Plugin Single Sign On Version 1.2 Installation Guide

(1)

Plugin Single Sign On

Version 1.2

Installation Guide

The following document describes Plugin Single Sign On version 1.2 Component configuration and installation process for BMC Remedy AR System

TopPositions 2010-03-29

(2)

1 INTRODUCTION

There is a very common problem each company has to deal with, that is entering an incorrect password when logging in to system or a certain application. Frustrated and unsatisfied users are unable to remember each password they are obliged to use, that leads up to many unavoidable mistakes. The only one solution seems to be IT specialists support, and the next new password. However it helps, it’s not a long- lasting support. The password’s change does not guarantee that the new one will not be forgotten.

What is more, security policy forces users to recurrent password’s changes . Not to forget the new phrases and numbers, users’ write tem on the self stick note sheets and stick them onto the screens. It’s obvious, that such way of storing passwords is not a safe one.

That is why our team of IT specialists worked out an innovative system, that is Plugin SSO ( Plugin Single Sign On). This security method is safe and allows you to get a very easy access to BMC Remedy AR System. Plugin SSO makes the whole process of logging in very quickly and without the user’s participation. That is why, users’ do not have to think hours about a new password, but take care their duties.

Plugin SSO is the best solution. All the problems will disappear as well as users’ frustration and annoyance. Everyone knows, that a satisfied employee is an effective employee, and effectiveness means profits. So let us help you to make a big profit.

For more information, please visit our Web site : http://www.remedy-sso.com

(4)

2 WHAT IS PLUGIN SINGLE SIGN ON VERSION 1.2

Plugin SSO is a component that enables the access to the BMC Remedy AR System without the necessity of logging in.

Our system uses Security Support Provider Interface(SSPI). Exerted all over the world SSPI authentication systems work on Windows and give you the highest level of information security.

Plugin SSO supports joint security policy for all passwords in the company so that it makes the information stored in the BMC AR Remedy System safer.

The fact that, the Plugin SSO was created and tested by the best IT security specialists makes your information unavailable for unwanted audience.

Our System as the only one in the world guarantees handling of the Microsoft NT LAN

Manager version. 2 (NTLMv2). Moreover, NTLMv2 is recommended and used by the best IT security specialists all over the world.

NTLMv2 service is asserted by the IOPLEX component. Here you can find more information about IOPLEX:

http://www.ioplex.com

Plugin SSO is a product for BMC Remedy AR system and does not require any complex process of installation or configuration.

(5)

3 APPLICATION

As a very flexible solution, Plugin SSO can be applied in various equipment and system configurations.

Plugin SSO supports:

 BMC Remedy AR System, vol. 7.0, 7.1, 7.5 and 7.6,

 Operating systems like Windows, Linux, Solaris and HP-UX,

 J2EE Containers like Apache Tomcat, Weblogic, Websphere and others,

 The outside authentication systems like ClearTrust and SiteMinder ( they authenticate users through “Http header” protocol),

 Internet browsers like Internet Explorer and Mozilla Firefox ( Mozilla Firefox requires Windows Authentication Configuration,

 Java 1.5 and 1.6,

(6)

4 EQUIPMENT COMPATIBILITY

Automatic Plugin SSO log in can be used on the following operating systems: Matrix of the solution compatybility

Operating systems

Windows 2000, 2003, 2008 Sun Solaris 9.x HP-UX 11.x Linux 2.6.x+

BMC Action Request System

7.0 7.1 (MT patch 6+) 7.5 (MT patch 1+)

Plugin SSO supports many typical WWW security systems. Popular products

Authentication systems

ClearTrust SiteMinder Quest QSJ HTTP Basic

(7)

5 HOW PLUGIN SSO WORKS

Plugin SSO allows to get to Remedy AR System surroundings on the basis of authorization that was made when logging into the corporate network( by Windows domain authorization).

When correctly logged into the Windows domain, user doesn’t have to log once again to connect with BMC Remedy AR System.

Plugin SSO Works as a plugin installed on BMC Remedy AR System and is able to support Web-SSO systems or work autonomously.

This component logs the users’ with BMC Remedy AR System automatically by the Web browser of BMC Remedy User Application.

The following diagram shows how Plugin SSO authorizes user’s system by the use of Windows Authentication Protocol.

User’ s authorization by Plugin SSO

In case of Web browser, Plugin SSO is triggered out when user is logging into one of the following Mid Tier Server addresses: /arsys/home, /arsys/forms /arsys/apps

Plugin SSO asks the user's Web browser to send the NTLM header together with the user’s data. Then it checks if this data is correct or not . If the user was identified by the Windows Controller, user gains the access to the BMC Remedy AR System.

(8)

User’s logging in by the Internet Browser

When BMC remedy User authorization application used, Plugin SSO is being triggered when the application opened. Plugin SSO is being given a special ticket to SSO Authorization Service. This service is activated at any Windows server after SSPI Negotiate (NTLM) authorization.

Then, BMC Remedy User sends the ticket to BMC AR Remedy System. Plugin AREA SSO verifies this ticket in the SSO Authorization Service. Each ticket is generated for particular user and for the computer, from which user is trying to connect to BMC Remedy AS System.

(9)

(10)

6 INSTALLATION AND CONFIGURATION

6.1 Windows Authentication

If you do not have an external SSO system (ClearTrust, SiteMinder, etc.) and would like Mid-Tier to authenticate users within Windows Controller, you will need to make extra moves to install the component BMC Remedy Mid-Tier.

Our solution works only if Apache Tomcat has already been started as a standalone

application. We do not support the product ServletExec, as it is not presently recommended by BMC.

6.2 ClearTrust / Sitemider

After some time a session of ClearTrust and Siteminder expires. On this account length of the session must be synchronized with length of the BMC Remedy Mid-Tier module session. To prevent a situation when a user is still logged in the BMC Remedy AR system and is no longer logged in SSO module, while installing Mid-Tier the following steps must be taken:

 Configure ClearTrust or Siteminder to protect the paths /arsys/home, /arsys/forms oraz /arsys/apps.

 Adjust length of Mid-Tier session one minute shorter than the session in ClearTrust or Siteminder.

6.3 Installation

Installation consists of two parts. It involves the ARS Server (ITSM)and also the MidTier module. First two parts are obligatory. Installation pack contains 3 directories: mt ,ars and rut. The first directory contains files that are required for the installation in MidTier server.

The third one contains files necessary in case of SSO authorization made by BMC Remedy User.

6.4 Installation Part 1 in the server environment (ARS Platform)

All the files necessary for this part of installation you can find in ars directory. Files copying to AR system

1. Copy areasso.dll/areasso.so file to operational directory of ARS server (It is the same directory that includes the file arserver.exe)

(11)

2. Copy area-sso.cfg/area-sso.conf file to the directory containing ar.cfg/ar.conf. (It is the same directory that includes the file ar.cfg/ar.conf. e.g.: c:\program files\AR Server\conf)

(12)

Checking whether the AR External Authentication (AREA) is switched on In order to do that you need to:

 Log the BMC Remedy User Tool

 Open AR System Administration Console  Open System->General->Server Information  Open the folder EA

 Make sure RPC 390695 is selected

 Make sure Cross Reference Blank Password is marked  Save the potential changes.

(13)

The following picture presents how to configure AR External Authentication. You need to make sure AREAHUB has been installed and started.

In order to check it you have to examine the file ar.cfg/ar.conf or use the BMC Remedy User Tool.

To do it you need to:

 Log in Remedy into the administration account using BMC Remedy User Tool  Find form Configuration ARDBC

 On the list find the value areahub.

The picture illustrates the way of searching for areahub

 When on the list there is a proper record, it means that AREA-HUB has been suitably installed.

(14)

The picture illustrates the search result on condition that the areahub has been suitably installed

 When AREAHUB has not been installed you will have to do it by making appropriate entries in the file ar.cfg/ar.conf:

Windows

Plugin: areahub.dll

Solaris/Linux

Plugin: areahub.so

 In order to verify whether Plugin AREAHUB works properly you need to restart service BMC Remedy AR System. After having restarted the system in the log file of a plugin there should be the following entry (if the log file is large you should search in there the value ARSYS.AREA.HUB ):

In order to turn on logging of Plugin Server you need to move to the chapter entitled Turning on of the Plugin Server.

(15)

AREAHUB configuration for Plugin AREA SSO usage

To activate AREA SSO Plugin add the following entries to ar.cfg/ar.conf file (this configuration uses the additional authorization based on LDAP) :

Plugin: areahub.dll

AREA-Hub-Plugin: areasso.dll AREA-Hub-Plugin: arealdap.dll

Configuration using the authorization pursuant to form User: Plugin: areahub.dll

AREA-Hub-Plugin: areasso.dll

AREA SSO plugin configuration in the area-sso.cfg/area-sso.conf file. You should change the following entries in the area-sso.cfg/area-sso.conf file.

Parametr Opis

MidTier-Enabled If the users’ will connect to BMC Remedy AR System by Web browser this parameter should be „enabled”.

For ex.: MidTier-Enabled: Enabled

MidTier-IP Addresses of the Mid-Tier Servers that users will be authorized by. For ex.: MidTier-IP: 127.0.0.1;192.168.21.2

New-MidTier-Shared-Key

Shared key password identical, just like the one configured in the second part of installation guide.

The password is going to be encoded after restarting BMC Remedy AR System in area-sso.cfg/area-sso.conf file.

For ex.: New-MidTier-Shared-Key: <password>

RUT-Enabled If users will connect to the BMC Remedy AR System by BMC Remedy User, this parameter should be “enabled”

For ex.: RUT-Enabled: Enabled AuthService-IP IP address of SSO Authentication Service

For ex.: AuthService-IP: 127.0.0.1

This parameter should be “enabled” if “RUT-Enabled” is set to Enabled. AuthService-Port TCP port on which SSO Authentication Service works.

Default parameter value is 11000 port For ex.: AuthService-Port: 12000 Configuration of the AREA LDAP plugin

If the BMC AREA LDAP Plugin is used to store data about users in LDAP or in Active-Directory you will need to follow the instructions in the following chapter. In the case when the data about users is stored in the form User within AR System you will need to go straight to the chapter Turning on of the Plugin Server logging.

(16)

another step consisting in configuring or checking whether BMC AREA LDAP Plugin has been properly installed and configured.

The installation and configuration details can be found in the documents of BMC AR System: BMC Remedy Action Request System 7.0 Integrating with Plugins and Third-Party Products http://www.bmc.com/supportu/documents/84/67/58467/58467.pdf

Page 163

BMC Remedy Action Request System 7.1.00 Integrating with Plugins and Third-Party Products http://www.bmc.com/supportu/documents/93/94/69394/69394.pdf

Page 133

BMC Remedy Action Request System 7.5.00 Integration Guide http://www.bmc.com/supportu/documents/53/80/95380/95380.pdf

Page 143

To verify if the BMC AREA LDAP plugin configuration is appropriate you should open the AREA LDAP Configuration form and check the data entered into the form is correct:

(17)

Turning on of the Plugin Server logging

In order to verify that Remedy SSO Plugin works properly you need to select logging into Plug-In Server from the level of the authorized ARS user in the module Server Plug-Information and in the folder Log Files you need to select All in the Plugin Log Level.

The picture illustrates the way of configuring logging of the Plugin Server.

6.5 Installation part II in the environment on the side of Mid-Tier server

All the files to be used in this part of the installation you can find in mt directory. Java SDK Environment

At first you need to check if Java SDK has been installed in the Server.

Installation of Java JRE is not sufficient for the correct functioning of the system. Copying and changes of the files

1. Patch the file Web.xml that can be found in the Mid-Tier server via update of the file web.xml.patch.

The contents of the patch needs to be copied into the file Mid-Tier\WEB-INF \web.xml between the last entry of a type </filter> and the first one of a type <filter-mapping>

2. Copy the mt-sso.jar file to Mid-Tier\WEB-INF\lib directory 3. Copy jespa-1.0..jar file to Mid-Tier\WEB-INF\lib directory

(18)

6. Copy mt-sso.license file to Mid-Tier\WEB-INF\classes directory 7.

Copy the whole

sso directory to Mid-Tier\shared directory

8. After having made all the above changes you need to restart Mid-Tier server.

Creating service account for NETLOGON communication

If the authorization is supposed to take place in Windows Controller, you need to create a service account in Active Directory. Otherwise you can move on to the next point Configuration of the MidTier SSO plugin via http website

To create the service account in Active Directory you have to use a tool called Active Directory Users and Computers (ADUC).

NETLOGON service requires the account to be of a Computer type (A regular user’s account will not work.)

We recommend to enter the same value using letter, digits and underlining (without spaces) in the field "Computer name" (cn) and "pre-Windows 2000 name"(sAMAccountName).

The created service account should have its own DN that has to be used to change the password in the next step.

E.g.:

If the account has been called REMEDY and the name of the domain in which the account has been created is example.com DN for this account will equal:

CN=REMEDY,CN=Computers,DC=example,DC=com.

Change of a password to the service account

A password to the service account must be entered in the MidTier SSO Plugin configuration. Password change can be made only by using the Microsoft tools or with help of the script attached to the installation pack:

(19)

The above scripts should be activated from the station that has rights to the Active Directory. The following example demonstrates how to change the password for the account

CN=REMEDY,CN=Computers,DC=example,DC=com:

Configuration of the MidTier SSO plugin via http website In order to configure MidTier SSO Plugin you need to:

1. Open the website of the configuration tool in your internet browser: http://path-to-midtier/arsys/shared/sso/config.jsp

2. Log in the administration panel by using a password.

3. The default password for the administration panel is “password”. 4. Select General Settings

MidTier SSO configuration tool contains the following section: Core Configuration

Parametr Opis

Turn On/Off Turning on and turning off of MidTier SSO plugin

Shared Key In this field you should enter the same password as the one defined on the side of ARS Server (SharedKey)

SSO Log Level Log level of MidTierSSO plugin Potential values:

 Info – information about configuration

 Trace – information about users logging into the system C:\>cscript SetComputerPass.vbs CN=REMEDY,CN=Computers,DC=example,DC=com

Password: ********** 'SetComputerPass.vbs Option Explicit

Dim strDn, objPassword, strPassword, objComputer If WScript.arguments.count <> 1 Then

WScript.Echo "Usage: SetComputerPass.vbs <ComputerDN>" WScript.Quit

End If

strDn = WScript.arguments.item(0)

Set objPassword = CreateObject("ScriptPW.Password") WScript.StdOut.Write "Password:"

strPassword = objPassword.GetPassword() Set objComputer = GetObject("LDAP://" & strDn) objComputer.SetPassword strPassword

WScript.Echo

WScript.Echo "Password set on " & strDn WScript.Quit

(20)

 Debug – debugging information  All – all the information

Username conversion Username conversion Possible values:

 To Upper case – changes all the letters in the username into upper case ones:

For example.: [email protected]

 To Lower case – changes all the letters in the username into lower case ones:

For example.: [email protected]

HTTP header(s)

containing username

If the external SSO system sends the username in a specific HTTP header , in this field you should enter the name of this header. Otherwise this field should remain empty.

Windows Authentication Configuration

When the users’ authorization is to take place in Windows Controller, you need to fill in the following Fields. Otherwise you need to restart Mid-Tier module. The installation of Mid-Tier SSO Plugin is completed.

Parametr Opis

Active Directory domain

Name of the domain into which users will be authenticated must be entered in full format:

For example.: example.com NTLM log level NTLM protocol log level

Possible values:

 None – no logging  Critical – critical errors  Basic – basic information  Detailed – detailed information  Debbuging – all the information Computer Account Name of a user’s account created in the point:

Creating service account for NETLOGON

For example.: [email protected]

*

*It is necessary to type $ after username.

