Remedy - Server - v9.1.x Authentication Chaining Mode setting is not applied correctly and cannot authenticate after upgrade to 9.1.x

Version 4
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    Remedy AR System Server


    COMPONENT:

    AR System


    APPLIES TO:

    Remedy AR System Server 9.0.x, 9.1.x



    PROBLEM:

    Configuring Authentication-Chaining-Mode in 9.x version seems not to take effect.

    Setting for example in the EA tab in the Server Information form:
    User-added image

    It is observed as expected also in the Central Configuration form:

    User-added image

    But when accessing to the application it is observed in the arerror.log file that the Authentication-Chaining-Mode being used is the Default which would be OFF.

    arerror.log:
    ...........
    Thu Feb 02 12:42:23.751 2017 Configuration warning: cvc-elt.1: Cannot find the declaration of element 'server'.
    Thu Feb 02 12:42:23.789 2017 Configuration warning: cvc-elt.1: Cannot find the declaration of element 'server'.
    Thu Feb 02 12:42:24.325 2017 Extension loaded: com.bmc.cmdb 9.0.1.SNAPSHOT bmc.cmdb.cmdbEngine
    Thu Feb 02 12:42:24.325 2017 CMDB Server Starting
    Thu Feb 02 12:42:32.783 2017 CMDB Server Started.
    Fri Feb 03 16:23:08.991 2017
    Actual Authentication Chaining Applied:DEFAULT
    Fri Feb 03 16:23:08.995 2017 Principals : Demo
    Fri Feb 03 16:24:04.117 2017
    Actual Authentication Chaining Applied:DEFAULT
    Fri Feb 03 16:24:04.120 2017 Principals : Demo
    ...........

     


    CAUSE:

    Defect: SW00524393


    SOLUTION:

    This behavior has been identified and reported as a defect:
    ....................
    SW00524393 - Authentication Chaining Mode setting is not applied correctly
    ....................


    This behavior has been addressed and fixed in v9.1.02 Patch 003.


    For more information about Patch 003 as well as how to obtain it please check the article:
    Remedy - ARS 9.1 SP2 Patch 003 Corrected issues/defects (AR System Suite)

    Although we strongly recommend to install always the latest patch available there is also a workaround for this behavior.

    Workaround:
    Enabling Cross Reference Blank Password, (on the EA tab of the Server Information form in the AR System Administration Console, or the parameter "
    Crossref-Blank-Password: T" in the ar.cfg/ar.conf file), it works as it should and the authentication chaining method works.
    When Cross Reference Blank Password is unset, the arerror.log shows "Actual Authentication Chaining Applied:DEFAULT"
    But when is set the arerror.log shows: "Actual Authentication Chaining Applied:ARS_AREA_OS"

    The defect  causes the chaining mode to not be read if CRBP is not set. If a user has a password in the User form and a different password in LDAP for example and using the User form password or LDAP password, works
    The CRBP is not actually used at all; it just somehow makes chaining work and this is what it will addressed the defect.

    The workaround as described above is to enable Cross Reference Blank Password

    Related information
    Note: in order to be able to see this information in the arerror.log, the appropriate logging level is required. Please check this article below:
    How to enable Authentication Logging in AR System Server 9.x?

     


    Article Number:

    000130063


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles