There is a hotfix for the Atrium SSO 7.6.04 SP1 image that resolved a problem with OCSP. You should be able to get the latest hotfix from support which will resolve this issue, plus a few others.
so, when I use firefox...
I open the browser and hit the mid-tier address
the certificate box shows up
I select my cert
I enter the pin
Then it seems the browser is sent into a loop... Firefox shows:
The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept
Looking at the authentication debug log, I see many lines of "Session Valid / Already authenticated" messages
however in the session debug log, I see many exceptions thrown that are indicating "Invalid Session ID" as the error message.
It seems contrary to me...
This type of problem occurs when there is trouble accessing the cookie. The mid-tier and SSO server must be in the same domain that was specified for the cookie domain when Atrium SSO was installed (or a sub-domain of that value). When integrating mid-ter with Atrium SSO, FQDN must be used in the URL parameters. Also, check the agent configuration in the Admin Console to make sure the FQDN Virtual Host Map is correctly mapping from a simple host name to the FQDN.
Working on this cookie issue, I went back to square one. checking all the settings for the FQDN. I looked at the command line for the deployer script. It turns out that the --web-app-url did not have the FQDN in it. After calling myself dumb, I unstalled the agent using the deployer script. I reinstalled the agent after adding the FQDN to the cmd line. it looked like it went successfully. I started the tomcat server. went to the mid-tier page and... BMCSSG1323I: Agent installation not detected. NOOOOOOOOO! I broke it! damn! Would there happen to be a secret debug switch for the deployer?
Some of the things I have done...
Stopped the service
got rid of the atsso lck and tmp files
renamed the atsso directory (it was recreated on the next install attempt)
So any thoughts on my step backwards?
Did you remember to fix the --container-type error that you previously encountered?
It should be --container-type tomcatv6
Yep, I applied all my prior "lessons learned" from my SSO journey. I've been documenting as I go. The only thing I changed was to add the rest of the domain to the --web-app-url switch.
Uninstalling everything and starting over is beginning to sound good.
If the deployer execution finished without any error messages then the integration with the SSO server was successful. If there were any troubles, the simplest cleanup is to simply delete the atssoAgents folder from tomcat and the agent configuration in the admin console.
This error message means the agent in the mid-tier isn’t able to find the atssoAgents which should be in the tomcat folder (a sibling directory to bin, conf, logs, etc.). The location is taken from the --container-base-dir parameter.
There should be a atsso.log.* file in the tomcat temp directory which contains additional information about where the agent was looking.
Adam, When you say "Agent configuration from the admin console" do you mean the SSO admin console ->BMCRealm ->Agents tab?
If so, that's interesting because I have not since starting this project seen anything configured in that area.
Is this one of the missing pieces? I don't recall seeing anything in the admin guide about this tab.
We are so close to making this work I can taste it...
Last night, I uninstalled the SSO server and the mid-tier as well. A fresh start.
I installed the SSO server 7.6.04 SP1 and applied the latest patch.
I performed the configurations according to the latest documentation
I installed the mid-tier and chose the SSO integration option during the installer. That didn't go as smoothly as hoped.
Looking at the post install log, the deployer failed to run be cause it threw an exception. Ok, no problem. I ran the deployer manually. Success.
Now, to be sure that everything was where it should be, I went through the integration guide again for the mid-tier to SSO manual instructions. The only thing that was wrong was that the filter and filter mapping in the web.xml file were still commented out. Maybe this is due to the deployer installation failure. No problem. I fixed the file.
Restarted SSO tomcat service
Restarted Mid-tier tomcat service
Waited patiently for a few minutes
Opened my browser and went to the mid-tier URL
It asked for my cert and pin
and redirected me into the mid-tier - wow...
I'm presented with [ARERR 623] Authentication failed
I think (hope) this is the last hurdle
The Agent configuration can be found under the Top Level Ream -> Agents->J2EE
You can then check the FQDN under it to resolve the looping issue.
There are no agents configured under J2EE. Is this normal?
No Mike, I you have integrated your product with SSO then the agent should be present.
Did you check for it in the Top Level Realm?
Striking forward with reckless abandon, I created an agent entry under J2EE with what seemed to be the correct values.
It worked. Thanks all around to Jim, Adam and Shrihari for helping me (an SSO first timer) through this.
I was magically transported into the mid-tier and placed at the IT Homepage.
I will post a followup message today with all the steps and lessons learned for the good of the community.
Shrihari, I did not check the top level realm. Looking in there now shows a J2EE agent. However until I put the agent in the BMCRealm, it didn't work. Configuration/Setup bug with the installer maybe?
Wow, that was a painful exercise. Keep up the good work!