[Date Prev] [Date Next] [Prev in Thread] [Next in Thread] [Date Index] [Thread Index]

Re: SSO Mid-Tier with AREA_SSO_ALL_v206MT_v209AREA.zip Issue



Andre,
Look into 'spnego'....it works well with Tomcat to setup Kerberos
authentication to the tomcat server, and allows the 'getremoteuser' to work.

-----Original Message-----
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Andre Hughes
Sent: Thursday, August 19, 2010 1:04 PM
To: arslist@ARSLIST.ORG
Subject: Re: SSO Mid-Tier with AREA_SSO_ALL_v206MT_v209AREA.zip Issue

Mid-Tier is running on Windows Server 2003.

I am using Tomcat only, no Apache or IIS.

I am not clear on the component(s) you mentioned to set the attribute or 
header. What would set this attribute or header? Does Tomcat have this 
option?

Does Tomcat have a setting to get the remoteuser information?

Thanks,

Andre

On Thu, 19 Aug 2010 10:57:12 -0500, Axton <axton.grams@GMAIL.COM> wrote:

>You tried the configuration with both an attribute and a header.  What
>component(s) do you have in place to set either the attribute or header?
> Something has to provide the value.  Looks like nothing is, which is why
>you are getting the null username.
>
>What OS does your mid-tier run on?
>
>What web server (if any) do you intend to run this behind?
>
>Axton Grams
>
>The opinions, statements, and/or suggested courses of action expressed in
>this E-mail do not necessarily reflect those of BMC Software, Inc.  My
>voluntary participation in this forum is not intended to convey a role as a
>spokesperson, liaison or public relations representative for BMC Software,
>Inc.
>
>On Thu, Aug 19, 2010 at 1:46 PM, Andre Hughes <neo1494@yahoo.com> wrote:
>
>> Hello,
>>
>> I am attempting to put in place SSO for the Mid-Tier with the
>> AREA_SSO_ALL_v206MT_v209AREA.zip file.
>> I followed the direction in the MidTier_AREA_SSO_setup.doc
>>
>> My current setup -
>> ARS 7.5 Patch 3
>> Mid-Tier Patch 3 (using BMC's bundled Tomcat 5.25)
>> ITSM 7.6 Patch 1
>> All Remedy users use LDAP authentication to login to the system against a
>> Windows AD Domain
>>
>> sso.properties with remoteuser -
>> Option 1
>> arsystem.sso.username.method=remoteuser
>> arsystem.sso.username.case=lower
>> arsystem.sso.username.remoteuser_remove_domain=T
>> # arsystem.sso.username.headername=
>> # arsystem.sso.username.attributename=
>> arsystem.sso.authstring.method=default
>> # arsystem.sso.authstring.custom=
>> arsystem.sso.logging.debug=T
>>
>> Option 2
>> arsystem.sso.username.method=remoteuser
>> arsystem.sso.username.case=lower
>> arsystem.sso.username.remoteuser_remove_domain=T
>> # arsystem.sso.username.headername=
>> # arsystem.sso.username.attributename=
>> arsystem.sso.authstring.method=rudomain
>> # arsystem.sso.authstring.custom=
>> arsystem.sso.logging.debug=T
>>
>> Error that I receive -
>> Aug 19, 2010 8:03:48 AM - INFO (com.remedy.log.SESSION) : (Thread 10)
>> com.remedy.arsys.session.Login loadAuthenticatorConfigFile Login: Loaded
>> authenticator properties file sso.properties
>> Aug 19, 2010 8:03:48 AM - FINE (com.remedy.log.SESSION) : (Thread 10)
>> com.remedy.arsys.sso.SSOAuthenticator init SSO: Initialization: Version
>> 2.06
>> (Mid-Tier 7.0.x build)
>> Aug 19, 2010 8:03:48 AM - FINE (com.remedy.log.SESSION) : (Thread 10)
>> com.remedy.arsys.sso.SSOAuthenticator init SSO: Property values were
>> loaded.
>> Aug 19, 2010 8:03:58 AM - INFO (com.remedy.log.PERFORMANCE) : (Thread 11)
>> com.remedy.arsys.prefetch.PreloadManager loadAllActiveLinkMenus START
>> activelink/menu preload; start time = 1282230238617
>> Aug 19, 2010 8:03:58 AM - FINE (com.remedy.log.SERVLET) : (Thread 12)
>> com.remedy.arsys.stubs.GoatServlet postInternal GoatServlet:
>> url=http://serverX/arsys/