Computer Password Password to the user’s account (Computer Account) modified in the point:

Change of a password to the service account

Canonical Account Name

Format of a user logging into Remedy system. Possible values:

(21)

For example.:

abaker

 Backslash – username + domain name separated by a symbol ‘\’

For example.:

EXAMPLE\abaker

 Principal – username + full domain name separated by a symbol ‘@’

For exampe.:

[email protected]

Save the changes and then restart MidTier application.

Configuration of the Remedy SSO solution via edition of the file mt-sso.config

To configurate MidTier SSO plugin manually, you should change mt-sso.config file that you can find in the Midtier\WEB-INF\classes directory.

Core Configuration

Parametr Opis

remedy.sso.status Turning on and turning off of the Remedy SSO plugin. Possible values:

on/off

remedy.sso.username.case Username conversion. Possible values:

 upper – changes all the letters in the username into upper case ones:

For example.: [email protected]

 lower – changes all the letters in the username into

lower case ones:

For example.: [email protected]

remedy.sso.http.header If the external SSO system sends the username in a specific HTTP

header , in this field you should enter the name of this header. Otherwise this field should remain empty.

remedy.sso.new.sharedKey A password that has been defined on the side of ARS server (SharedKey). After restarting Mid-Tier service the password will be hashed and saved in the configuration file within the parameter: remedy.sso.sharedKey

remedy.sso.loglevel Remedy SSO log level Possible values:

 Info – information about configuration

 Trace – information about users logging into system  Debug – debugging information

(22)

Parametr Opis

jespa.bindstr Name of the domain into which users will be authenticated must be entered in full format:

For example.: example.com

jespa.log.level NTML protocol log level

Possible values: 0 – no logging 1 – critical errors 2 – basic information 3 – detailed information 4+ – all the information

jespa.service.acctname Name of a user’s account created in the point:

Creating service account for NETLOGON

For example.: [email protected]

*

*It is necessary to type $ after username.

jespa.service.new.password Password to the user’s account (Computer Account) modified in the point: Change of a password to the service account

After restarting Mid-Tier service the password should be hashed and saved in the configuration file within the parameter

jespa.service.password

jespa.account.canonicalForm _{Format of a user logging into Remedy AR System.} Possible values:

2 – only username.

For example.: abaker.

3 – username + domain name separated by a symbol ‘\’

For example.: EXAMPLE\abaker

4 – username + full domain name separated by a symbol ‘@’ For example.: [email protected]

Save the changes and then restart MidTier application.

In the file you can use additional options for Windows Authentication. More details can be found in technical documentation for Jespa module:

Jespa Operator's Manual

6.6 Installation Part III SSO Authentication Service

All the files to be used in this part of the installation you can find in rut directory.

If the automatic logging should not work on BMC Remedy User Tool application, please miss the rest part of this chapter.

SSO Authentication Service is the service that is run on Windows server. It identifies users’ in the Windows controller by the SSPI Negotiation interface(NTLM protocol).

(23)

The following service may be run on each Windows Server that is connected to the domain. Run Installer’s

1. Run setup.exe on the server where the SSO Authentication Service will be installed ( be logged on the administrator’s account).

2. If there is no Microsoft .Net Framework 3.5 on the server, it’s installer will install automatically.

3. Choose Next on the first screen.

4. Accept the license by choosing checkbox „YES – I accept the terms of the License Agreement”, and then click Next.

(24)

5. Choose the directory where SSO Authentication Service will be installed, and then click Next.

6. Choose SSO Authentication Service from the list and remove SSO Authentication plugin, then click Next.

(25)

7. Type TCP port number used by the SSO Authentication Service(the port address must be unused by any others services), then click Next.

(26)

In Canonical Account Name you can choose between the following:

 Username – only username.

