This is such a bad idea. Running .exe files from some kind of user
interaction was never a good idea... particularly if there's some way
for the client to define the exe and/or parameters.
___
UNSUBSCRIBE or access
Well you've published this:
Error encountered while executing a Web Service :
org.apache.axis2.AxisFault: www.webservicex.net (ARERR 9130)
So I'm suggesting you publish the rest of it, ie which doesn't include
any sensitive information.
Can you publish a full stack trace?
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"
This suggests RoD is not being delivered in a modern, Docker style,
environment.
AR System was never designed to deal with multiple tenants. A lot of
baggage has been added to Mid Tier / AtriumSSO and I guess AR System to
cope with a use-case that could easily be solved/simplified using a
Docker
Hello
There are indeed benefits to using IIS/Apache in front of Tomcat from a
usability perspective, but the issue remains that if SSL is not carried
out in the application server, there's an unencrypted channel and hence
the security conscious have to take additional actions to secure it.
John
Shawn
Perhaps you need to add keyAlias="x" where x is the alias of the private
key from your keystore? Can you share the output of keystore -list
-keystore blah.jks ?
John
___
UNSUBSCRIBE or access ARSlist Archives at
It's curious that an XMLHttpRequest is required to load a CSS file?!
Grepping the 2.2 release, I see it's loaded relatively:
$ grep -r style-myit.css *
myitapp/index.html: link rel=stylesheet
href=../tenant-custom-res/style-myit.css /
myitapp-full/index.html:link rel=stylesheet
John
Funny you should say that. I went for a shower this morning and received
14 by the time I got out. I genuinely sighed. :) I had dinner earlier
and received 21 in the process - my missus has banned my iPhone from the
tabel.
I'm at the end of the JSS support inbox so people email me - but my
Shawn noted:
I'm not extremely active because I am juggling several major projects at the
moment but I'd like
to chime in for this. Also, thank you for maintaining the list and keeping
it available to us this long.
Indeed, thank you Daniel.
Would you believe it, but BMC still censor posts on BMC Communities?
Dare I mention any other SSO solution than AtriumSSO, which every man
and his dog within BMC knows has been a complete shambles, they'll
delete my post! Even if I point someone with a small budget at the 'open
source' SSO
LJ
I don't want this thread to be hijacked - but a point on censorship.
If something doesn't work, it doesn't work. Deleting posts has got
little to do with machetes and more to do with an admission of failure.
If someone is wrong and made some statemnt (X doesn't work), why not
correct them?
Tony,
Interesting feedback.
3. Memory usage. V9 does use more RAM/Virtual memory than v8 because it is a
JAVA application.
I can not understand how a modern Java based application could be less
efficient (CPU and memory) than the bloated C based arystem process,
that had become so utterly
Re-install the ux.war file.
BMC support don't appear to have a working AtriumSSO integration so you
may be waiting some time :)
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Where the Answers Are, and
) at
com.bmc.atrium.lcds.ngie.vo.NGIENewJobSchedule.createSchedule(NGIENewJobSchedule.java:133)
at
The above is a run of the mill poor code quality issue where a null
String reference is being passed into Integer.parseInt. BMC need to fix
it.
John
--
John Baker, Web Technologies Consultant.
http://www.javasystemsolutions.com
+44 77 3639 3822
I've just been talking to BMC support, but I guess it's an outsourced
team and I thought about writing up some feedback on my experience of
trying to persuade them that when an application crashes, it needs
fixing and shouldn't be subject to an IDEA on BMC Communities.
However, instead, my heart
Hello
You need to generate SSL certificates or use a reverse proxy where SSL
is terminated (the common option in enterprises). Lots of tutorials on
both in Google.
John
___
UNSUBSCRIBE or access ARSlist Archives at
I feel old. I remember when BIRT was new and trendy. I even wrote some
reporting solutions using it back in 2005 or so.
LJ, why a new reporting solution? Any gossip to share with us?
___
UNSUBSCRIBE or access ARSlist
Beyond that, I don’t really mind BMC not inviting us out to lunch as much as
they used to. It just means I don’t have to spend an hour pretending to be
interested in ()
lol. :-)
John
___
UNSUBSCRIBE or access
I don't think BMC is any better or worse than these other platforms in terms
of trying to make simple flowcharts create complex code behind the scenes.
Plenty of companies have tried to build these tools and they have almost
all ended in producing poor quality solutions. Even the Java world
Abhijit
This is all interesting information. As it happens, I've just tried the
SSL testing tool against unilever.onbmc.com
(https://www.ssllabs.com/ssltest/analyze.html?d=unilever.onbmc.com) and
I note:
This server is vulnerable to the POODLE attack against TLS servers.
Patching required. Grade
Wesley,
There should be no problems whatsoever. Install Tomcat on Win2k8, deploy
a Mid Tier war file, configure it, job done. Keep a copy of your old Mid
Tier config.properties file.
John
--
JSS SSO Plugin for the BMC product set
http://www.javasystemsolutions.com/jss/ssoplugin
Hello,
Happy new year, 'listers! I've marked this post as a blatant advert.
Please turn over now if you are offended by such trivia.
