Re: Single Sign On (SSO) with CAS
Excellent thanks! -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Alex Agle Sent: Thursday, May 28, 2015 10:37 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) with CAS I went ahead and wrote a 10 page guide on implementing SSO with CAS. I hope it is helpful. If anyone has any corrections, please feel free to send them my way. Thanks, Alex On Tue, May 26, 2015 at 04:20:18PM -0600, LJ LongWing wrote: Alex, Anybody that is willing to provide help to the community is appreciatedso, while I don't currently have any use for that information, I never quite know where I'm going to be next month/year, and I might find the information useful, so, if you don't mind, please, post :) On Tue, May 26, 2015 at 4:16 PM, Alex Agle alex.a...@oit.gatech.edu wrote: Hi everyone, I haven't posted in years, because I was spending most of my time working with a different BMC product. Now I'm circling back to the BMC Remedy Action Request System. We're on 6.3 (on Solaris), moving to 8.1.2p1 on Linux next month. I documented the upgrade of our test environment. It didn't go the most smoothly, and I couldn't have completed it without BMC Support's help. We had to manually update some of the table structures. Perhaps this is because we totally skipped 7.0, 7.1, 7.5, 7.6, and 8.0. We also had a duplicate index on one table, according to the data dictionary, so we had to delete it. In any case, my last technical challenge was to get single sign on working. I never tried to get it working before, and I thought it would be a bonus if I could get it working as part of this upgrade. I did a lot of google searching, and I saw a few other posts where other people were trying to accomplish what I wanted to do. Either nobody responded, or some people gave some general pointers, or javasystemsolutions.com chimed in to tout their product. In any case, after a long 14 hour day, I finally got it working. We have the following environment: Linux RHEL 6.6 / Apache 2.2 / Tomcat 7.0 / mod_ssl / mod_auth_cas 1.0.9 / areasso 7.0 If there is any interest, I will write up a guide on how to implement SSO with CAS and share it with the list. Thanks, Alex -- O--O--O-O | Alex Agle \/ Lead Application Developer | O---/\ Georgia Institute of Technology | |(404)894-6165 //\\ EIS - Applications Support | | Atlanta, GA //\/\\ alex.agle(@)oit.gatech.edu| OO-\/\/-O---O ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years __ _ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years -- O--O--O-O | Alex Agle \/ Lead Application Developer | O---/\ Georgia Institute of Technology | |(404)894-6165 //\\ EIS - Applications Support | | Atlanta, GA //\/\\ alex.agle(@)oit.gatech.edu| OO-\/\/-O---O ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Single Sign On (SSO) with CAS
Very nice! Thanks, rp On 5/28/2015 1:36 PM, Alex Agle wrote: I went ahead and wrote a 10 page guide on implementing SSO with CAS. I hope it is helpful. If anyone has any corrections, please feel free to send them my way. Thanks, Alex On Tue, May 26, 2015 at 04:20:18PM -0600, LJ LongWing wrote: Alex, Anybody that is willing to provide help to the community is appreciatedso, while I don't currently have any use for that information, I never quite know where I'm going to be next month/year, and I might find the information useful, so, if you don't mind, please, post :) On Tue, May 26, 2015 at 4:16 PM, Alex Agle alex.a...@oit.gatech.edu wrote: Hi everyone, I haven't posted in years, because I was spending most of my time working with a different BMC product. Now I'm circling back to the BMC Remedy Action Request System. We're on 6.3 (on Solaris), moving to 8.1.2p1 on Linux next month. I documented the upgrade of our test environment. It didn't go the most smoothly, and I couldn't have completed it without BMC Support's help. We had to manually update some of the table structures. Perhaps this is because we totally skipped 7.0, 7.1, 7.5, 7.6, and 8.0. We also had a duplicate index on one table, according to the data dictionary, so we had to delete it. In any case, my last technical challenge was to get single sign on working. I never tried to get it working before, and I thought it would be a bonus if I could get it working as part of this upgrade. I did a lot of google searching, and I saw a few other posts where other people were trying to accomplish what I wanted to do. Either nobody responded, or some people gave some general pointers, or javasystemsolutions.com chimed in to tout their product. In any case, after a long 14 hour day, I finally got it working. We have the following environment: Linux RHEL 6.6 / Apache 2.2 / Tomcat 7.0 / mod_ssl / mod_auth_cas 1.0.9 / areasso 7.0 If there is any interest, I will write up a guide on how to implement SSO with CAS and share it with the list. Thanks, Alex -- O--O--O-O | Alex Agle \/ Lead Application Developer | O---/\ Georgia Institute of Technology | |(404)894-6165 //\\ EIS - Applications Support | | Atlanta, GA //\/\\ alex.agle(@)oit.gatech.edu| OO-\/\/-O---O ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Single Sign On (SSO) with CAS
