NTLM authentication - Dashboard error

Hello,

we have set NTLM authentication on PPM 9.50 and we can normally connect to PPM but dashboard portlets are not shown.

You can see the front page attached. When we go on Search > Projects, everything is ok and then we again have problem on a project.

Do you have any idea how can this be fixed?

We have added this to the server.conf:

com.kintana.core.server.WEB_CACHE_DIR=C:/PPM/cache
com.kintana.core.server.EXTERNAL_WEB_PORT=8009
com.kintana.core.server.SINGLE_SIGN_ON_PLUGIN=com.kintana.sc.security.auth.WebRemoteUserSingleSignOn
com.kintana.core.server.ENABLE_WEB_ACCESS_LOGGING=True

And we have added AUTHENTICATIN_MODE=ITG,NTLM

We have changed ntlm and sso conf files.

We are using Apache 2.4

Did anybody have similar problem?

Thank you,

Mateja

Parents
  • Verified Answer

    Hello,

    we have added following lines in uriworkermap.properties:
    /itg/*=load_balancer

    /dashboard/*=load_balancer

    /reports/*=load_balancer

    /logs/*=load_balancer

    /pdf/*=load_balancer

    /utility_portlets/*=load_balancer 

    And in apache httpd.conf:
    kMount /itg* "worker.list=name"  

                JkMount /itg/* "worker.list=name"  

        JkMount /dashboard/* "worker.list=name"  

                JkMount /reports/* "worker.list=name"  

                JkMount /logs/* "worker.list=name"  

                JkMount /pdf/* "worker.list=name"

    <Location "/itg">

     

                 #AllowOverride None

         Options FollowSymLinks -SymLinksIfOwnerMatch

         #Order allow,deny

                 #Require all granted

         #Allow from all

        AuthType SSPI

        NTLMAuth On

        NTLMAuthoritative On

                #NTLMDomain lab.zg

                NTLMPerRequestAuth On

                NTLMOfferBasic On

                NTLMBasicPreferred On

        <RequireAll>

            <RequireAny>

                Require valid-user

            </RequireAny>

                             <RequireNone>

                Require user "ANONYMOUS LOGON"

                Require user "NT-AUTORITÄT\ANONYMOUS-ANMELDUNG"

            </RequireNone>

        </RequireAll>

               

     

        # use this to add the authenticated username to you header

        # so any backend system can fetch the current user

        # rewrite_module needs to be loaded then

     

         RewriteEngine On

         RewriteCond %{LA-U:REMOTE_USER} (. )

         RewriteRule . - [E=RU:%1,NS]

         RequestHeader set X_ISRW_PROXY_AUTH_USER %{RU}e  

                 #RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER},NS]

     

      </Location>

     

    Now everything is ok.

Reply
  • Verified Answer

    Hello,

    we have added following lines in uriworkermap.properties:
    /itg/*=load_balancer

    /dashboard/*=load_balancer

    /reports/*=load_balancer

    /logs/*=load_balancer

    /pdf/*=load_balancer

    /utility_portlets/*=load_balancer 

    And in apache httpd.conf:
    kMount /itg* "worker.list=name"  

                JkMount /itg/* "worker.list=name"  

        JkMount /dashboard/* "worker.list=name"  

                JkMount /reports/* "worker.list=name"  

                JkMount /logs/* "worker.list=name"  

                JkMount /pdf/* "worker.list=name"

    <Location "/itg">

     

                 #AllowOverride None

         Options FollowSymLinks -SymLinksIfOwnerMatch

         #Order allow,deny

                 #Require all granted

         #Allow from all

        AuthType SSPI

        NTLMAuth On

        NTLMAuthoritative On

                #NTLMDomain lab.zg

                NTLMPerRequestAuth On

                NTLMOfferBasic On

                NTLMBasicPreferred On

        <RequireAll>

            <RequireAny>

                Require valid-user

            </RequireAny>

                             <RequireNone>

                Require user "ANONYMOUS LOGON"

                Require user "NT-AUTORITÄT\ANONYMOUS-ANMELDUNG"

            </RequireNone>

        </RequireAll>

               

     

        # use this to add the authenticated username to you header

        # so any backend system can fetch the current user

        # rewrite_module needs to be loaded then

     

         RewriteEngine On

         RewriteCond %{LA-U:REMOTE_USER} (. )

         RewriteRule . - [E=RU:%1,NS]

         RequestHeader set X_ISRW_PROXY_AUTH_USER %{RU}e  

                 #RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER},NS]

     

      </Location>

     

    Now everything is ok.

Children
No Data