For example.:

abaker

 Backslash – username + domain name separated by a symbol ‘\’

For example.:

EXAMPLE\abaker

 Principal – username + full domain name separated by a symbol ‘@’

For exampe.:

[email protected]

In the UserName Conversion area you can choose between the following :

 Upper – changes all the letters in the username into upper case ones:

For exampe.: [email protected]

 Lower– changes all the letters in the username into lower case ones:

For exampe.: [email protected]

9. Give the BMC Remedy AR System localization to which users’ will be automatically logged in. When the formula left empty, the configuration will be necessary on each user’s station. Then choose Next.

(27)

10. Continue installation by choosing Next.

(28)

6.7 Installation Part IV- Plugin SSO Authentication for BMC Remedy User

Tool

All the files to be used in this part of the installation you can find in rut directory.

If you want the automatic Single Sign On logging in BMC Remedy User to work on the final user’s workstation, please install SSO Authentication plugin.

Run Installer’s

1. Run setup.exe on the workstation where the SSO Authentication Plugin will be installed.

2. If there is no Microsoft .Net Framework 3.5 on the workstation, it’s installer will install automatically.

(29)

4. Accept the license by choosing checkbox „YES – I accept the terms of the License Agreement”, and then click Next.

5. Choose the directory where SSO Authentication Plugin will be installed, and then click Next.

(30)

6. Choose SSO Authentication Plugin from the list and remove SSO Authentication Service, then click Next.

7. Give the SSO Authentication Service localization to which users’ will be automatically logged in. Then choose Next.

(31)

8. Continue installation by choosing Next.

(32)

11. To verify whether the installation completed successfully, open the BMC Remedy User application and check if the user was automatically logged in BMC Remedy AR System.

(33)

7 TROUBLESHOOTING

If during the installation you faced a problem that cannot be solved you should take the following steps in order to enable us to diagnose the problem.

7.1 SSO AREA plugin

In the beginning of problem diagnosis you need to verify whether SSO AREA plugin has been correctly installed and configured.

Mid-Tier IP address

At first you need to check whether the Mid-Tier IP address in the file area-sso.cfg/area-sso.conf has been correctly configured.

Shared-Key

Then you need to verify if shared-key has been correctly configured.

In order to do that you have to start the tool BMC Remedy User on the server on which Mid-Tier is installed. After that you should enter your login coming from Active-Directory in the field ‘username’; the field ‘password’ should be left empty. You should key ‘shared-key’, that has been previously configured during installation, in the field ‘authentication’. If you manage to log into the system that would mean SSO AREA plugin has been properly installed and configured. Otherwise you have to again set up a correct shared-key in the file area-sso.cfg/area-sso.conf.

7.2 AREA LDAP plugin

If AREA LDAP plugin is not used to authorize users in Active Directory you need to move on to the next step.

Otherwise you have to start a tool BMC Remedy User. Then in the field ‘username’ enter your login coming from Active-Directory; enter a domain password in the field ‘password’. If you manage to log into the system that would mean AREA LDAP plugin has been properly installed and

configured. Otherwise you have to check the configuration of AREA LDAP plugin in the form AREA LDAP Configuration.

7.3 Mid-Tier SSO Plugin

If SSO AREA plugin works properly, in the next step you need to check if plugin on the side of Mid-Tier has been correctly installed.

MT-SSO.jar

At first you should check if the file MT-SSO.jar has been correctly installed.

In order to do that you need to check if there is the file MT-SSO.jar in the directory Mit-Tier/WEB-INF/lib.

(34)

In the next step you need to check if the file mt-sso.config has been correctly installed. In order to do that you need to check if there is the file mt-sso.config in the directory

Mit-Tier/WEB-INF/classes.

mt-sso.license

Then you need to check if the file mt-sso.license has been correctly installed. In order to do that you need to check if there is the file mt-sso.license in the directory Mit-Tier/WEB-INF/classes.

MidTier SSO Plugin Configuration

In order to verify whether MidTier SSO plugin has been correctly configured you need to open the website of the Configuration tool:

http://mid-tier hostname/arsys/shared/sso/config.jsp. Then after correct logging you need to verify if:

 a correct licence has been installed  Remedy SSO plugin has been turned on

 Windows Controller data have been entered correctly (if the controller is used for users’ authentication)

7.4 SSO Authentication Service

If the SSO Auth Service doesn’t work, check the EventLog entries ( on the Server, on which it was installed).

