Your welcome :) Danny
Single Sign On (SSO) for ARS and ITSM http://www.javasystemsolutions.com/jss/ssoplugin -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Rodriguez, Rafael J x23718 Sent: 26 May 2010 17:16 To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code Thanks for all your help Danny. I got it working. I appreciate all the info you provided was EXTREMELY helpful. Rafael -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett Sent: Wednesday, May 26, 2010 4:07 AM To: arslist@ARSLIST.ORG Subject: Re: BMC's Sample SSO White Paper/Code Hi, Send me the whole arplugin log to my email address and I will take a look. Send me the whole file so I can see the startup information. Regards Danny dkellett ( at ) javasystemsolutions.com Single Sign On (SSO) for ARS and ITSM http://www.javasystemsolutions.com/jss/ssoplugin > Danny so now I'm able to pass the authentication and am getting > "Unable to setup data connection" error message. > > -----Original Message----- > From: Action Request System discussion list(ARSList) > [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett > Sent: Tuesday, May 25, 2010 8:55 AM > To: arslist@ARSLIST.ORG > Subject: Re: BMC's Sample SSO White Paper/Code > > This is becuase you have them configured differently. > > In the QA server you have the SSO plugin configured. Where are the > other server you have enabled the AREA LDAP plugin which is not > configured and not needed. > > Look in the ar.conf file and remove any arealdap.so restart and try > again > > Kind regards > Danny > > Single Sign On (SSO) for ARS and ITSM > http://www.javasystemsolutions.com/jss/ssoplugin > >> Danny this is what I'm getting on the failed server: >> >> <PLGN> <TID: 005300> <RPC ID: 0000000285> <Queue: AREA > <Client-RPC: >> 390695> /* Tue May 25 2010 08:04:30.6390 */+VL >> 390695> AREAVerifyLoginCallback >> -- user v096brtt >> >> <PLGN> <TID: 005300> <RPC ID: 0000000285> <Queue: AREA > <Client-RPC: >> 390695> /* Tue May 25 2010 08:04:30.6390 */<ARSYS.AREA.LDAP> <FINEST> >> AREAVerifyLoginCallback >> >> <PLGN> <TID: 005300> <RPC ID: 0000000285> <Queue: AREA > <Client-RPC: >> 390695> /* Tue May 25 2010 08:04:30.6390 */<ARSYS.AREA.LDAP> <FINER> >> ldap_init("jsqremedy2", 389) >> >> <PLGN> <TID: 005300> <RPC ID: 0000000285> <Queue: AREA > <Client-RPC: >> 390695> /* Tue May 25 2010 08:04:30.6390 */<ARSYS.AREA.LDAP> <FINER> >> connect timeout previously: -1 >> >> <PLGN> <TID: 005300> <RPC ID: 0000000285> <Queue: AREA > <Client-RPC: >> 390695> /* Tue May 25 2010 08:04:30.6390 */<ARSYS.AREA.LDAP> <FINER> >> connect timeout used: 35000 >> >> <PLGN> <TID: 005300> <RPC ID: 0000000285> <Queue: AREA > <Client-RPC: >> 390695> /* Tue May 25 2010 08:04:30.6390 */<ARSYS.AREA.LDAP> <FINER> >> ldap_simple_bind("null", null) >> >> <PLGN> <TID: 005300> <RPC ID: 0000000285> <Queue: AREA > <Client-RPC: >> 390695> /* Tue May 25 2010 08:04:31.5810 */<ARSYS.AREA.LDAP> <SEVERE> >> Bind: Can't connect to the LDAP server (LDAPERR Code 91) >> >> <PLGN> <TID: 005300> <RPC ID: 0000000285> <Queue: AREA > <Client-RPC: >> 390695> /* Tue May 25 2010 08:04:31.5810 */<ARSYS.AREA.LDAP> <SEVERE> >> Bind: ldap_simple_bind failed [null] >> >> <PLGN> <TID: 005300> <RPC ID: 0000000285> <Queue: AREA > <Client-RPC: >> 390695> /* Tue May 25 2010 08:04:31.5810 */-VL FAIL >> >> This is what I get on my qa server: >> >> <PLGN> <TID: 000776> <RPC ID: 0000000421> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 25 2010 08:11:35.7020 */+VL >> AREAVerifyLoginCallback -- user v096raro >> <PLGN> <TID: 000776> <RPC ID: 0000000421> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 25 2010 08:11:35.7020 */<AREA.SSO> >> <INFO> Username: >> <PLGN> <TID: 000776> <RPC ID: 0000000421> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 25 2010 08:11:35.7020 */<AREA.SSO> >> <INFO> v096raro >> <PLGN> <TID: 000776> <RPC ID: 0000000421> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 25 2010 08:11:35.7020 */<AREA.SSO> >> <INFO> Network Address: >> <PLGN> <TID: 000776> <RPC ID: 0000000421> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 25 2010 08:11:35.7020 */<AREA.SSO> >> <INFO> 149.83.18.20 >> <PLGN> <TID: 000776> <RPC ID: 0000000421> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 25 2010 08:11:35.7020 */<AREA.SSO> >> <INFO> Auth String: >> <PLGN> <TID: 000776> <RPC ID: 0000000421> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 25 2010 08:11:35.7020 */<AREA.SSO> >> <INFO> Qk1DIFJlbWVkeSBBUlN5c3RlbQ== >> <PLGN> <TID: 000776> <RPC ID: 0000000421> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 25 2010 08:11:35.7020 */<AREA.SSO> >> <INFO> Login request not coming from the BOXI-IP, checking >> MID-TIER-IP's... >> <PLGN> <TID: 000776> <RPC ID: 0000000421> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 25 2010 08:11:35.7020 */<AREA.SSO> >> <INFO> User logging in from a matching Authentication String and >> Mid-Tier IP: >> <PLGN> <TID: 000776> <RPC ID: 0000000421> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 25 2010 08:11:35.7020 */<AREA.SSO> >> <INFO> 149.83.18.20 >> <PLGN> <TID: 000776> <RPC ID: 0000000421> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 25 2010 08:11:35.7020 */<AREA.SSO> >> <INFO> User passed AREA SSO authentication. Login Success >> <PLGN> <TID: 000776> <RPC ID: 0000000421> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 25 2010 08:11:35.7020 */-VL OK >> <PLGN> <TID: 000776> <RPC ID: 0000000422> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 25 2010 08:11:35.7180 */+NS >> AREANeedToSyncCallback >> <PLGN> <TID: 000776> <RPC ID: 0000000422> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 25 2010 08:11:35.7180 */-NS OK -- 0 >> <PLGN> <TID: 002876> <RPC ID: 0000000014> <Queue: Prv: 10005> >> <Client-RPC: 999999> /* Tue May 25 2010 08:12:04.0480 */Plug-In Trace >> Log -- OFF >> >> >> ________________________________ >> >> From: Action Request System discussion list(ARSList) >> [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett >> Sent: Monday, May 24, 2010 3:07 PM >> To: arslist@ARSLIST.ORG >> Subject: Re: BMC's Sample SSO White Paper/Code >> >> >> ** >> >> Sorry Rafael, >> >> >> >> I didn't see you replied. >> >> >> >> The log is not verbose enough. Make sure you have the plugin log >> level > >> set to ALL >> >> >> >> From: Action Request System discussion list(ARSList) >> [mailto:arsl...@arslist.org] On Behalf Of Zaayer, Ben (Information >> Technology) >> Sent: 24 May 2010 19:46 >> To: arslist@ARSLIST.ORG >> Subject: Re: BMC's Sample SSO White Paper/Code >> >> >> >> ** >> >> Rafael, we are using the same plug-in provided by BMC's sample code >> and have a config file, areasso.cfg on the AR Server, that must >> contain all of the Mid Tier IP addresses, as well as any >> load-balanced > >> virtual IPs or it will give that error message. Also, on the Mid >> Tier > >> box make sure that your config.properties and sso.properties in the >> WEB-INF\classes directories are configured properly. Almost every >> time we have run into this error it was because one of the Mid Tier >> or > >> load balanced IPs changed. >> >> >> >> Ben >> >> >> >> From: Action Request System discussion list(ARSList) >> [mailto:arsl...