to re-authenticate the users and does not pass the Auth String so we had to analyse and change the workflow on the HPD:Helpdesk and other forms to fix this issue. Let me know if any of you have faced such an issue...Appreciate all the help and support. Thanks Regards, Roney Samuel Varghese. On 1/11/07, Roney Samuel <[EMAIL PROTECTED]> wrote: Dear Listers, Environment : MidTier : Windows 20003 Standard Edition SP1 6.3 Patch 18 ARS Server : ARS 6.3 patch 14 Jsp Engine : Servlet Exec 5.0 ISAPI Web Server : IIS 6.0 Problem : We have a custom SSO implemented for our environment, SSO works fine and the logged in user gets authenticated via the SSO plugin, the logged in user is able to submit tickets as well, however when he tries to modify a Helpdesk ticket he gets an error message saying Invalid password or authentication string for an existing user. This happens only for the Helpdesk form, the same user can modify other non ITSM forms without any problems. On further research of the problem I found that on Modify of the Helpdesk form two API calls are made AREANeedToSyncCallback and AREAVerifyLoginCallback. During the process of calling the AREAVerifyLoginCallback function on Modify the default Auth String is being passed as empty. I would really appreciate if anybody could give their valuable insights on this problem. Appreciate all the help and support. Thanks a lot Example of the User getting authenticated with SSO. /* Tue Jan 09 2007 05:42:17.5850 */ +VL AREAVerifyLoginCallback -- user rvarghes /* Tue Jan 09 2007 05:42:17.5850 */ Username: /* Tue Jan 09 2007 05:42: 17.5850 */ rvarghes /* Tue Jan 09 2007 05:42:17.5850 */ Network Address: /* Tue Jan 09 2007 05:42:17.5850 */ 10.30.62.131 /* Tue Jan 09 2007 05:42:17.5850 */ Auth String: /* Tue Jan 09 2007 05:42: 17.5850 */ Qk1DIFJlbWVkeSBBUlN5c3RlbQ== /* Tue Jan 09 2007 05:42:17.5850 */ < AREA.SSO> User logging in from a matching Authentication String and Mid-Tier IP: /* Tue Jan 09 2007 05:42: 17.5850 */ 10.30.62.131 /* Tue Jan 09 2007 05:42: 17.5850 */ User passed AREA SSO authentication. Login Success Example of the same User not getting authenticated with SSO On Modify of heldpesk Ticket. /* Tue Jan 09 2007 05:42:17.5850 */ -VL OK /* Tue Jan 09 2007 05:44: 14.1940 */ +NS AREANeedToSyncCallback /* Tue Jan 09 2007 05:44:14.1940 */ -NS OK -- 0 /* Tue Jan 09 2007 05:44: 14.3040 */ +VL AREAVerifyLoginCallback -- user rvarghes /* Tue Jan 09 2007 05:44:14.3040 */ Username: /* Tue Jan 09 2007 05:44:14.3040 */ rvarghes /* Tue Jan 09 2007 05:44: 14.3040 */ Network Address: /* Tue Jan 09 2007 05:44:14.3040 */ 10.30.62.131 /* Tue Jan 09 2007 05:44:14.3040 */ Auth String: /* Tue Jan 09 2007 05:44:14.3040 */ /* Tue Jan 09 2007 05:44: 14.3040 */ User did not provide a valid Authentication String. /* Tue Jan 09 2007 05:44: 14.3040 */ User NOT logging in from Mid-Tier IP Address. /* Tue Jan 09 2007 05:44: 14.3040 */ User did not pass AREA SSO authentication Mid Tier Log for the same user on modification of the helpdesk ticket Jan 10, 2007 1:52:31 AM - FINE (com.remedy.midtier.PERFORMANCE) : (Thread 55) Backchannel end: SetEntry: Process: 125; Send: 0; Chars: 107 Jan 10, 2007 1:52:31 AM - SEVERE (com.remedy.midtier.SERVLET) : (Thread 55) GoatException during NDXRequest: ARERR [329] Invalid password or authentication string for an existing user at com.remedy.arsys.backchannel.SetEntryAgent.process(Unknown Source) at com.remedy.arsys.backchannel.NDXRequest.(Unknown Source) at com.remedy.arsys.backchannel.EntryListBase.(Unknown Source) at com.remedy.arsys.backchannel.NDXSetEntry.(Unknown Source) at com.remedy.arsys.backchannel.SetEntryAgent.(Unknown Source) at com.remedy.arsys.backchannel.NDXFactory.handleRequest(Unknown Source) at com.remedy.arsys.stubs.BackchannelServlet.doRequest(Unknown Source) at com.remedy.arsys.stubs.GoatServlet.postInternal(Unknown Source) at com.remedy.arsys.stubs.GoatHttpServlet.doGet(Unknown Source) at javax.servlet.http.HttpServlet.service(HttpServlet.java:743) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at com.newatlanta.servletexec.SERequestDispatcher.forwardServlet( SERequestDispatcher.java:638) at com.newatlanta.servletexec.SERequestDispatcher.forward( SERequestDispatcher.java:236) at com.newatlanta.servletexec.SERequestDispatcher.internalForward( SERequestDispatcher.java:283) at com.newatlanta.servletexec.ApplicationInfo.processApplRequest( ApplicationInfo.java:1
Problems with SSO implementation during modification of a Helpdesk ticket.