7.5 What’s next

If the problem continues you should forward an email to our support department including following information:

 file AR Server plugin log (with the Plugin-Log-Level adjusted to 100) with a user’s logging attempt registered by BMC Remedy User-using shared-key;

 files ar.cfg and area-sso.cfg from AR Server, and the file mt-sso.config from Midtier;  the file web.xml from Mid-Tier server;

 log files from servlet engine on which Mid-Tier has been installed;

 version numbers of the ARS server and Mid-Tier together with patch numbers  name and version number of servlet engine.

(35)

8 POTENTIAL ERRORS

Below find a list of errors that may occur during installation:

8.1 Mid-

Tier can’t find the file mt

-sso.jar

If during installation you have forgotten to copy the file mt-sso.jar, in logs of Tomcat server there should be the following error report:

8.2 Mid-Tier c

an’t find the file jespa

-1.0.9.jar

If during installation you have forgotten to copy the file jespa-1.0.9.jar, in logs of Tomcat server there should be the following error report:

8.3 Mid-

Tier can’

t find the file with the licence

If during installation you have forgotten to copy the file mt-sso.license, in logs of Tomcat server there should be the following error report:

8.4 Mid-

Tier can’t find the configuration file mt

-sso.config

If during installation you have forgotten to copy the file mt-sso.config, in logs of Tomcat server there should be the following error report:

15:33:20,317 Remedy Single Sign ON ERROR (filters.SSOHttpFilter:init:?) - Failed to load config file!

15:14:51,942 Remedy Single Sign ON ERROR (lic.LicenseManager:loadLicence:?) - Licence file: /mt-sso.license not found

- Licence file: /mt-sso.license not found

15:14:51,942 Remedy Single Sign ON WARN (lic.LicenseManager:validateLicense:?) - License not loaded

- License not loaded

15:14:51,942 Remedy Single Sign ON ERROR (filters.SSOHttpFilter:init:?) - License not loaded

java.lang.NoClassDefFoundError: jespa/http/HttpSecurityService at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClass(Unknown Source)

at java.security.SecureClassLoader.defineClass(Unknown Source)

at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1852) at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:876) java.lang.ClassNotFoundException: remedy.sso.midtier.jespa.filters.SSOHttpFilter at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1362) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1208) at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:207) at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302) at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:78)

(36)

8.5 Plugin

SSO can’t find the

Domain controller

If during installation you have incorrectly entered the domain name in the field Active Directory domain, in logs of Tomcat server there should be the following error report:

8.6 Plugin

SSO can’t log into

Domain controller

If during configuration you have incorrectly entered the name of a service account or its password, in the field Active Directory domain, in logs of Tomcat server there should be the following error report:

8.7 SSO Authentication service doesn’t work

TCP Port is probably busy by the other service, Change the port’s number ( SSO Auth Service

should be installed again).

jcifs.smb.SmbAuthException: Logon failure: unknown user name or bad password. at jcifs.smb.SmbTransport.checkStatus(Unknown Source)

at jcifs.smb.SmbTransport.send(Unknown Source) at jcifs.smb.SmbSession.sessionSetup(Unknown Source) at jcifs.smb.SmbSession.send(Unknown Source)

at jcifs.smb.SmbTree.treeConnect(Unknown Source) java.net.PortUnreachableException: ICMP Port Unreachable

at java.net.PlainDatagramSocketImpl.receive0(Native Method) at java.net.PlainDatagramSocketImpl.receive(Unknown Source) at java.net.DatagramSocket.receive(Unknown Source)

at com.sun.jndi.dns.DnsClient.doUdpQuery(Unknown Source) at com.sun.jndi.dns.DnsClient.query(Unknown Source) at com.sun.jndi.dns.Resolver.query(Unknown Source)

Plugin Single Sign On Version 1.2 Installation Guide