@arslist.org] On Behalf Of Rodriguez, Rafael J x23718 >> Sent: Saturday, May 22, 2010 3:48 PM >> To: arslist@ARSLIST.ORG >> Subject: Re: BMC's Sample SSO White Paper/Code >> >> >> >> ** >> >> Hello Danny here is a sample of my arplugin log >> >> >> >> <PLGN> <TID: 005728> <RPC ID: 0000000000> <Queue: Dispatcher> >> <Client-RPC: 000000> /* Tue May 18 2010 09:55:18.0540 */Plug-In Trace >> Log -- ON (AR Plugin Server 7.5.00 Patch 003 200909200825) <PLGN> >> <TID: 005728> <RPC ID: 0000000000> <Queue: Dispatcher> >> <Client-RPC: 000000> /* Tue May 18 2010 09:55:18.0850 */AREA > Plug-In >> Loaded: AREA.SSO version 1 >> <PLGN> <TID: 005728> <RPC ID: 0000000000> <Queue: Dispatcher> >> <Client-RPC: 000000> /* Tue May 18 2010 09:55:18.0850 */ >> ARPluginSetProperties defined >> <PLGN> <TID: 005728> <RPC ID: 0000000000> <Queue: Dispatcher> >> <Client-RPC: 000000> /* Tue May 18 2010 09:55:18.0850 */ >> ARPluginInitialization defined >> <PLGN> <TID: 005728> <RPC ID: 0000000000> <Queue: Dispatcher> >> <Client-RPC: 000000> /* Tue May 18 2010 09:55:18.0850 */ >> ARPluginTermination defined >> <PLGN> <TID: 005728> <RPC ID: 0000000000> <Queue: Dispatcher> >> <Client-RPC: 000000> /* Tue May 18 2010 09:55:18.0850 */ >> ARPluginCreateInstance defined >> <PLGN> <TID: 005728> <RPC ID: 0000000000> <Queue: Dispatcher> >> <Client-RPC: 000000> /* Tue May 18 2010 09:55:18.0850 */ >> ARPluginDeleteInstance defined >> <PLGN> <TID: 005728> <RPC ID: 0000000000> <Queue: Dispatcher> >> <Client-RPC: 000000> /* Tue May 18 2010 09:55:18.0850 */ >> ARPluginEvent undefined >> <PLGN> <TID: 005728> <RPC ID: 0000000000> <Queue: Dispatcher> >> <Client-RPC: 000000> /* Tue May 18 2010 09:55:18.0850 */ >> AREAVerifyLoginCallback defined >> <PLGN> <TID: 005728> <RPC ID: 0000000000> <Queue: Dispatcher> >> <Client-RPC: 000000> /* Tue May 18 2010 09:55:18.0850 */ >> AREANeedToSyncCallback defined >> <PLGN> <TID: 005728> <RPC ID: 0000000000> <Queue: Dispatcher> >> <Client-RPC: 000000> /* Tue May 18 2010 09:55:18.0850 */ >> AREAFreeCallback defined >> >> <PLGN> <TID: 004320> <RPC ID: 0000008143> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 18 2010 20:36:44.2790 */-VL FAIL >> <PLGN> <TID: 004320> <RPC ID: 0000008144> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 18 2010 20:36:44.3860 */+VL >> AREAVerifyLoginCallback -- user v096brtt >> <PLGN> <TID: 004320> <RPC ID: 0000008144> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 18 2010 20:36:45.4960 */-VL FAIL >> <PLGN> <TID: 004320> <RPC ID: 0000008145> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 18 2010 20:36:45.5260 */+VL >> AREAVerifyLoginCallback -- user v096brtt >> <PLGN> <TID: 004320> <RPC ID: 0000008145> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 18 2010 20:36:46.3930 */-VL FAIL >> <PLGN> <TID: 004320> <RPC ID: 0000008146> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 18 2010 20:36:46.4240 */+VL >> AREAVerifyLoginCallback -- user v096brtt >> <PLGN> <TID: 004320> <RPC ID: 0000008146> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 18 2010 20:36:47.4880 */-VL FAIL >> <PLGN> <TID: 004320> <RPC ID: 0000008147> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 18 2010 20:36:47.5030 */+VL >> AREAVerifyLoginCallback -- user v096brtt >> <PLGN> <TID: 004320> <RPC ID: 0000008147> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 