Hi, Yes please do post the info. I’ve implemented the SSO with CAS and have the same environment you described except instead of Linux we still have an old “SunOS Generic_147440-09 sun4v sparc sun4v” We shall move to Linux in a couple of months. So your info could be very much appreciated. Best From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of LJ LongWing Sent: Wednesday, May 27, 2015 12:20 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) with CAS ** Alex, Anybody that is willing to provide help to the community is appreciatedso, while I don't currently have any use for that information, I never quite know where I'm going to be next month/year, and I might find the information useful, so, if you don't mind, please, post :) On Tue, May 26, 2015 at 4:16 PM, Alex Agle alex.a...@oit.gatech.edumailto:alex.a...@oit.gatech.edu wrote: Hi everyone, I haven't posted in years, because I was spending most of my time working with a different BMC product. Now I'm circling back to the BMC Remedy Action Request System. We're on 6.3 (on Solaris), moving to 8.1.2p1 on Linux next month. I documented the upgrade of our test environment. It didn't go the most smoothly, and I couldn't have completed it without BMC Support's help. We had to manually update some of the table structures. Perhaps this is because we totally skipped 7.0, 7.1, 7.5, 7.6, and 8.0. We also had a duplicate index on one table, according to the data dictionary, so we had to delete it. In any case, my last technical challenge was to get single sign on working. I never tried to get it working before, and I thought it would be a bonus if I could get it working as part of this upgrade. I did a lot of google searching, and I saw a few other posts where other people were trying to accomplish what I wanted to do. Either nobody responded, or some people gave some general pointers, or javasystemsolutions.comhttp://javasystemsolutions.com chimed in to tout their product. In any case, after a long 14 hour day, I finally got it working. We have the following environment: Linux RHEL 6.6 / Apache 2.2 / Tomcat 7.0 / mod_ssl / mod_auth_cas 1.0.9 / areasso 7.0 If there is any interest, I will write up a guide on how to implement SSO with CAS and share it with the list. Thanks, Alex -- O--O--O-O | Alex Agle \/ Lead Application Developer | O---/\ Georgia Institute of Technology | |(404)894-6165tel:%28404%29894-6165 //\\ EIS - Applications Support | | Atlanta, GA //\/\\ alex.agle(@)oit.gatech.eduhttp://oit.gatech.edu| OO-\/\/-O---O ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.orghttp://www.arslist.org Where the Answers Are, and have been for 20 years _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Single Sign On (SSO) with CAS
Hi everyone, I haven't posted in years, because I was spending most of my time working with a different BMC product. Now I'm circling back to the BMC Remedy Action Request System. We're on 6.3 (on Solaris), moving to 8.1.2p1 on Linux next month. I documented the upgrade of our test environment. It didn't go the most smoothly, and I couldn't have completed it without BMC Support's help. We had to manually update some of the table structures. Perhaps this is because we totally skipped 7.0, 7.1, 7.5, 7.6, and 8.0. We also had a duplicate index on one table, according to the data dictionary, so we had to delete it. In any case, my last technical challenge was to get single sign on working. I never tried to get it working before, and I thought it would be a bonus if I could get it working as part of this upgrade. I did a lot of google searching, and I saw a few other posts where other people were trying to accomplish what I wanted to do. Either nobody responded, or some people gave some general pointers, or javasystemsolutions.com chimed in to tout their product. In any case, after a long 14 hour day, I finally got it working. We have the following environment: Linux RHEL 6.6 / Apache 2.2 / Tomcat 7.0 / mod_ssl / mod_auth_cas 1.0.9 / areasso 7.0 If there is any interest, I will write up a guide on how to implement SSO with CAS and share it with the list. Thanks, Alex -- O--O--O-O | Alex Agle \/ Lead Application Developer | O---/\ Georgia Institute of Technology | |(404)894-6165 //\\ EIS - Applications Support | | Atlanta, GA //\/\\ alex.agle(@)oit.gatech.edu| OO-\/\/-O---O ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Single Sign On (SSO) with CAS
