(SM) Support Tip: Tips for troubleshooting SSO related issue if SSL connection is working

Single Sign On (SSO) has been implemented and when trying to access webtier you get the login screen asking to provide your user name and password. Expectation is to bypass the login screen

 Three possible root cause for this issue

1- isCustomAuthenticationUsed should be set to false in the web.xml file

2- tomcatAuthentication="false" should be set in the tomcat server.xml

3- Webserver such as apache not sending the remote user authentication information to the webserver

 Root cause 1:

  • Stop tomcat
  • Locate the web.xml file from the <tomcat>\webapps\webtier\WEB-INF folder
  • Set isCustomAuthenticationUsed  to false
  • Save and restart tomcat

 Root cause 2:

  • Stop tomcat
  • Locate the server.xml file from the <tomcat>\conf folder
  • Do the following change:
  • from
  • <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
  • to
  • <Connector port="8009" tomcatAuthentication="false" protocol="AJP/1.3" redirectPort="8443" />

 Root cause 3:

  • Stop tomcat
  • Upload the attached diagnostic.jsp file into the tomcat webtier folder (<tomcat>\webapps\webtier)
  • Delete tomcat cache (<tomcat>\webapps\work)If you are using 950 or higher.
  •  
  • locate the application-context.xml file from: <tomcat>\webapps\webtier\WEB-INF\classes<sec:filter-chain pattern="/diagnostic.jsp" filters="none"/>
  • Search this entry <sec:filter-chain pattern="/goodbye.jsp" filters="none"/> and next line add this entry:
  • Restart tomcat

 If you are using SM94x

  • locate the application-context.xml file from: <tomcat>\webapps\webtier\WEB-INF\classes
  • search this entry: /goodbye.jsp=#NONE# and next line add this entry:
  • /diagnostic.jsp=#NONE#
  • Restart tomcat

 

  • Access the webtier via the following URL: http://xxxx/webtier/diagnostic.jspIf you get the message: "Not authenticated - webserver is not sending remote user info to the application server" then a review of all your apache configuration files is required
  • Result: The diagnostic.jsp script will run a script which will help to confirm whatever or not the remote user authentication data is send to tomcat  
  • NOTE: Please contact HPE Support to get a copy of the diagnostic.jsp file

 

Tags: