on 10-07-2008 10:41 PM
I am configuring AD- SSO with Vintela. All the steps are done according to the Admin guide except:
<!-- For Vintela SSO the following filter needs to be uncommented.
There is also a filter mapping which needs to be uncommented.
Set idm.realm to the Active Directory realm where the server is in
and idm.princ to the service principal name.
-->
When I unComment the filter i get :
HTTP Status 404 - /InfoViewApp/logon.jsp
-
type Status report
message /InfoViewApp/logon.jsp
description The requested resource (/InfoViewApp/logon.jsp) is not available.
-
Apache Tomcat/5.5.20
Please help
404's are generally caused when the vintela filter is uncommented and fails to load.
To get the error you need enable djcsi tracing
-Djcsi.kerberos.debug=true
and you MUST comment out the keytab file and code the password into the java options as well
-Dcom.wedgetail.idm.sso.password=vintelaaccountpassword (from ktpass step)
stop tomcat, delete any old log files (tomcat55\logs) and restart. Wait up to 60 seconds for error to appear. It should be in the tomcat.log (unless it was caused by the keytab)
These issues can get rather complex and it's always best if you open a message with the authentication team.
Regards,
Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Changes made to web.xml in C:\Program Files\Business Objects\Tomcat55\webapps\InfoViewApp\WEB-INF reflects in InfoView. Now I can login through AD on InfoView but I need to use SSO. Also if I uncomment the Vintella filters and mapping I get the same error I was getting initially
(1st note I started this post with). Pleas help its been a week now.
Thanks
redeploying will not resolve if editing the proper web.xml doesn't work. If you edit from the war file location then a redeploy is needed to copy that web.xml to the deployed location. We skipped that by editing the file directly.
You likely have a configuration problem with vintela. Again this not an informational issue it's an integration issue that should be worked with an authentication engineer.
-Tim
got to a point where I am getting:
[DEBUG] Fri Oct 10 23:39:07 PDT 2008 jcsi.kerberos: No Subject found on the current thread
[DEBUG] Fri Oct 10 23:39:07 PDT 2008 jcsi.kerberos: GSS: Acceptor supports: KRB5
[DEBUG] Fri Oct 10 23:39:07 PDT 2008 jcsi.kerberos: Ticket service name is: HTTP/xxx.domain.net @ DOMAIN.NET
[DEBUG] Fri Oct 10 23:39:07 PDT 2008 jcsi.kerberos: GSS name is: HTTP/XXX.DOMAIN.NET @ DOMAIN.NET
[DEBUG] Fri Oct 10 23:39:07 PDT 2008 jcsi.kerberos: Using keytab entry for: HTTP/XXX.DOMAIN.NET @ DOMAIN.NET
10-10-08 23:39:07:985 - [/InfoViewApp].[jsp] Thread [http-8080-Processor25]; Servlet.service() for servlet jsp threw exception
java.lang.NullPointerException
at org.apache.jsp.httperror_005f500_jsp._jspService(httperror_005f500_jsp.java:98)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:334)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:465)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:363)
at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:284)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:136)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)
Oct 10, 2008 11:39:07 PM org.apache.catalina.core.StandardHostValve custom
SEVERE: Exception Processing ErrorPage[errorCode=500, location=/httperror_500.jsp]
org.apache.jasper.JasperException
at org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:395)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:465)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:363)
at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:284)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:136)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)
Can this be solved here?
and on InfoView it gives error 500
HTTP Status 500 - com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: GSSException: Failure unspecified at GSS-API level (Mechanism level: com.dstc.security.kerberos.KerberosException: Successfully matched service principal "HTTP/XXX.DOMAIN.NET @ DOMAIN.NET" but not key type (23) + KVNO (3) in this entry: Principal: HTTP/XXX.DOMAIN.NET @ DOMAIN.NET Type: 1 TimeStamp: Wed Dec 31 16:00:00 PST 1969 KVNO: -1 Key: [3, 10 37 49 4 52 7f 40 ad ] )
I'm not sure why but a lot of info is missing. We can try guessing but an issue like this usually requires a webex.
Have you commented out/removed your keytab entry in the web.xml. Vintela does not trace completely if the keytab is loaded, this error could be caused by an encryption issue,
Is manual logon with AD working(this is required before configuring vintela)?
Also check the localhost logfile when you are sure the keytab is commented (and password is specified in the java options)
-Tim
User | Count |
---|---|
82 | |
10 | |
10 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.