Alex, Anybody that is willing to provide help to the community is appreciatedso, while I don't currently have any use for that information, I never quite know where I'm going to be next month/year, and I might find the information useful, so, if you don't mind, please, post :) On Tue, May 26, 2015 at 4:16 PM, Alex Agle alex.a...@oit.gatech.edu wrote: Hi everyone, I haven't posted in years, because I was spending most of my time working with a different BMC product. Now I'm circling back to the BMC Remedy Action Request System. We're on 6.3 (on Solaris), moving to 8.1.2p1 on Linux next month. I documented the upgrade of our test environment. It didn't go the most smoothly, and I couldn't have completed it without BMC Support's help. We had to manually update some of the table structures. Perhaps this is because we totally skipped 7.0, 7.1, 7.5, 7.6, and 8.0. We also had a duplicate index on one table, according to the data dictionary, so we had to delete it. In any case, my last technical challenge was to get single sign on working. I never tried to get it working before, and I thought it would be a bonus if I could get it working as part of this upgrade. I did a lot of google searching, and I saw a few other posts where other people were trying to accomplish what I wanted to do. Either nobody responded, or some people gave some general pointers, or javasystemsolutions.com chimed in to tout their product. In any case, after a long 14 hour day, I finally got it working. We have the following environment: Linux RHEL 6.6 / Apache 2.2 / Tomcat 7.0 / mod_ssl / mod_auth_cas 1.0.9 / areasso 7.0 If there is any interest, I will write up a guide on how to implement SSO with CAS and share it with the list. Thanks, Alex -- O--O--O-O | Alex Agle \/ Lead Application Developer | O---/\ Georgia Institute of Technology | |(404)894-6165 //\\ EIS - Applications Support | | Atlanta, GA //\/\\ alex.agle(@)oit.gatech.edu| OO-\/\/-O---O ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Single Sign-On (SSO)
John, thanks alot for your suggest ! You say to use BMC community code, but where i can find this code ? i would like to realize the solution myself without include other people (i.e. Column or similar). can you help me to indicate the 'right street' ? i try to read 'Integrating BMC® Remedy®Action Request System® with Single Sign-On (SSO) Authentication Systems and Other Client-Side Login Intercept Technologies' but i understand just a little ! thx Peter ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Single Sign-On (SSO)
Hi all, i would like to log to Requester Console bypassing the login page of Mid Tier. the User could access to the system using his Web portal and i try to interface the RQC by Single Sign-On (SSO) of BMC Remedy. Is it possible ? i don't understand if Single Sign-On (SSO) needs of regular license by BMC ! any Idea ? can you help me to solve this requirement ? thx Peter ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Single Sign-On (SSO)
Yes, this can be done. Column Technologies helped us set this up, they have a packaged custom plugin they've written to perform the pass-through SSO solution which basically gets applied to your Miditer server and intercepts traffic to the web server and authenticates to your Identity Mgt solution then passes you through into Remedy. The licensing does not change with an SSO solution, based on function the user would still need to the appropriate license for the functionality used. If you are talking about the basic Requester Console, this interface does not require a license, but if you are referring to the full Service Request Management module, that is a licensed component and they would require a license. Hope this helps, contact Column Technologies (www.columnit.com) for info on their SSO solution, they were able to get us up and running in short order on it. Thanks. Nate. Nathan Aker ITSM Solution Architect McAfee, Inc. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Team Remedy Sent: Thursday, May 31, 2012 4:31 AM To: arslist@ARSLIST.ORG Subject: Single Sign-On (SSO) Hi all, i would like to log to Requester Console bypassing the login page of Mid Tier. the User could access to the system using his Web portal and i try to interface the RQC by Single Sign-On (SSO) of BMC Remedy. Is it possible ? i don't understand if Single Sign-On (SSO) needs of regular license by BMC ! any Idea ? can you help me to solve this requirement ? thx Peter ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Single Sign-On (SSO)
