6 Replies Latest reply on Jan 6, 2019 5:25 AM by Stefan Hall

    We have problems with RSSO 9.1.3 Looping

    Jan Rogstad

      We have installed RSSO on two different installations.


      Installation A: On this installation everything works fine.
      Installation B: On This installation, we do not get this to work.


      Both installastions are innstalled with same versions of Java 8.92, Tomcat 8.5 and Remedy 9.1.3 and have midtier and rsso installed on the same windows 2012 server.

       

      On Installation B RSSO does not works with either kerberos or AR certification (Bypass)
      The symptom is that authentication works, but the RSSO is unable to redirect to the requested midtier page.
      It looks like RSSO is failing with the GOTO-command. It starts authentication again with a new GOTO-command. And continues to loop.


      We have also tried to install midtier and rsso on two different servers, but with the same negative result.

      We've been troubleshooting this for a long time, but with no luck,
      is there anyone out there which has some great tips on where we now can try to continue the troubleshooting.

        • 1. Re: We have problems with RSSO 9.1.3 Looping
          Ganesh Gore

          I would look into midtier configuration again.

          Check below files are in place and compare configuration files of working and nonworking environment.

          Config.properties

          rsso-authenticator-plugin-all.jar

          rsso-agent-all.jar

          gson-2.3.1.jar

          rsso-agent.properties

          login.jsp

          web.xml

           

          • 2. Re: We have problems with RSSO 9.1.3 Looping
            Jan Rogstad

            Thank you for the answer.

            I have compared the files, but sorry I do not find any errors in the files.

            We have also tried to install and integrate RSSO in another demo server in the nonworking environment and we experience the same error there.

            We think this has someting about server- or network settings to do since the installations are the same in both environment.

            • 3. Re: We have problems with RSSO 9.1.3 Looping
              Davor Dimeski

              I have the same problem, on mid A rsso working, on mid B rsso is looping endlessly.

              In the log I see:

               

              on mid B rsso-agent.0.log

               

              05 Jan 2019 18:15:47.992 INFO Thread_108 com.bmc.rsso.agent.RSSOAgent.process(): [16] User is redirected for login, unauthenticated request, login url:null

              05 Jan 2019 18:15:48.633 WARNING Thread_123 com.bmc.rsso.sdk.impl.SSOServiceImpl.getToken(): SSO Service: No Token data in header

              05 Jan 2019 18:15:48.633 WARNING Thread_123 com.bmc.rsso.sdk.impl.SSOServiceImpl.getToken(): SSO Service: No Token data in cookie

              05 Jan 2019 18:15:48.633 INFO Thread_123 com.bmc.rsso.agent.RSSOAgent.process(): [16] User is redirected for login, unauthenticated request, login url:null

              05 Jan 2019 18:15:48.977 WARNING Thread_123 com.bmc.rsso.sdk.impl.SSOServiceImpl.getToken(): SSO Service: No Token data in header

              05 Jan 2019 18:15:48.977 WARNING Thread_123 com.bmc.rsso.sdk.impl.SSOServiceImpl.getToken(): SSO Service: No Token data in cookie

              05 Jan 2019 18:15:48.977 INFO Thread_123 com.bmc.rsso.agent.RSSOAgent.process(): [0] User is redirected for login, unauthenticated request, login url:null

              on mid A where RSSO is installed in rsso.0.log i see:

               

              05 Jan 2019 18:16:48.980 INFO Thread_99 com.bmc.rsso.servlet.CheckConfigServlet.doGet(): [0] Client midtier_agent retrieve server config

              05 Jan 2019 18:16:48.980 DEBUG Thread_99 com.bmc.rsso.servlet.CheckConfigServlet.doGet(): GET /rsso/checkconfig

              05 Jan 2019 18:16:48.980 INFO Thread_99 com.bmc.rsso.servlet.CheckConfigServlet.doGet(): [0] Client midtier_agent retrieve server config

              05 Jan 2019 18:16:49.230 DEBUG Thread_129 com.bmc.rsso.servlet.LoginRequestServlet.processRequest(): Requesting login /rsso/start

              05 Jan 2019 18:16:49.230 DEBUG Thread_129 com.bmc.rsso.servlet.ServletUtils.getParameter(): Getting servlet parameter tenant

