1 2 3 Previous Next 42 Replies Latest reply: Apr 13, 2012 3:07 PM by mikeroper Go to original post RSS
  • 15. Re: Atrium SSO and CAC Integration with ARS
    Adam Linehan

    Hi Mike,

     

    There is a hotfix for the Atrium SSO 7.6.04 SP1 image that resolved a problem with OCSP. You should be able to get the latest hotfix from support which will resolve this issue, plus a few others.

     

    Thanks,

     

     

    Adam

  • 16. Atrium SSO and CAC Integration with ARS
    mikeroper

    so, when I use firefox...

     

    I open the browser and hit the mid-tier address

    the certificate box shows up

    I select my cert

    I enter the pin

     

    Then it seems the browser is sent into a loop... Firefox shows:

     

    The page isn't redirecting properly

              Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

      This problem can sometimes be caused by disabling or refusing to accept

        cookies.

     

    Looking at the authentication debug log, I see many lines of "Session Valid / Already authenticated" messages

    however in the session debug log, I see many exceptions thrown that are indicating "Invalid Session ID" as the error message.

     

    It seems contrary to me...

  • 17. Re: Atrium SSO and CAC Integration with ARS
    Adam Linehan

    Hi Mike,

     

    This type of problem occurs when there is trouble accessing the cookie. The mid-tier and SSO server must be in the same domain that was specified for the cookie domain when Atrium SSO was installed (or a sub-domain of that value). When integrating mid-ter with Atrium SSO, FQDN must be used in the URL parameters. Also, check the agent configuration in the Admin Console to make sure the FQDN Virtual Host Map is correctly mapping from a simple host name to the FQDN.

     

    Thanks,

     

     

    Adam

  • 18. Atrium SSO and CAC Integration with ARS
    mikeroper

    Working on this cookie issue, I went back to square one. checking all the settings for the FQDN. I looked at the command line for the deployer script. It turns out that the --web-app-url did not have the FQDN in it. After calling myself dumb, I unstalled the agent using the deployer script. I reinstalled the agent after adding the FQDN to the cmd line. it looked like it went successfully. I started the tomcat server. went to the mid-tier page and... BMCSSG1323I: Agent installation not detected. NOOOOOOOOO! I broke it! damn! Would there happen to be a secret debug switch for the deployer?

     

    Some of the things I have done...

     

    Stopped the service

    uninstalled again

    got rid of the atsso lck and tmp files

    renamed the atsso directory (it was recreated on the next install attempt)

    reinstalled

    no love...

     

    So any thoughts on my step backwards?

  • 19. Atrium SSO and CAC Integration with ARS
    Jim Wilson

    Did you remember to fix the --container-type error that you previously encountered?

     

    It should be --container-type tomcatv6

  • 20. Atrium SSO and CAC Integration with ARS
    mikeroper

    Yep, I applied all my prior "lessons learned" from my SSO journey. I've been documenting as I go. The only thing I changed was to add the rest of the domain to the --web-app-url switch.

     

    Uninstalling everything and starting over is beginning to sound good.

  • 21. Re: Atrium SSO and CAC Integration with ARS
    Adam Linehan

    Hi Mike,

     

    If the deployer execution finished without any error messages then the integration with the SSO server was successful. If there were any troubles, the simplest cleanup is to simply delete the atssoAgents folder from tomcat and the agent configuration in the admin console.

     

    This error message means the agent in the mid-tier isn’t able to find the atssoAgents which should be in the tomcat folder (a sibling directory to bin, conf, logs, etc.). The location is taken from the --container-base-dir parameter.

     

    There should be a atsso.log.* file in the tomcat temp directory which contains additional information about where the agent was looking.

     

     

    Adam

  • 22. Atrium SSO and CAC Integration with ARS
    mikeroper

    Adam, When you say "Agent configuration from the admin console" do you mean the SSO admin console ->BMCRealm ->Agents tab?

     

    If so, that's interesting because I have not since starting this project seen anything configured in that area.

     

    Is this one of the missing pieces? I don't recall seeing anything in the admin guide about this tab.

  • 23. Atrium SSO and CAC Integration with ARS
    mikeroper

    We are so close to making this work I can taste it...

     

    Last night, I uninstalled the SSO server and the mid-tier as well. A fresh start.

     

    I installed the SSO server 7.6.04 SP1 and applied the latest patch.

    I performed the configurations according to the latest documentation

    I installed the mid-tier and chose the SSO integration option during the installer. That didn't go as smoothly as hoped.

    Looking at the post install log, the deployer failed to run be cause it threw an exception. Ok, no problem. I ran the deployer manually. Success.

     

    Now, to be sure that everything was where it should be, I went through the integration guide again for the mid-tier to SSO manual instructions. The only thing that was wrong was that the filter and filter mapping in the web.xml file were still commented out. Maybe this is due to the deployer installation failure. No problem. I fixed the file.

     

    Restarted SSO tomcat service

    Restarted Mid-tier tomcat service

    Waited patiently for a few minutes

    Opened my browser and went to the mid-tier URL

    It asked for my cert and pin

    and redirected me into the mid-tier - wow...

    I'm presented with [ARERR 623] Authentication failed

     

    I think (hope) this is the last hurdle

  • 24. Atrium SSO and CAC Integration with ARS
    Shrihari S N

    Hi Mike,

     

    The Agent configuration can be found under the Top Level Ream -> Agents->J2EE

    You can then check the FQDN under it to resolve the looping issue.

     

    Thanks

    Shrihari

  • 25. Atrium SSO and CAC Integration with ARS
    mikeroper

    Shrihari,

     

    There are no agents configured under J2EE. Is this normal?

  • 26. Atrium SSO and CAC Integration with ARS
    Shrihari S N

    No Mike, I you have integrated your product with SSO then the agent should be present.

    Did you check for it in the Top Level Realm?

  • 27. Atrium SSO and CAC Integration with ARS
    mikeroper

    So...

     

    Striking forward with reckless abandon, I created an agent entry under J2EE with what seemed to be the correct values.

     

    It worked. Thanks all around to Jim, Adam and Shrihari for helping me (an SSO first timer) through this.

     

    I was magically transported into the mid-tier and placed at the IT Homepage.

     

    I will post a followup message today with all the steps and lessons learned for the good of the community.

     

    Thanks

    Mike

  • 28. Atrium SSO and CAC Integration with ARS
    mikeroper

    Shrihari, I did not check the top level realm. Looking in there now shows a J2EE agent. However until I put the agent in the BMCRealm, it didn't work. Configuration/Setup bug with the installer maybe?

  • 29. Re: Atrium SSO and CAC Integration with ARS
    John Baker

    Mike,

     

    Wow, that was a painful exercise. Keep up the good work!

     

     

    John