Nathan The Column SSO solution is little more than the BMC community code repackaged, but last time I checked, rather less secure. I actually sent Column a video demonstrating how to login to AR System as any user and never received a response demonstrating the problem has been fixed. Instead, I received a lecture on AD integration technology from someone who (a) didn't know that I'm somewhat familiar in this area, and (b) didn't know what they were talking about. So if you want a do it yourself kit, you can use the BMC community code. If you want a real product supported by people who are industry experts, consult Google or ask some of BMC's biggest clients. But the answer to SSO is not Column. John ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Want to implement Single Sign-On(SSO)
Brian Ref: Single user repository I think BMC believe OpenSSO gives them a single user repository but it doesn't. Each product still requires user management, so a user that exists in AR System must be manually managed in SAP BOXI (BMC Analytics). One of the many features in SSO Plugin is the ability to automatically manage these third party repositories. John ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Want to implement Single Sign-On(SSO)
Can I ask what is your plan or method for doing it? Like do you need CAC? Certs, or just AD authentication? Do you require secure methods? 686 vice 389 (or what ever)? Just wondering Sent from my iPhone On May 15, 2012, at 2:51, John Baker jba...@javasystemsolutions.com wrote: Brian Ref: Single user repository I think BMC believe OpenSSO gives them a single user repository but it doesn't. Each product still requires user management, so a user that exists in AR System must be manually managed in SAP BOXI (BMC Analytics). One of the many features in SSO Plugin is the ability to automatically manage these third party repositories. John ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Want to implement Single Sign-On(SSO)
John Didn't state single user repository just authentication repository. SSO will allow you to setup multiple repositories (LDAP, RSA, CAC, Local, etc.). That's why my original question was what exactly is SSO going to be used for. If it is to provide LDAP capabilities for Mid-tier then there are better ways to handle this. If you are looking at implementing both Analytics and ITSM then SSO could work, but it is not without a lot of work to get it working right. If you are looking at SSO to automagically authenticate you to various apps based on your network login when you logged into the box then BMC SSO will not work for that. I have successfully setup SSO in a dev environment against multiple repositories. However, we pulled the plug on production because at the time it was not compatible with encryption and I didn't feel it was ready for prime time. This was for a 7.6.04 environment. Looking at Hari's original questions: 1. Hard to answer without knowing exactly what you are trying to do. 2. Java System Solutions is a third party that has designed a SSO plugin for AR System 3. Upgrading can be a good and bad thing for many reasons. SSO probably shouldn't be your driving force to upgrading to 7.6.04. Other queries: a. License questions are probably best asked to your BMC Account Manager. They know your account structure best. b. validation parameter? Not sure what you're looking for here c. BMC SSO has its own access manager/administration tool and doesn't require the use of Oracle Access Manager. BMC SSO is loaded on a separate web server from the mid-tier. It uses 32 bit were as Mid-tier can use 64 bit. No you can try to get these working on the same web server, but it is not recommended. I still would need a better understanding of the requirements to provide decent answers. Brian -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of John Baker Sent: Tuesday, May 15, 2012 2:51 AM To: arslist@ARSLIST.ORG Subject: Want to implement Single Sign-On(SSO) Brian Ref: Single user repository I think BMC believe OpenSSO gives them a single user repository but it doesn't. Each product still requires user management, so a user that exists in AR System must be manually managed in SAP BOXI (BMC Analytics). One of the many features in SSO Plugin is the ability to automatically manage these third party repositories. John ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Want to implement Single Sign-On(SSO)
Hi All, Hope you all are doing well, this is with reference to one of my requirement of implementing SSO in Remedy environment. My Current Remedy Setup is : Platform: OS= Windows 2003 Server Database= SQL Server 2005 Remedy AR Server = 7.5.004 Remedy ITSM Apps Version= 7.6.001 Users were LDAP authenticated. Midtier Env: OS= Windows 2003 Server Web Server= Apache Tomcat I want to implement SSO in my environment with my current setup. But i am not getting the clear picture of how to implement this.Till date, what i found that: 1. Can be achieved through customized SSO: In this, we need to write some external java class which will authenticate the users.Here, my question is Is there any need of any extra web server depending on my current environment. I heard of web access manager by BMC,Oracle,etc.Plz suggest. 2. Third party provided SSO solutions. 3. To upgrade my existing version to 7.6.04, where BMC has provided the SSO solution. Other queries of mine are: a. SSO requires license or not, if yes, then shall we need to take a call with BMC for license. b. what validation parameter should i consider while implementing SSO. c. Shall we need any Web access manager for implementing SSO.And if i am going for Oracle web access manager, will it create some compatibility issue with SQL server 2005. Any help or any suggestions will contribute a lot. Thanks Regards Hari E-mail:- hsvishwaka...@gmail.com ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Want to implement Single Sign-On(SSO)
What exactly are you looking to use SSO for? You can do LDAP authentication without SSO in place. If you're looking for the user to automatically be authenticated to Remedy Mid-tier based on their network login, BMC SSO will not do this to my knowledge. What the BMC SSO piece will give you is a authentication repository if you will of user accounts and passwords, which other BMC products can utilize (ITSM and Analytics). Theoretically if your logged into one you can use all without re-authenticating. I believe there are a few people on the thread that have used javasystems SSO tool and could chime in on its capabilities. Brian From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Hari Vishwakarma Sent: Monday, May 14, 2012 6:40 PM To: arslist@ARSLIST.ORG Subject: Want to implement Single Sign-On(SSO) ** Hi All, Hope you all are doing well, this is with reference to one of my requirement of implementing SSO in Remedy environment. My Current Remedy Setup is : Platform: OS= Windows 2003 Server Database= SQL Server 2005 Remedy AR Server = 7.5.004 Remedy ITSM Apps Version= 7.6.001 Users were LDAP authenticated. Midtier Env: OS= Windows 2003 Server Web Server= Apache Tomcat I want to implement SSO in my environment with my current setup. But i am not getting the clear picture of how to implement this.Till date, what i found that: 1. Can be achieved through customized SSO: In this, we need to write some external java class which will authenticate the users.Here, my question is Is there any need of any extra web server depending on my current environment. I heard of web access manager by BMC,Oracle,etc.Plz suggest. 2. Third party provided SSO solutions. 3. To upgrade my existing version to 7.6.04, where BMC has provided the SSO solution. Other queries of mine are: a. SSO requires license or not, if yes, then shall we need to take a call with BMC for license. b. what validation parameter should i consider while implementing SSO. c. Shall we need any Web access manager for implementing SSO.And if i am going for Oracle web access manager, will it create some compatibility issue with SQL server 2005. Any help or any suggestions will contribute a lot. Thanks Regards Hari E-mail:- hsvishwaka...@gmail.com _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Single Sign On (SSO) Issue
Well one error message you are getting is this - Connects to ARServer servername through Java Rpc failed with: ERROR (90): Cannot establish a network connection to the AR System server; Connection refused: connect servername When you bring up the mid tier what error message do you get. Are you sure your mid tier is configured with the correct server name, mid tier password, etc... From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti Sent: Friday, November 21, 2008 4:05 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** Hi Kevin, I am attaching my log files. Let me know in case you find anything. I have hit a dead end and do not know what more to do. Thanks Sivarama __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
Hi Kevin, The servername and password has been set up correctly for the Mid-Tier because if it was not then I would not be able to login and access the server tables which I am able to right now (once I provide the credentials). I am able to perform all the operations that I am able to with the user tool. I am concerned that the plugin server might be giving some problems. But then again the server is currently set up to authenticate users against the LDAP server and it is working fine. So it does not seem to be the problem with the plugin server either. Thanks Sivarama ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
