NTLM authentication - Dashboard error

Hello,

we have set NTLM authentication on PPM 9.50 and we can normally connect to PPM but dashboard portlets are not shown.

You can see the front page attached. When we go on Search > Projects, everything is ok and then we again have problem on a project.

Do you have any idea how can this be fixed?

We have added this to the server.conf:

com.kintana.core.server.WEB_CACHE_DIR=C:/PPM/cache
com.kintana.core.server.EXTERNAL_WEB_PORT=8009
com.kintana.core.server.SINGLE_SIGN_ON_PLUGIN=com.kintana.sc.security.auth.WebRemoteUserSingleSignOn
com.kintana.core.server.ENABLE_WEB_ACCESS_LOGGING=True

And we have added AUTHENTICATIN_MODE=ITG,NTLM

We have changed ntlm and sso conf files.

We are using Apache 2.4

Did anybody have similar problem?

Thank you,

Mateja

Parents
  • Hello Mateja,

     

    Was this working fine before with the same external web server (with no NTLM)?

     

    One guess may be that you do not have "/dashboard/*=load_balancer" in the uriworkermap.properties file:

     

    /itg/*=load_balancer
    /dashboard/*=load_balancer
    /reports/*=load_balancer
    /logs/*=load_balancer
    /pdf/*=load_balancer
    /utility_portlets/*=load_balancer

     

    Link:

    https://admhelp.microfocus.com/ppm/en/9.50-9.52/Help/Content/SA/Install&Admin/107050_InstallAdmin_Advance.htm

     

    Other thing is that the 

    com.kintana.core.server.SINGLE_SIGN_ON_PLUGIN=com.kintana.sc.security.auth.WebRemoteUserSingleSignOn 

    with NTLM may need IIS as external web server: https://admhelp.microfocus.com/ppm/en/9.50-9.52/Help/Content/SA/Install&Admin/109900_InstallAdmin_Auth.htm 

     

    Please double check what you already have, the SSO configuration, what is needed, and etc.

     

    Best Regards,

    Iliya

  • Hello,

    we have added things you have suggested in the uriworkermap.properties.

    But still everything is the same.

    This is what we see in Apache logs: 

    [Tue May 28 12:25:55.831703 2019] [authz_user:debug] [pid 6328:tid 1876] mod_authz_user.c(77): [client ::1:54854] AH01663: access to /itg/images/common/avatar.png failed, reason: user 'MO\\tmphlino' does not meet 'require'ments for user to be allowed access, referer: http://srvms127mih.mo.hr/itg/dashboard/app/portal/PageView.jsp

    Regards,

    Mateja

  • Hi,

     

    I believe you have skipped the link: https://admhelp.microfocus.com/ppm/en/9.50-9.52/Help/Content/SA/Install&Admin/109900_InstallAdmin_Auth.htm

     

    Implementing Web Remote Single Sign-On with PPM

    This section provides information on how to implement Web remote single sign-on with PPM. This implementation is based on NTLM authentication and requires that the PPM Server(s) be integrated with an external Web server running Microsoft IIS.

    Web remote single sign-on works with PPM as follows:

    1. A user logs in to a Windows desktop.

    2. The user accesses PPM through the external (IIS) Web server.

    3. The user is authenticated through the Windows user account to IIS and the user name is passed to the PPM Server by way of the REMOTE_USER HTTP header field.

    4. If the user is a valid PPM user, the standard interface and PPM Dashboard open.

    Requirements for Implementing Web Remote Single Sign-On

    To implement Web remote single sign-on, your system must meet the following requirements:

    • PPM must be set up with an external Microsoft IIS Web server. For information on how to do this, see Integrating an External Web Server with a PPM Server.

    • To ensure that you have the required access rights, make sure that the system username you use to log on to PPM is same as the account username for the active directory.

    • Clients must use Microsoft Internet Explorer to log on to PPM. Logon credentials are not automatically passed from Web browsers other than Internet Explorer (for example, Firefox) when connecting to IIS.

    Setting Up Web Remote Single Sign-On with PPM

    To configure Web remote single sign-on with PPM:

    1. Integrate the external IIS Web server with the PPM Server(s).

      For information about how to integrate the external Web server with a PPM Server, see Integrating an External Web Server with a PPM Server.

    2. On the PPM Server, do the following:

      1. Stop the PPM Server.

      2. Open the server.conf file in a text editor, and then add to it the following:

        com.kintana.core.server.SINGLE_SIGN_ON_PLUGIN =com.kintana.sc.security.auth.WebRemoteUserSingleSignOn

     

    ...

     

     

    Best Regards,

    Iliya

     

Reply
  • Hi,

     

    I believe you have skipped the link: https://admhelp.microfocus.com/ppm/en/9.50-9.52/Help/Content/SA/Install&Admin/109900_InstallAdmin_Auth.htm

     

    Implementing Web Remote Single Sign-On with PPM

    This section provides information on how to implement Web remote single sign-on with PPM. This implementation is based on NTLM authentication and requires that the PPM Server(s) be integrated with an external Web server running Microsoft IIS.

    Web remote single sign-on works with PPM as follows:

    1. A user logs in to a Windows desktop.

    2. The user accesses PPM through the external (IIS) Web server.

    3. The user is authenticated through the Windows user account to IIS and the user name is passed to the PPM Server by way of the REMOTE_USER HTTP header field.

    4. If the user is a valid PPM user, the standard interface and PPM Dashboard open.

    Requirements for Implementing Web Remote Single Sign-On

    To implement Web remote single sign-on, your system must meet the following requirements:

    • PPM must be set up with an external Microsoft IIS Web server. For information on how to do this, see Integrating an External Web Server with a PPM Server.

    • To ensure that you have the required access rights, make sure that the system username you use to log on to PPM is same as the account username for the active directory.

    • Clients must use Microsoft Internet Explorer to log on to PPM. Logon credentials are not automatically passed from Web browsers other than Internet Explorer (for example, Firefox) when connecting to IIS.

    Setting Up Web Remote Single Sign-On with PPM

    To configure Web remote single sign-on with PPM:

    1. Integrate the external IIS Web server with the PPM Server(s).

      For information about how to integrate the external Web server with a PPM Server, see Integrating an External Web Server with a PPM Server.

    2. On the PPM Server, do the following:

      1. Stop the PPM Server.

      2. Open the server.conf file in a text editor, and then add to it the following:

        com.kintana.core.server.SINGLE_SIGN_ON_PLUGIN =com.kintana.sc.security.auth.WebRemoteUserSingleSignOn

     

    ...

     

     

    Best Regards,

    Iliya

     

Children