Highlighted
Outstanding Contributor.
Outstanding Contributor.
369 views

(SM) Support Tip: Tips for troubleshooting SSO related issue if SSL connection is working

Single Sign On (SSO) has been implemented and when trying to access webtier you get the login screen asking to provide your user name and password. Expectation is to bypass the login screen

 Three possible root cause for this issue

1- isCustomAuthenticationUsed should be set to false in the web.xml file

2- tomcatAuthentication="false" should be set in the tomcat server.xml

3- Webserver such as apache not sending the remote user authentication information to the webserver

 Root cause 1:

  • Stop tomcat
  • Locate the web.xml file from the <tomcat>\webapps\webtier\WEB-INF folder
  • Set isCustomAuthenticationUsed  to false
  • Save and restart tomcat

 Root cause 2:

  • Stop tomcat
  • Locate the server.xml file from the <tomcat>\conf folder
  • Do the following change:
  • from
  • <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
  • to
  • <Connector port="8009" tomcatAuthentication="false" protocol="AJP/1.3" redirectPort="8443" />

 Root cause 3:

  • Stop tomcat
  • Upload the attached diagnostic.jsp file into the tomcat webtier folder (<tomcat>\webapps\webtier)
  • Delete tomcat cache (<tomcat>\webapps\work)If you are using 950 or higher.
  •  
  • locate the application-context.xml file from: <tomcat>\webapps\webtier\WEB-INF\classes<sec:filter-chain pattern="/diagnostic.jsp" filters="none"/>
  • Search this entry <sec:filter-chain pattern="/goodbye.jsp" filters="none"/> and next line add this entry:
  • Restart tomcat

 If you are using SM94x

  • locate the application-context.xml file from: <tomcat>\webapps\webtier\WEB-INF\classes
  • search this entry: /goodbye.jsp=#NONE# and next line add this entry:
  • /diagnostic.jsp=#NONE#
  • Restart tomcat

 

  • Access the webtier via the following URL: http://xxxx/webtier/diagnostic.jspIf you get the message: "Not authenticated - webserver is not sending remote user info to the application server" then a review of all your apache configuration files is required
  • Result: The diagnostic.jsp script will run a script which will help to confirm whatever or not the remote user authentication data is send to tomcat  
  • NOTE: Please contact HPE Support to get a copy of the diagnostic.jsp file

 

Labels (1)
0 Likes
1 Reply
Highlighted
Super Contributor.. Super Contributor..
Super Contributor..

Re: (SM) Support Tip: Tips for troubleshooting SSO related issue if SSL connection is working

Hello , 

thanks for the tip , 

how i can get the attached script ? i can not see it 

thanks 

Thanks and Best Regards
------------------------------
Amr Salah
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.