The issue I was having with this was related to Tomcat using authentication and not letting IIS handle it. It was fixed but added the following line to the server.xml file under tomcat for the connector I was using, tomcatAuthentication=false that way it uses IIS and not tomcat. SSO is working for me now. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti Sent: Wednesday, November 19, 2008 1:52 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** Hi Kevin, Did you make any progress in the issue. I sat the entire day yesterday but I have nothing to share from my side. Thanks Sivarama __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
Hi Kevin, I had that in tomcat before you mentioned it. But still does not seem to be working for me. What do you have as your authentication chaning mode I wonder?? I have IIS to use the integrated windows login but somehow it does not seem to pick that up. Thanks Siva - ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
well there are a slew of things that could be wrong. If you could send me some logs that might help. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti Sent: Friday, November 21, 2008 12:53 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** Hi Kevin, I had that in tomcat before you mentioned it. But still does not seem to be working for me. What do you have as your authentication chaning mode I wonder?? I have IIS to use the integrated windows login but somehow it does not seem to pick that up. Thanks Siva - __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
I was on travel all day yesterday so I did not have time to work on it. I hopefully will in the next couple of days. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti Sent: Wednesday, November 19, 2008 1:52 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** Hi Kevin, Did you make any progress in the issue. I sat the entire day yesterday but I have nothing to share from my side. Thanks Sivarama __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
Hi Kevin, Did you make any progress in the issue. I sat the entire day yesterday but I have nothing to share from my side. Thanks Sivarama ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
++ Please Read The Disclaimer At The Bottom Of This Email ++ Kevin, I would look at the code in your custom authenticator jar file located on the mid tier and see how it works out the user name. It seems that after the migration it cannot get the user name. Hope this gets you some idea. Jiri Pospisil IT Services LCH.Clearnet From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Begosh, Kevin Sent: 17 November 2008 23:11 To: arslist@ARSLIST.ORG Subject: Single Sign On (SSO) Issue ** I am having an issue with Single Sign On. I have a current environment for the mid tier, IIS, Servlet Exec where SSO works. We are looking to change from Servlet to Tomcat on our mid tier servers. In doing so it looks like SSO is not working anymore. SSO is not Supported by BMC from what I have been told so my options are limited. I was told by BMC that there should be no issue changing what we have with SSO from Servlet exec to tomcat. We are on mid tier 7.1 patch 4, windows 2003, IIS. All the configurations on the AR Server is fine because it was working before. When I load the mid tier the log in screen pops up and no visible errors appear. From logging I am getting the following issues - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - constructor(arcatalog) - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - Connects to ARServer *servername* through [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] - Api source is identified as: AP675689916919Q6UhSQhwYAAAKQAA SSO: Initialization: Version 2.05e SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname: authmethod:default authcustom: debuglogging:T - Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled. SSO ERROR: RemoteUser name is null or empty. Using default login page - Connects to ARServer *servername* through [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] SSO ERROR: RemoteUser name is null or empty. Using default login page SSO ERROR: RemoteUser name is null or empty. Using default login page it also makes reference to the custom authenticator failed, and that it is using the default one. And for the sake of the email I removed my server name under *servername*, so that part was just my servers name. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ * This email is intended for the named recipient(s) only. Its contents are confidential and may only be retained by the named recipient(s) and may only be copied or disclosed with the consent of LCH.Clearnet Limited. If you are not an intended recipient please delete this e-mail and notify [EMAIL PROTECTED] The contents of this email are subject to contract in all cases, and LCH.Clearnet Limited makes no contractual commitment save where confirmed by hard copy. LCH.Clearnet Limited accepts no liability, including liability for negligence, in respect of any statement in this email. LCH.Clearnet Limited, Registered Office: Aldgate House, 33 Aldgate High Street, London EC3N 1EA.Recognised as a Clearing House under the Financial Services Markets Act 2000. Reg in England No.25932 Telephone: +44 20 7426 7000 Internet: http://www.lchclearnet.com * ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
