5 Replies Latest reply on Nov 7, 2014 9:08 AM by Jayesh Panchal

    ASSO-Mid-Tier integration concern

    Jayesh Panchal
      Share This:

      Hi All,

       

      I have integrated ASSO with mid-tier using mid-tier  load balancer URL.How to flush the mid-tier cache on each mid-tier server once integrated with mid-tier load balancer?

       

      I have raised this concern because when I hit config.jsp URL on individual mid-tier server, it is redirecting to load balancer URL. This way we can not get to know which mid-tier cache I am going to flush.

       

      Has anybody faced this situation?

       

      Regards,

      Jayesh

        • 1. Re: ASSO-Mid-Tier integration concern
          Shrihari Salem

          Hi Jayesh,

           

          Did you use the MidTier integration utility to perform the integration or did it manually.

          If you performed the integration manually then you will need to set a parameter while running the deployer command

          --not-enforced-uri-file "<path-to->/sso_unenforced_URIs.txt"

          This list contains URLs which SSO agent will not intercept. The urls which are used here are as below

          /arsys/ThirdPartyJars/*

          /arsys/services/*

          /arsys/WSDL/*

          /arsys/shared/config/*

          /arsys/shared/doc/*

          /arsys/shared/images/*

          /arsys/shared/timer/*

          /arsys/shared/ar_url_encoder.jsp

          /arsys/shared/error.jsp

          /arsys/shared/file_not_found.jsp

          /arsys/shared/HTTPPost.class

          /arsys/shared/login.jsp

          /arsys/shared/login_common.jsp

          /arsys/shared/view_form.jsp

          /arsys/shared/logout.jsp

          /arsys/shared/wait.jsp

          /arsys/servlet/ConfigServlet

          /arsys/servlet/GoatConfigServlet

          /arsys/servlet/GoatConfigServlet

          /arsys/plugins/*

           

          If you have already integrated SSO with MidTier, then go to the individual agent details in SSO and add these entries to the 'Not-Enforced' list and Save. Restart MidTier for these changes to come into effect.

           

          Hope this helps

          Thanks

          Shrihari

          • 2. Re: ASSO-Mid-Tier integration concern
            Jayesh Panchal

            Hi Shrihari,

             

            That is fine!! It is already there and I can navigate to config.jsp without being intercepted by ASSO. But my concern is when we integrate it with MT LB then it will be the LB URL always when you navigate to config.jsp not the individual MT URL. Even if you hit individual MT URL, it will navigate you to MT LB url.

             

            In this case, we will not get to know which MT cache we are going to flush.

             

            Regards,

            Jayesh

            • 3. Re: ASSO-Mid-Tier integration concern
              Shrihari Salem

              Which version of AR/MT and SSO are you using?

               

              While configuring with Midtier LB URL make sure the webapp URL is set to the LB URL and notify-url as individual MT URL.

              For e.g

              --webapp-url: https://mtlb.remedy.com/arsys

              --notify-url = http://mt1.remedy.com/arsys

               

              Also, try disabling the FQDN check for each MT agent that is registered on the SSO Server. By doing this you will no longer get redirected to LB URL and go to the individual MT url.

               

              Thanks

              Shrihari

              • 4. Re: ASSO-Mid-Tier integration concern
                Jayesh Panchal

                I had enabled FQDN check and that is why it was considering the hostname which was mentioned as LB FQDN,

                 

                After unchecking it, now it is disabled and working as expected.

                 

                Also wanted to check with you regarding single logout feature in SAML, We have integrated ASSO with Site Minder using SAML 2.0 but Site Minder version 12 does not support Single Logout Service. Hence we need to find a workaround where all the applications like ITSM,MyIT,Chat,Analytics and Dashboard should redirect to single common URL when we click on Logout button. SO ITSM is working fine where I click on Logout button and its redirecting me to common URL mentioned in agent Logout URI. But its not working for MyIT,Analytics and Dasboard and going again into the same application without redirecting to common URL. Do you know is there any possibility to redirect to common URL for those application as well?

                 

                Thanks,

                Jayesh

                • 5. Re: ASSO-Mid-Tier integration concern
                  Jayesh Panchal

                  Hi Shrihari,

                   

                  I am able to login with test`users by hitting MT load balancer URL having /arsys/shared/login.jsp URI.

                   

                  But after entering the credentials it is again redirecting to the IDP page.

                   

                  Do you have any idea how to login with test users without SAML?