cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

InfoView SSO with Vintela

Former Member

on ‎10-07-2008 10:41 PM

0 Kudos

I am configuring AD- SSO with Vintela. All the steps are done according to the Admin guide except:

<!-- For Vintela SSO the following filter needs to be uncommented.

There is also a filter mapping which needs to be uncommented.

Set idm.realm to the Active Directory realm where the server is in

and idm.princ to the service principal name.

-->

When I unComment the filter i get :

HTTP Status 404 - /InfoViewApp/logon.jsp

-

type Status report

message /InfoViewApp/logon.jsp

description The requested resource (/InfoViewApp/logon.jsp) is not available.

-

Apache Tomcat/5.5.20

Please help

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

BasicTek
Advisor
Advisor
‎10-08-2008 1:58 AM
0 Kudos

404's are generally caused when the vintela filter is uncommented and fails to load.

To get the error you need enable djcsi tracing

-Djcsi.kerberos.debug=true

and you MUST comment out the keytab file and code the password into the java options as well

-Dcom.wedgetail.idm.sso.password=vintelaaccountpassword (from ktpass step)

stop tomcat, delete any old log files (tomcat55\logs) and restart. Wait up to 60 seconds for error to appear. It should be in the tomcat.log (unless it was caused by the keytab)

These issues can get rather complex and it's always best if you open a message with the authentication team.

Regards,

Tim

Show replies
Show replies
Former Member
‎10-10-2008 5:53 PM
0 Kudos

A quick question---

In this command from the admin guide-

ktpass -out keytab_filename -princ HTTP/host@REALM -pass

user_password -kvno 255 -ptype KRB5_NT_PRINCIPAL -crypto

encryption_type

what is will be the KRB5_NT_PRINCIPAL? Should I leave it as is?

BasicTek
Advisor
Advisor
‎10-10-2008 6:01 PM
0 Kudos

yep that's a default value that doesn't need to change

Former Member
‎10-10-2008 6:15 PM
0 Kudos

Thanks Tim!!

I am working on it right now. Will let you know how the configuration go this time!

Former Member
‎10-10-2008 6:27 PM
0 Kudos

According to the guide we need to make changes to web.xml in the following loction

<Deployed Location>\Business Objects\BusinessObjects Enter

prise 12.0\warfiles\WebApps\InfoViewApp\WEB-INF

But, any changes I make on this web.xml doesnt reflect on InfoView. Do you know whats wrong?

BasicTek
Advisor
Advisor
‎10-10-2008 6:30 PM
0 Kudos

Probably needs to be redeployed, but for quicker results also make the change at

Deployed Location>\Business Objects\BusinessObjects Enterprise 12.0\WebApps\InfoViewApp\WEB-INF

Former Member
‎10-10-2008 6:49 PM
0 Kudos

Still not working! How can I redeply?

Former Member
‎10-10-2008 7:25 PM
0 Kudos

Changes made to web.xml in C:\Program Files\Business Objects\Tomcat55\webapps\InfoViewApp\WEB-INF reflects in InfoView. Now I can login through AD on InfoView but I need to use SSO. Also if I uncomment the Vintella filters and mapping I get the same error I was getting initially

(1st note I started this post with). Pleas help its been a week now.

Thanks

BasicTek
Advisor
Advisor
‎10-10-2008 7:51 PM
0 Kudos

redeploying will not resolve if editing the proper web.xml doesn't work. If you edit from the war file location then a redeploy is needed to copy that web.xml to the deployed location. We skipped that by editing the file directly.

You likely have a configuration problem with vintela. Again this not an informational issue it's an integration issue that should be worked with an authentication engineer.