well according to BMC the mid tier plug-in jar file I have should work for both, it is not specific to Tomcat or Servlet Exec Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Jiri Pospisil Sent: Tuesday, November 18, 2008 4:20 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** ++ Please Read The Disclaimer At The Bottom Of This Email ++ Kevin, I would look at the code in your custom authenticator jar file located on the mid tier and see how it works out the user name. It seems that after the migration it cannot get the user name. Hope this gets you some idea. Jiri Pospisil IT Services LCH.Clearnet From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Begosh, Kevin Sent: 17 November 2008 23:11 To: arslist@ARSLIST.ORG Subject: Single Sign On (SSO) Issue ** I am having an issue with Single Sign On. I have a current environment for the mid tier, IIS, Servlet Exec where SSO works. We are looking to change from Servlet to Tomcat on our mid tier servers. In doing so it looks like SSO is not working anymore. SSO is not Supported by BMC from what I have been told so my options are limited. I was told by BMC that there should be no issue changing what we have with SSO from Servlet exec to tomcat. We are on mid tier 7.1 patch 4, windows 2003, IIS. All the configurations on the AR Server is fine because it was working before. When I load the mid tier the log in screen pops up and no visible errors appear. From logging I am getting the following issues - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - constructor(arcatalog) - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - Connects to ARServer *servername* through [EMAIL PROTECTED] - Api source is identified as: AP675689916919Q6UhSQhwYAAAKQAA SSO: Initialization: Version 2.05e SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname: authmethod:default authcustom: debuglogging:T - Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled. SSO ERROR: RemoteUser name is null or empty. Using default login page - Connects to ARServer *servername* through [EMAIL PROTECTED] SSO ERROR: RemoteUser name is null or empty. Using default login page SSO ERROR: RemoteUser name is null or empty. Using default login page it also makes reference to the custom authenticator failed, and that it is using the default one. And for the sake of the email I removed my server name under *servername*, so that part was just my servers name. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ * This email is intended for the named recipient(s) only. Its contents are confidential and may only be retained by the named recipient(s) and may only be copied or disclosed with the consent of LCH.Clearnet Limited. If you are not an intended recipient please delete this e-mail and notify [EMAIL PROTECTED] The contents of this email are subject to contract in all cases, and LCH.Clearnet Limited makes no contractual commitment save where confirmed by hard copy. LCH.Clearnet Limited accepts no liability, including liability for negligence, in respect of any statement in this email. LCH.Clearnet Limited, Registered Office: Aldgate House, 33 Aldgate High Street, London EC3N 1EA. Recognised as a Clearing House under the Financial Services Markets Act 2000. Reg in England No.25932 Telephone: +44 20 7426 7000 Internet: http://www.lchclearnet.com * __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
Also the reason I think this is failing is because for some reason with Tomcat it is not get the user name from IIS. I do have integrated windows authentication on. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Jiri Pospisil Sent: Tuesday, November 18, 2008 4:20 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** ++ Please Read The Disclaimer At The Bottom Of This Email ++ Kevin, I would look at the code in your custom authenticator jar file located on the mid tier and see how it works out the user name. It seems that after the migration it cannot get the user name. Hope this gets you some idea. Jiri Pospisil IT Services LCH.Clearnet From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Begosh, Kevin Sent: 17 November 2008 23:11 To: arslist@ARSLIST.ORG Subject: Single Sign On (SSO) Issue ** I am having an issue with Single Sign On. I have a current environment for the mid tier, IIS, Servlet Exec where SSO works. We are looking to change from Servlet to Tomcat on our mid tier servers. In doing so it looks like SSO is not working anymore. SSO is not Supported by BMC from