Dear Listers, Environment : MidTier : Windows 20003 Standard Edition SP1 6.3 Patch 18 ARS Server : ARS 6.3 patch 14 Jsp Engine : Servlet Exec 5.0 ISAPI Web Server : IIS 6.0 Problem : We have a custom SSO implemented for our environment, SSO works fine and the logged in user gets authenticated via the SSO plugin, the logged in user is able to submit tickets as well, however when he tries to modify a Helpdesk ticket he gets an error message saying Invalid password or authentication string for an existing user. This happens only for the Helpdesk form, the same user can modify other non ITSM forms without any problems. On further research of the problem I found that on Modify of the Helpdesk form two API calls are made AREANeedToSyncCallback and AREAVerifyLoginCallback. During the process of calling the AREAVerifyLoginCallback function on Modify the default Auth String is being passed as empty. I would really appreciate if anybody could give their valuable insights on this problem. Appreciate all the help and support. Thanks a lot Example of the User getting authenticated with SSO. /* Tue Jan 09 2007 05:42:17.5850 */ +VL AREAVerifyLoginCallback -- user rvarghes /* Tue Jan 09 2007 05:42:17.5850 */ Username: /* Tue Jan 09 2007 05:42:17.5850 */ rvarghes /* Tue Jan 09 2007 05:42:17.5850 */ Network Address: /* Tue Jan 09 2007 05:42:17.5850 */ 10.30.62.131 /* Tue Jan 09 2007 05:42:17.5850 */ Auth String: /* Tue Jan 09 2007 05:42:17.5850 */ Qk1DIFJlbWVkeSBBUlN5c3RlbQ== /* Tue Jan 09 2007 05:42:17.5850 */ User logging in from a matching Authentication String and Mid-Tier IP: /* Tue Jan 09 2007 05:42:17.5850 */ 10.30.62.131 /* Tue Jan 09 2007 05:42:17.5850 */ User passed AREA SSO authentication. Login Success Example of the same User not getting authenticated with SSO On Modify of heldpesk Ticket. /* Tue Jan 09 2007 05:42:17.5850 */ -VL OK /* Tue Jan 09 2007 05:44:14.1940 */ +NS AREANeedToSyncCallback /* Tue Jan 09 2007 05:44:14.1940 */ -NS OK -- 0 /* Tue Jan 09 2007 05:44:14.3040 */ +VL AREAVerifyLoginCallback -- user rvarghes /* Tue Jan 09 2007 05:44:14.3040 */ Username: /* Tue Jan 09 2007 05:44:14.3040 */ rvarghes /* Tue Jan 09 2007 05:44:14.3040 */ Network Address: /* Tue Jan 09 2007 05:44:14.3040 */ 10.30.62.131 /* Tue Jan 09 2007 05:44:14.3040 */ Auth String: /* Tue Jan 09 2007 05:44:14.3040 */ /* Tue Jan 09 2007 05:44:14.3040 */ User did not provide a valid Authentication String. /* Tue Jan 09 2007 05:44:14.3040 */ User NOT logging in from Mid-Tier IP Address. /* Tue Jan 09 2007 05:44:14.3040 */ User did not pass AREA SSO authentication Mid Tier Log for the same user on modification of the helpdesk ticket Jan 10, 2007 1:52:31 AM - FINE (com.remedy.midtier.PERFORMANCE) : (Thread 55) Backchannel end: SetEntry: Process: 125; Send: 0; Chars: 107 Jan 10, 2007 1:52:31 AM - SEVERE (com.remedy.midtier.SERVLET) : (Thread 55) GoatException during NDXRequest: ARERR [329] Invalid password or authentication string for an existing user at com.remedy.arsys.backchannel.SetEntryAgent.process(Unknown Source) at com.remedy.arsys.backchannel.NDXRequest.(Unknown Source) at com.remedy.arsys.backchannel.EntryListBase.(Unknown Source) at com.remedy.arsys.backchannel.NDXSetEntry.(Unknown Source) at com.remedy.arsys.backchannel.SetEntryAgent.(Unknown Source) at com.remedy.arsys.backchannel.NDXFactory.handleRequest(Unknown Source) at com.remedy.arsys.stubs.BackchannelServlet.doRequest(Unknown Source) at com.remedy.arsys.stubs.GoatServlet.postInternal(Unknown Source) at com.remedy.arsys.stubs.GoatHttpServlet.doGet(Unknown Source) at javax.servlet.http.HttpServlet.service(HttpServlet.java:743) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at com.newatlanta.servletexec.SERequestDispatcher.forwardServlet( SERequestDispatcher.java:638) at com.newatlanta.servletexec.SERequestDispatcher.forward( SERequestDispatcher.java:236) at com.newatlanta.servletexec.SERequestDispatcher.internalForward( SERequestDispatcher.java:283) at com.newatlanta.servletexec.ApplicationInfo.processApplRequest( ApplicationInfo.java:1827) at com.newatlanta.servletexec.ServerHostInfo.processApplRequest( ServerHostInfo.java:919) at com.newatlanta.servletexec.ServletExec.ProcessRequest(ServletExec.java:1091) at com.newatlanta.servletexec.ServletExec.ProcessRequest(ServletExec.java:1002) Caused by: MessageType: 2 MessageNum: 329 MessageText: Invalid password or authentication string for an existing user AppendedText: at com.remedy.arsys.api.Proxy.ARSetEntry(Native Method) at com.remedy.arsys.api.Entry.store(Entry.java:272) ... 18 more Jan 10, 2007 1:52:31 AM - FINE (com.remedy.midtier.INTERNAL) : (Thread 55) Throw ARException - MessageType: 2 MessageNum: 329 MessageText: Invalid password or authentication string for an existing user AppendedText: Regards, Roney Samuel