-Tim

Former Member
‎10-11-2008 7:54 AM
0 Kudos

got to a point where I am getting:

[DEBUG] Fri Oct 10 23:39:07 PDT 2008 jcsi.kerberos: No Subject found on the current thread

[DEBUG] Fri Oct 10 23:39:07 PDT 2008 jcsi.kerberos: GSS: Acceptor supports: KRB5

[DEBUG] Fri Oct 10 23:39:07 PDT 2008 jcsi.kerberos: Ticket service name is: HTTP/xxx.domain.net @ DOMAIN.NET

[DEBUG] Fri Oct 10 23:39:07 PDT 2008 jcsi.kerberos: GSS name is: HTTP/XXX.DOMAIN.NET @ DOMAIN.NET

[DEBUG] Fri Oct 10 23:39:07 PDT 2008 jcsi.kerberos: Using keytab entry for: HTTP/XXX.DOMAIN.NET @ DOMAIN.NET

10-10-08 23:39:07:985 - [/InfoViewApp].[jsp] Thread [http-8080-Processor25]; Servlet.service() for servlet jsp threw exception

java.lang.NullPointerException

at org.apache.jsp.httperror_005f500_jsp._jspService(httperror_005f500_jsp.java:98)

at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:334)

at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)

at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)

at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)

at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:465)

at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398)

at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)

at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:363)

at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:284)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:136)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)

at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)

at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)

at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)

at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)

at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)

at java.lang.Thread.run(Thread.java:595)

Oct 10, 2008 11:39:07 PM org.apache.catalina.core.StandardHostValve custom

SEVERE: Exception Processing ErrorPage[errorCode=500, location=/httperror_500.jsp]

org.apache.jasper.JasperException

at org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512)

at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:395)

at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)

at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)

at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)

at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:465)

at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398)

at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)

at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:363)

at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:284)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:136)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)

at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)

at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)

at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)

at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)

at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)

at java.lang.Thread.run(Thread.java:595)

Can this be solved here?

Former Member
‎10-11-2008 8:00 AM
0 Kudos

and on InfoView it gives error 500

HTTP Status 500 - com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: GSSException: Failure unspecified at GSS-API level (Mechanism level: com.dstc.security.kerberos.KerberosException: Successfully matched service principal &quot;HTTP/XXX.DOMAIN.NET @ DOMAIN.NET&quot; but not key type (23) + KVNO (3) in this entry: Principal: HTTP/XXX.DOMAIN.NET @ DOMAIN.NET Type: 1 TimeStamp: Wed Dec 31 16:00:00 PST 1969 KVNO: -1 Key: [3, 10 37 49 4 52 7f 40 ad ] )

BasicTek
Advisor
Advisor
‎10-11-2008 8:42 AM
0 Kudos

I'm not sure why but a lot of info is missing. We can try guessing but an issue like this usually requires a webex.

Have you commented out/removed your keytab entry in the web.xml. Vintela does not trace completely if the keytab is loaded, this error could be caused by an encryption issue,

Is manual logon with AD working(this is required before configuring vintela)?

Also check the localhost logfile when you are sure the keytab is commented (and password is specified in the java options)

-Tim

Former Member
‎10-11-2008 9:39 AM
0 Kudos

when I comment the keytab file I get 404 error. Mnul logon with AD works fine

Edited by: Mark G on Oct 11, 2008 10:39 AM

BasicTek
Advisor
Advisor
‎10-11-2008 3:09 PM
0 Kudos

that 404 is good, it's caused byt the tracing mechanism which gets enabled when the keytab is removed. The error should be located in the localhost.log

Former Member
‎10-13-2008 9:35 PM
0 Kudos

It worked on one computer, the way I wanted same,setup

Thanks a lot

Former Member
‎09-08-2009 10:34 AM
0 Kudos

Hi Mark / Tim,

I am getting the same error as Mark was getting when uncommenting the Vintella filter part. So please gentlemen if you can help me becuase no resolution was given on the thread it would be highly appreciated.

Regards

Sid

BasicTek
Advisor
Advisor
‎09-08-2009 11:23 PM
0 Kudos

If you have removed the keytab, and get a 404 then the error should be in the localhost.log (XIR2) or tomcat.log (XI 3.x)

Regards,

Tim

Ask a Question