what I have been told so my options are limited. I was told by BMC that there should be no issue changing what we have with SSO from Servlet exec to tomcat. We are on mid tier 7.1 patch 4, windows 2003, IIS. All the configurations on the AR Server is fine because it was working before. When I load the mid tier the log in screen pops up and no visible errors appear. From logging I am getting the following issues - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - constructor(arcatalog) - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - Connects to ARServer *servername* through [EMAIL PROTECTED] - Api source is identified as: AP675689916919Q6UhSQhwYAAAKQAA SSO: Initialization: Version 2.05e SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname: authmethod:default authcustom: debuglogging:T - Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled. SSO ERROR: RemoteUser name is null or empty. Using default login page - Connects to ARServer *servername* through [EMAIL PROTECTED] SSO ERROR: RemoteUser name is null or empty. Using default login page SSO ERROR: RemoteUser name is null or empty. Using default login page it also makes reference to the custom authenticator failed, and that it is using the default one. And for the sake of the email I removed my server name under *servername*, so that part was just my servers name. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ * This email is intended for the named recipient(s) only. Its contents are confidential and may only be retained by the named recipient(s) and may only be copied or disclosed with the consent of LCH.Clearnet Limited. If you are not an intended recipient please delete this e-mail and notify [EMAIL PROTECTED] The contents of this email are subject to contract in all cases, and LCH.Clearnet Limited makes no contractual commitment save where confirmed by hard copy. LCH.Clearnet Limited accepts no liability, including liability for negligence, in respect of any statement in this email. LCH.Clearnet Limited, Registered Office: Aldgate House, 33 Aldgate High Street, London EC3N 1EA. Recognised as a Clearing House under the Financial Services Markets Act 2000. Reg in England No.25932 Telephone: +44 20 7426 7000 Internet: http://www.lchclearnet.com * __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
Hi Kevin, I am facing the exact same problem with my SSO integration. Let me know in case you make any progress in that case and I will let you know in case I have any updates. Thanks Siva ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
okay sounds good. That is with Tomcat? Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti Sent: Tuesday, November 18, 2008 12:07 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** Hi Kevin, I am facing the exact same problem with my SSO integration. Let me know in case you make any progress in that case and I will let you know in case I have any updates. Thanks Siva __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
Yep IIS Tomcat. Thanks Siva ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Single Sign On (SSO) Issue
I am having an issue with Single Sign On. I have a current environment for the mid tier, IIS, Servlet Exec where SSO works. We are looking to change from Servlet to Tomcat on our mid tier servers. In doing so it looks like SSO is not working anymore. SSO is not Supported by BMC from what I have been told so my options are limited. I was told by BMC that there should be no issue changing what we have with SSO from Servlet exec to tomcat. We are on mid tier 7.1 patch 4, windows 2003, IIS. All the configurations on the AR Server is fine because it was working before. When I load the mid tier the log in screen pops up and no visible errors appear. From logging I am getting the following issues - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - constructor(arcatalog) - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - Connects to ARServer *servername* through [EMAIL PROTECTED] - Api source is identified as: AP675689916919Q6UhSQhwYAAAKQAA SSO: Initialization: Version 2.05e SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname: authmethod:default authcustom: debuglogging:T - Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled. SSO ERROR: RemoteUser name is null or empty. Using default login page - Connects to ARServer *servername* through [EMAIL PROTECTED] SSO ERROR: RemoteUser name is null or empty. Using default login page SSO ERROR: RemoteUser name is null or empty. Using default login page it also makes reference to the custom authenticator failed, and that it is using the default one. And for the sake of the email I removed my server name under *servername*, so that part was just my servers name. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are