>> Aug 19, 2010 8:03:58 AM - FINE (com.remedy.log.SERVLET) : (Thread 12)
>> com.remedy.arsys.stubs.GoatServlet postInternal cookie=IP-Restriction-
>> GUID="2"
>> Aug 19, 2010 8:03:58 AM - FINE (com.remedy.log.SERVLET) : (Thread 12)
>> com.remedy.arsys.stubs.GoatServlet setupSessionData GoatServlet: No 
session
>> or new session
>> Aug 19, 2010 8:03:58 AM - FINE (com.remedy.log.SESSION) : (Thread 12)
>> com.remedy.arsys.session.Login establishSession Login: establishing 
Session
>> Aug 19, 2010 8:03:58 AM - FINE (com.remedy.log.SESSION) : (Thread 12)
>> com.remedy.arsys.sso.SSOAuthenticator getAuthenticatedCredentials SSO
>> ERROR:
>> RemoteUser name is null or empty. Using default login page
>> Aug 19, 2010 8:03:58 AM - FINE (com.remedy.log.SESSION) : (Thread 12)
>> com.remedy.arsys.session.Login establishSession Login: Custom 
authenticator
>> failed. Trying default authenticator
>> Aug 19, 2010 8:03:58 AM - FINE (com.remedy.log.SESSION) : (Thread 12)
>> com.remedy.arsys.session.DefaultAuthenticator getAuthenticatedCredentials
>> DefaultAuthenticator: Credentials requested
>> Aug 19, 2010 8:03:58 AM - FINE (com.remedy.log.SESSION) : (Thread 12)
>> com.remedy.arsys.session.DefaultAuthenticator redirectToLogin
>> DefaultAuthenticator.redirectToLogin: url=/arsys/
>> Aug 19, 2010 8:03:59 AM - FINE (com.remedy.log.SESSION) : (Thread 11)
>> com.remedy.arsys.goat.preferences.ARUserPreferences getPrefFromServer No
>> preference server for this user MidTier Service Using default 
preferences.
>> Aug 19, 2010 8:03:59 AM - CONFIG (com.remedy.log.CONFIG) : (Thread 11)
>> com.remedy.arsys.config.ConfigProperties load Loaded properties file
>> C:\ARSYSTEM\midtier\WEB-INF\classes\locale.properties
>> Aug 19, 2010 8:03:59 AM - FINE (com.remedy.log.SESSION) : (Thread 11)
>> com.remedy.arsys.goat.preferences.ARUserPreferences getPrefFromServer No
>> preference server for this user MidTier Service Using default 
preferences.
>> Aug 19, 2010 8:03:59 AM - FINE (com.remedy.log.SESSION) : (Thread 11)
>> com.remedy.arsys.stubs.SessionData initTimezone InitTimeZone =
>> America/Los_Angeles
>>
>> sso.properties with header -
>> arsystem.sso.username.method=header
>> arsystem.sso.username.case=lower
>> arsystem.sso.username.remoteuser_remove_domain=F
>> arsystem.sso.username.headername=username
>> # arsystem.sso.username.attributename=
>> arsystem.sso.authstring.method=default
>> # arsystem.sso.authstring.custom=
>> arsystem.sso.logging.debug=T
>>
>> Error that I receive -
>> Aug 19, 2010 7:46:24 AM - INFO (com.remedy.log.SESSION) : (Thread 10)
>> com.remedy.arsys.session.Login loadAuthenticatorConfigFile Login: Loaded
>> authenticator properties file sso.properties
>> Aug 19, 2010 7:46:24 AM - FINE (com.remedy.log.SESSION) : (Thread 10)
>> com.remedy.arsys.sso.SSOAuthenticator init SSO: Initialization: Version
>> 2.06
>> (Mid-Tier 7.0.x build)
>> Aug 19, 2010 7:46:24 AM - FINE (com.remedy.log.SESSION) : (Thread 10)
>> com.remedy.arsys.sso.SSOAuthenticator init SSO: Property values were
>> loaded.
>> Aug 19, 2010 7:46:29 AM - FINE (com.remedy.log.SERVLET) : (Thread 11)
>> com.remedy.arsys.stubs.GoatServlet postInternal GoatServlet:
>> url=http://serverX/arsys/
>> Aug 19, 2010 7:46:29 AM - FINE (com.remedy.log.SERVLET) : (Thread 11)
>> com.remedy.arsys.stubs.GoatServlet postInternal cookie=IP-Restriction-
>> GUID="2"
>> Aug 19, 2010 7:46:29 AM - FINE (com.remedy.log.SERVLET) : (Thread 11)
>> com.remedy.arsys.stubs.GoatServlet setupSessionData GoatServlet: No 
session
>> or new session
>> Aug 19, 2010 7:46:29 AM - FINE (com.remedy.log.SESSION) : (Thread 11)
>> com.remedy.arsys.session.Login establishSession Login: establishing 
Session
>> Aug 19, 2010 7:46:29 AM - FINE (com.remedy.log.SESSION) : (Thread 11)
