This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.
Remedy AR System Server
Remedy AR System Server 9.0.x, 9.1.x
Configuring Authentication-Chaining-Mode in 9.x version seems not to take effect.
Setting for example in the EA tab in the Server Information form:
It is observed as expected also in the Central Configuration form:
But when accessing to the application it is observed in the arerror.log file that the Authentication-Chaining-Mode being used is the Default which would be OFF.
Thu Feb 02 12:42:23.751 2017 Configuration warning: cvc-elt.1: Cannot find the declaration of element 'server'.
Thu Feb 02 12:42:23.789 2017 Configuration warning: cvc-elt.1: Cannot find the declaration of element 'server'.
Thu Feb 02 12:42:24.325 2017 Extension loaded: com.bmc.cmdb 9.0.1.SNAPSHOT bmc.cmdb.cmdbEngine
Thu Feb 02 12:42:24.325 2017 CMDB Server Starting
Thu Feb 02 12:42:32.783 2017 CMDB Server Started.
Fri Feb 03 16:23:08.991 2017 Actual Authentication Chaining Applied:DEFAULT
Fri Feb 03 16:23:08.995 2017 Principals : Demo
Fri Feb 03 16:24:04.117 2017 Actual Authentication Chaining Applied:DEFAULT
Fri Feb 03 16:24:04.120 2017 Principals : Demo
This behavior has been identified and reported as a defect:
SW00524393 - Authentication Chaining Mode setting is not applied correctly
This behavior has been addressed and fixed in v9.1.02 Patch 003.
For more information about Patch 003 as well as how to obtain it please check the article:
Remedy - ARS 9.1 SP2 Patch 003 Corrected issues/defects (AR System Suite)
Although we strongly recommend to install always the latest patch available there is also a workaround for this behavior.
Enabling Cross Reference Blank Password, (on the EA tab of the Server Information form in the AR System Administration Console, or the parameter "Crossref-Blank-Password: T" in the ar.cfg/ar.conf file), it works as it should and the authentication chaining method works.
When Cross Reference Blank Password is unset, the arerror.log shows "Actual Authentication Chaining Applied:DEFAULT"
But when is set the arerror.log shows: "Actual Authentication Chaining Applied:ARS_AREA_OS"
The defect causes the chaining mode to not be read if CRBP is not set. If a user has a password in the User form and a different password in LDAP for example and using the User form password or LDAP password, works
The CRBP is not actually used at all; it just somehow makes chaining work and this is what it will addressed the defect.
The workaround as described above is to enable Cross Reference Blank Password
Note: in order to be able to see this information in the arerror.log, the appropriate logging level is required. Please check this article below:
How to enable Authentication Logging in AR System Server 9.x?