              05 Jan 2019 18:16:49.230 DEBUG Thread_129 com.bmc.rsso.servlet.ServletUtils.getParameter(): Return parameter value: *@*

              05 Jan 2019 18:16:49.230 DEBUG Thread_129 com.bmc.rsso.core.data.Utils.getRealmFromDomainRealm(): Getting realm from domainRealm: *@*

              05 Jan 2019 18:16:49.230 DEBUG Thread_129 com.bmc.rsso.core.data.Utils.getRealmFromDomainRealm(): Realm extracted: *

              05 Jan 2019 18:16:49.230 DEBUG Thread_129 com.bmc.rsso.servlet.LoginRequestServlet.processRequest(): Incoming request from the url/tenant http://rmdmid2tst.domain.some:8080/arsys//*@*

              05 Jan 2019 18:16:49.230 DEBUG Thread_129 com.bmc.rsso.sdk.token.CookieTokenManager.<init>(): Create CookieTokenManager(sso_1542903349663, telecom.ba)

              05 Jan 2019 18:16:49.230 DEBUG Thread_129 com.bmc.rsso.sdk.token.CookieTokenManager.getToken(): Processing cookies collection, looking for name: sso_1542903349663

              05 Jan 2019 18:16:49.230 DEBUG Thread_129 com.bmc.rsso.sdk.token.CookieTokenManager.getToken(): Processing cookies collection, cookie name: sso_1542903349663

              05 Jan 2019 18:16:49.230 DEBUG Thread_129 com.bmc.rsso.sdk.token.CookieTokenManager.getToken(): Found cookie name: sso_1542903349663, value: _ad4ef1f6-*****-a29ea681ee82

              05 Jan 2019 18:16:49.230 DEBUG Thread_129 com.bmc.rsso.dao.SqlSessionDao.getSession(): Get token from database by id: _ad4ef1f6-*****-a29ea681ee82

              05 Jan 2019 18:16:49.246 DEBUG Thread_129 com.bmc.rsso.dao.SqlSessionDao.getSession(): Session found in database: Session{id='_ad4ef1f6-*****-a29ea681ee82', userId='remedyad1', userDomainTenant='*', sessionIndex='', sessionTimeout='1/5/19 7:09 PM', nameId='null', transient='false', idpId='834323e8-8800-4feb-9fab-8f2de0aa03c9', creationTime='1/5/19 6:09 PM'}

              05 Jan 2019 18:16:49.246 DEBUG Thread_129 com.bmc.rsso.dao.SqlSessionDao.getSession(): [16] Token _ad4ef1f6-*****-a29ea681ee82 is found

              05 Jan 2019 18:16:49.542 DEBUG Thread_99 com.bmc.rsso.servlet.CheckConfigServlet.doGet(): GET /rsso/checkconfig

              05 Jan 2019 18:16:49.542 INFO Thread_99 com.bmc.rsso.servlet.CheckConfigServlet.doGet(): [0] Client midtier_agent retrieve server config

               

              please help.

              • 4. Re: We have problems with RSSO 9.1.3 Looping
                Stefan Hall

                Do you also use RSSO in version 9.1.03?

                • Have you entered the second midtier in RSSO as the requesting host?
                • Please check the installed product xml under /opt/bmc/. The information about the midtier and the RSSO installation should be identical.
                • Check both web.xml against each other. These must not differ except for a few exceptions.
                • Check the two rsso-agent config files against each other.
                • What about the domain of the two midtier servers? Are they identical?

                 

                Davor Dimeski

                you're comparing two different log files (rsso-agent.0.log vs. rsso.0.log). If possible, append both files for both systems.

                • 5. Re: We have problems with RSSO 9.1.3 Looping
                  Jan Rogstad

                  What is the name of your cookie domain?

                  Our problem was the use of cookie domain «mil.no»

                  We found that «mil.no» is one of a long list off reserved root domains and is not legal to use.

                  Our solution was to change the cookie domain to «remedy.mil.no».

                  Then everything worked well.

                  • 6. Re: We have problems with RSSO 9.1.3 Looping
                    Stefan Hall

                    Your problem is solved? Please mark your answer as correct to close your question cleanly.