Success!!!! Info for everyone....
In order to use SSO on IIS and ServletExec you need to do the following.
In IIS (for the web site your Remedy Mid-Tier runs under) turn off the
Windows Integrated Authentication in the Directory Security. I found
out if you have IIS do the authentication it will not pass the data to
ServletExec.
Pull down a free (LGPL license) java client library by the name of jCIFS
http://jcifs.samba.org/. You need to copy this jar file into your
Remedy Mid-Tier WEB-INF\lib folder. Then you need to add to the web.xml
file a web application filter to call the jcifs library so it will do
the NTLM authentication. (I added it just after the listener section).
<filter>
<filter-name>NtlmHttpFilter</filter-name>
<filter-class>jcifs.http.NtlmHttpFilter</filter-class>
<init-param>
<param-name>jcifs.netbios.wins</param-name>
<param-value>10.0.0.1,10.10.10.1</param-value>
</init-param>
<init-param>
<param-name>jcifs.http.domainController</param-name>
<param-value>10.0.0.2</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.domain</param-name>
<param-value>MYDOMAIN</param-value>
</init-param>
<init-param>
<param-name>jcifs.util.loglevel</param-name>
<param-value>1</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>NtlmHttpFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Put in your own values for WINS server (can be a comma delimited list of
IPs), DNS Server (domainController), and Domain to authenticate against.
The log level of 1 is to have the NTLM filter put critical errors into
the ServletExec log file. This filter will perform the NTLM
authentication for the Mid-Tier application.
This filter will allow the getUserPrincipal() and getRemoteUser()
functions to return the authenticated user in the form of MYDOMAIN\user.
You can then create your own Authenticator class and AREA plugin as
listed in the White Paper.
Fred
________________________________
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Roney Samuel Varghese
Sent: Sunday, July 22, 2007 7:43 PM
To: [email protected]
Subject: Re: Mid-Tier SSO on IIS/ServletExec
** Dear Frederick,
We had installed the Servlet Exec AS 4.2 and ran
it as a service with IIS, running into a similar problem while
implementing SSO, as we were unable to retrieve any headers for the
remoteuser() function, then we switched it to Servlet Exec ISAPI 4.2 and
the remoteuser() function returned the correct values. I believe we were
on patch 18 when we implemented SSO on ARS 6.3. Hope this helps
--
Regards,
Roney Samuel Varghese
Mobile : +1 732 618 8582
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