Re: SSO implementation in mid-tier
No takers? How about this then since I am not used to doing the server side -
The Remedy server itself has to have external authentication turned on
by something called AREA (Action Request External Authentication). This is an
option normally selected during the server install or upgrade. >From what I
have read, we can authenticate locally to the server, then externally to an
LDAP server if users are not found. If AREA is not already turned on, how do
we authenticate to NIS+? Could it be turned on, just not pointing to LDAP as
an option?
We don't know if this is turned on now or what impact it will have
globally if turned on.
Do you know of a KB ID that tells this?
Thanks,
Janet Mahan
NSM Systems Admin II
EMBARQ
Voice: 941-766-6199 | Wireless: 321-356-0128 | Fax: 941-766-6199
Email: [EMAIL PROTECTED]
Telecommuter - Florida
Mailstop: FLPTCA0101
Voice | Data | Internet | Wireless | Entertainment
This e-mail is the property of EMBARQ and may contain confidential and
privileged material for the sole use of the intended recipient(s). Any review,
use, distribution or disclosure by others is strictly prohibited. If you are
not the intended recipient (or authorized to receive for the recipient), please
contact the sender and delete all copies of the message.
-Original Message-
From: Mahan, Janet L [EQ]
Sent: 12 December, 2006 11:12 PM
To: 'arslist@ARSLIST.ORG'
Subject: SSO implementation in mid-tier
I have seen a few posts regarding SSO but none really answered
my questions and I have a lot of them I am getting these questions second
hand since I am not the one working with CA and I don't know much about the
product which I think is siteminder or something similar. Anyway, the admin
working on the project was given this information:
"Integrating the 6.3 mid tier into an SSO environment requires
two implementations and the proper configuration of the implemented pieces:
* An implementation of the
com.remedy.arsys.session.Authenticator interface for the mid tier
* An implementation of the AREA plug-in for the
AR System server to supplement the implementation in the previous bullet"
Where would I find information on this?
Thanks,
Janet Mahan
NSM Systems Admin II
EMBARQ
Voice: 941-766-6199 | Wireless: 321-356-0128 | Fax:
941-766-6199
Email: [EMAIL PROTECTED]
Telecommuter - Florida
Mailstop: FLPTCA0101
Voice | Data | Internet | Wireless | Entertainment
This e-mail is the property of EMBARQ and may contain
confidential and privileged material for the sole use of the intended
recipient(s). Any review, use, distribution or disclosure by others is strictly
prohibited. If you are not the intended recipient (or authorized to receive for
the recipient), please contact the sender and delete all copies of the message.
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
SSO implementation in mid-tier
I have seen a few posts regarding SSO but none really answered my questions and I have a lot of them I am getting these questions second hand since I am not the one working with CA and I don't know much about the product which I think is siteminder or something similar. Anyway, the admin working on the project was given this information: "Integrating the 6.3 mid tier into an SSO environment requires two implementations and the proper configuration of the implemented pieces: * An implementation of the com.remedy.arsys.session.Authenticator interface for the mid tier * An implementation of the AREA plug-in for the AR System server to supplement the implementation in the previous bullet" Where would I find information on this? Thanks, Janet Mahan NSM Systems Admin II EMBARQ Voice: 941-766-6199 | Wireless: 321-356-0128 | Fax: 941-766-6199 Email: [EMAIL PROTECTED] Telecommuter - Florida Mailstop: FLPTCA0101 Voice | Data | Internet | Wireless | Entertainment This e-mail is the property of EMBARQ and may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender and delete all copies of the message. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