18 2010 20:36:48.5380 */-VL FAIL >> <PLGN> <TID: 004320> <RPC ID: 0000008148> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 18 2010 20:36:48.5530 */+VL >> AREAVerifyLoginCallback -- user v096brtt >> <PLGN> <TID: 004320> <RPC ID: 0000008148> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 18 2010 20:36:49.5110 */-VL FAIL >> <PLGN> <TID: 004320> <RPC ID: 0000008149> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 18 2010 20:36:49.5410 */+VL >> AREAVerifyLoginCallback -- user v096brtt >> <PLGN> <TID: 004320> <RPC ID: 0000008149> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 18 2010 20:36:50.5150 */-VL FAIL >> <PLGN> <TID: 004320> <RPC ID: 0000008150> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 18 2010 20:36:50.5300 */+VL >> AREAVerifyLoginCallback -- user v096brtt >> <PLGN> <TID: 004320> <RPC ID: 0000008150> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 18 2010 20:36:51.6100 */-VL FAIL >> <PLGN> <TID: 004320> <RPC ID: 0000008151> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 18 2010 20:36:51.6400 */+VL >> AREAVerifyLoginCallback -- user v096brtt >> <PLGN> <TID: 004320> <RPC ID: 0000008151> <Queue: AREA > >> <Client-RPC: 390695> /* Tue May 18 2010 20:36:52.5980 */-VL FAIL >> >> >> >> <PLGN> <TID: 005032> <RPC ID: 0000000014> <Queue: Prv: 10005> >> <Client-RPC: 999999> /* Tue May 18 2010 20:53:54.7910 */Plug-In Trace >> Log -- OFF <END OF LOG FILE> >> >> >> >> _attend WWRUG10 www.wwrug.com ARSlist: "Where the Answers Are"_ >> >> _attend WWRUG10 www.wwrug.com ARSlist: "Where the Answers Are"_ >> >> This message and any attachments are intended only for the use of the >> addressee and may contain information that is privileged and >> confidential. If the reader of the message is not the intended >> recipient or an authorized representative of the intended recipient, >> you are hereby notified that any dissemination of this communication >> is strictly prohibited. If you have received this communication in >> error, please notify us immediately by e-mail and delete the message >> and any attachments from your system. >> >> >> _____________________________________________________________________ >> _ _________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org >> attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are" > > ______________________________________________________________________ > __ > _______ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend > wwrug10 www.wwrug.com ARSlist: "Where the Answers Are" > This message and any attachments are intended only for the use of the > addressee and may contain information that is privileged and > confidential. If the reader of the message is not the intended > recipient or an authorized representative of the intended recipient, > you are hereby notified that any dissemination of this communication > is strictly prohibited. If you have received this communication in > error, please notify us immediately by e-mail and delete the message > and any attachments from your system. > > > ______________________________________________________________________ > _________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are" > ________________________________________________________________________ _______ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are" This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ____________________________________________________________________________ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"