>> com.remedy.arsys.sso.SSOAuthenticator getAuthenticatedCredentials SSO
>> ERROR:
>> Header is null or empty. Using default login page
>> Aug 19, 2010 7:46:29 AM - FINE (com.remedy.log.SESSION) : (Thread 11)
>> com.remedy.arsys.session.Login establishSession Login: Custom 
authenticator
>> failed. Trying default authenticator
>> Aug 19, 2010 7:46:29 AM - FINE (com.remedy.log.SESSION) : (Thread 11)
>> com.remedy.arsys.session.DefaultAuthenticator getAuthenticatedCredentials
>> DefaultAuthenticator: Credentials requested
>> Aug 19, 2010 7:46:29 AM - FINE (com.remedy.log.SESSION) : (Thread 11)
>> com.remedy.arsys.session.DefaultAuthenticator redirectToLogin
>> DefaultAuthenticator.redirectToLogin: url=/arsys/
>> Aug 19, 2010 7:46:29 AM - CONFIG (com.remedy.log.CONFIG) : (Thread 11)
>> com.remedy.arsys.config.ConfigProperties load Loaded properties file
>> C:\ARSYSTEM\midtier\WEB-INF\classes\locale.properties
>> Aug 19, 2010 7:46:34 AM - INFO (com.remedy.log.PERFORMANCE) : (Thread 12)
>> com.remedy.arsys.prefetch.PreloadManager loadAllActiveLinkMenus START
>> activelink/menu preload; start time = 1282229194006
>> Aug 19, 2010 7:46:34 AM - FINE (com.remedy.log.SESSION) : (Thread 12)
>> com.remedy.arsys.goat.preferences.ARUserPreferences getPrefFromServer No
>> preference server for this user MidTier Service Using default 
preferences.
>> Aug 19, 2010 7:46:34 AM - FINE (com.remedy.log.SESSION) : (Thread 12)
>> com.remedy.arsys.goat.preferences.ARUserPreferences getPrefFromServer No
>> preference server for this user MidTier Service Using default 
preferences.
>> Aug 19, 2010 7:46:34 AM - FINE (com.remedy.log.SESSION) : (Thread 12)
>> com.remedy.arsys.stubs.SessionData initTimezone InitTimeZone =
>> America/Los_Angeles
>>
>> sso.properties with attribute -
>> arsystem.sso.username.method=attribute
>> arsystem.sso.username.case=lower
>> arsystem.sso.username.remoteuser_remove_domain=F
>> # arsystem.sso.username.headername=
>> arsystem.sso.username.attributename=username
>> arsystem.sso.authstring.method=default
>> # arsystem.sso.authstring.custom=
>> arsystem.sso.logging.debug=T
>>
>> Error that I receive -
>> Aug 19, 2010 7:52:15 AM - INFO (com.remedy.log.SESSION) : (Thread 10)
>> com.remedy.arsys.session.Login loadAuthenticatorConfigFile Login: Loaded
>> authenticator properties file sso.properties
>> Aug 19, 2010 7:52:15 AM - FINE (com.remedy.log.SESSION) : (Thread 10)
>> com.remedy.arsys.sso.SSOAuthenticator init SSO: Initialization: Version
>> 2.06
>> (Mid-Tier 7.0.x build)
>> Aug 19, 2010 7:52:15 AM - FINE (com.remedy.log.SESSION) : (Thread 10)
>> com.remedy.arsys.sso.SSOAuthenticator init SSO: Property values were
>> loaded.
>> Aug 19, 2010 7:52:22 AM - FINE (com.remedy.log.SERVLET) : (Thread 11)
>> com.remedy.arsys.stubs.GoatServlet postInternal GoatServlet:
>> url=http://serverX/arsys/
>> Aug 19, 2010 7:52:22 AM - FINE (com.remedy.log.SERVLET) : (Thread 11)
>> com.remedy.arsys.stubs.GoatServlet postInternal cookie=IP-Restriction-
>> GUID="2"
>> Aug 19, 2010 7:52:22 AM - FINE (com.remedy.log.SERVLET) : (Thread 11)
>> com.remedy.arsys.stubs.GoatServlet setupSessionData GoatServlet: No 
session
>> or new session
>> Aug 19, 2010 7:52:22 AM - FINE (com.remedy.log.SESSION) : (Thread 11)
>> com.remedy.arsys.session.Login establishSession Login: establishing 
Session
>> Aug 19, 2010 7:52:22 AM - FINE (com.remedy.log.SESSION) : (Thread 11)
>> com.remedy.arsys.sso.SSOAuthenticator getAuthenticatedCredentials SSO:
>> Attribute value (username): null
>> Aug 19, 2010 7:52:22 AM - FINE (com.remedy.log.SESSION) : (Thread 11)
>> com.remedy.arsys.sso.SSOAuthenticator getUserName SSO: Setting username 
to
>> lower case...
>> Aug 19, 2010 7:52:22 AM - SEVERE (com.remedy.log.SERVLET) : (Thread 11)
>> com.remedy.arsys.log.Log log Caught
>> RuntimeExceptionjava.lang.NullPointerException
>>  at
>>
>> 
com.remedy.arsys.sso.SSOAuthenticator.getUserName(SSOAuthenticator.java:220)
>>  at
>>
>> 
com.remedy.arsys.sso.SSOAuthenticator.getAuthenticatedCredentials(SSOAuthent
>> icator.java:143)
>>  at com.remedy.arsys.session.Login.establishSession(Unknown Source)
>>  at com.remedy.arsys.stubs.GoatServlet.postInternal(Unknown Source)
>>  at com.remedy.arsys.stubs.GoatHttpServlet.doGet(Unknown Source)
>>  at javax.servlet.http.HttpServlet.service(HttpServlet.java:627)
>>  at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
>>  at
>>
>> 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
>> FilterChain.java:269)
>>  at
>>
>> 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
>> ain.java:188)
>>  at
>>
>> 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja
>> va:213)
>>  at
>>
>> 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
>> va:172)
>>  at
>>
>> 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127
>> )
>>  at
>>
>> 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117
>> )
>>  at
>>
>> 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
>> :108)
>>  at
>> 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
>>  at
>> 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:873)
>>  at
>>
>> 
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processC
>> onnection(Http11BaseProtocol.java:665)
>>  at
>>
>> 
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.jav
>> a:528)
>>  at
>>
>> 
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWo
>> rkerThread.java:81)
>>  at
>>
>> 
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
>> a:689)
>>  at java.lang.Thread.run(Unknown Source)
>>
>> Aug 19, 2010 7:52:25 AM - INFO (com.remedy.log.PERFORMANCE) : (Thread 12)
>> com.remedy.arsys.prefetch.PreloadManager loadAllActiveLinkMenus START
>> activelink/menu preload; start time = 1282229545193
>> Aug 19, 2010 7:52:25 AM - FINE (com.remedy.log.SESSION) : (Thread 12)
>> com.remedy.arsys.goat.preferences.ARUserPreferences getPrefFromServer No
>> preference server for this user MidTier Service Using default 
preferences.
>> Aug 19, 2010 7:52:25 AM - CONFIG (com.remedy.log.CONFIG) : (Thread 12)
>> com.remedy.arsys.config.ConfigProperties load Loaded properties file
>> C:\ARSYSTEM\midtier\WEB-INF\classes\locale.properties
>> Aug 19, 2010 7:52:25 AM - FINE (com.remedy.log.SESSION) : (Thread 12)
>> com.remedy.arsys.goat.preferences.ARUserPreferences getPrefFromServer No
>> preference server for this user MidTier Service Using default 
preferences.
>> Aug 19, 2010 7:52:25 AM - FINE (com.remedy.log.SESSION) : (Thread 12)
>> com.remedy.arsys.stubs.SessionData initTimezone InitTimeZone =
>> America/Los_Angeles
>>
>>
>> So why I am getting these error's -
>>
>> SSO ERROR: RemoteUser name is null or empty
>> SSO ERROR: Header is null or empty
>> SSO: Attribute value (username): null
>>
>> Does SSO work with only using Tomcat?
>>
>> What am I missing in this configuration to get SSO to work with the Mid-
>> Tier?
>>
>> Please help!!!!
>>
>> Thanks in advance,
>>
>> Andre
>>
>>
>> 
____________________________________________________________________________
___
>> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
>> attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"
>>
>
>___________________________________________________________________________
____
>UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
>attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"
>

____________________________________________________________________________
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"