The JSS SSO Plugin is deployed in many organisations, continues to
evolve, and we have recently recorded a new/updated 'features
functions' video. If you're
Wes
I can't see why anyone would use an installer over installing the latest
supported version of Tomcat, ie the latest version of Tomcat 7, and
dropping the Mid Tier war file into Tomcat/webapps (renaming arsys.war).
These are great learning steps if you've not done them before, and about
5
Is there a 'sample' of that report, given it seems to cost money?
I always smile when people tell me that 'Gartner says this' about some
vendor product, which invariably the vendor paid to have reviewed.
The best review of a product and a vendor's customer service is
something like ARSlist.
(Note, this has nothing to do with the JSS SSO Plugin - it's morphed
into a BMC Mid Tier defect.)
Abhijit,
Not only is this thread months old, your response is wrong.
The Container is adding a Cookie with the default Context Path as “/” which
is referred as the poison Cookie in
this thread.
It looks like it should work. Did you look in the Tomcat logs for
exceptions? How about some trivial debugging in the servlet to ensure it
gets called, ie write something to System.out?
--
SSO for BMC products
http://www.javasystemsolutions.com/jss/ssoplugin
I've not tested this:
%@ page import=java.net.* %
htmlhead/headbodyp
%
String myhostname= null;
try {
myhostname= InetAddress.getLocalHost().getHostName();
} catch (UnknownHostException e) {
}
if (myhostname!=null) { %
This application server is running on hostname %=
The problem is not so much the lack of WUT, with its confused Windows 3.1 UI,
but the lack of quality tools within Mid Tier to troubleshoot problems.
Everything involves using a workflow console, but John hit the nail on the
head, there needs to be a quality user interface that isn't remotely
Larry
I wouldn't suggest using that JSP :) It is running a native application
(hostname) to get the hostname that is readily available from a Java API call.
Running native applications isn't going to do the performance of your Mid Tier
any good, and anyone with a copy of wget can almost
Hello
I've reviewed some of the patents and I was amused by what passes for a
'patent'.
http://www.google.co.uk/patents/US5978594
This patent is all about agents running on hosts, controlled by a
central service. It is described as novel, but it's not something
invented by BMC and is present in
I believe Panacea have a tool for this type of task?
John
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Where the Answers Are, and have been for 20 years
Without wishing to get off topic or 'cross' Dan, VMs rule the world
now-a-days. In some organisations, you don't get a desktop, you get one
or more VMs and if you want to work in an office, you sit down to a
almost dumb workstation and connect to your chosen VM.
I've seen really forward thinking
Yes, it's a really nice interface. Maybe the same team can get involved
in the ITSM UI design...
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Where the Answers Are, and have been for 20 years
will resolve the issue. Also, set proxyName=lbhostname and
proxyPort=443. This is configured in the server.xml file on the HTTP
connector, ie.
Connector port=8080 protocol=HTTP/1.1
connectionTimeout=2 redirectPort=8443
scheme=https proxyName=loadbalancerfqdn proxyPort=8443
/
John Baker
Joe
I thought SNOW was customisable to an extent, and in a sense, BMC are
pushing exactly the same concept, ie overlays, painful to change
something, a sense that core ITSM is all that really matters etc.
Customisation is a double edged sword: it's very powerful, but it's very
expensive to
Hello,
This thread is rapidly becoming one of ARSlist's longest threads
(https://www.javasystemsolutions.com/arslist/view/89064249#message-thread)
:-)
I've looked at the conference agenda and it does feel more marketing
than substance. Perhaps John Sundberg can expand his KEG conference to
Hello
(Warning, bordering on an advert market research follows.)
I'm wondering if ARSlist can help me? A BMC employee recently posted the
following to BMC DN and it prompted me to conduct some market research:
Atrium SSO is used by hundreds if not thousands of BMC customers
successfully.
I
Hello,
So let me answer this query, as it's related to a piece of non-optimal
design in Mid Tier that only raises its head in some circumstances. JSS
worked with another customer (ie not Frank) to diagnose this issue in
early May, and reported the issue to the BMC Premier Support team.
The
Hello
Well that's a lovely little bug. I guess they must be trying to copy the
contents of an old session to a new one or something?
Why don't you start by reviewing a Fiddler trace to see if the new
JSESSIONID appears in the trace, and look at how the browser may be
affecting it?
John
Hello
(advert disclaimer etc)
You can spend a lot of time and effort trying to make AtriumSSO work, or
you can do it in five minutes with the JSS SSO Plugin. This video (with
audio commentary) may be useful as it demonstrates multiple ADFS
integrations to a single Mid Tier:
BMC have, for a long time, struggled with a disconnect between the
people writing good products, the people writing bad products, and those
overseeing the two who are unable to tell the difference between the
good and the bad.
Consider AtriumSSO. Exactly how much money have they spent on that
It probably means it's not loading a password and the
NullPointerException is from the String constructor. It's poor coding,
ie.
char[] c= retrievePasswordAsCharArray();
// Forget to check if c is null
String password= new String(c);
Suresh,
A number of ways. A server side redirect is the easiest way. In a
standard Tomcat installation, you have a ROOT directory under webapps.
Locate the index.jsp file to a different name and create a new one with
the following contents:
% response.sendRedirect(/arsys); %
John
--
SSO
Yes, good call, but only if you're using an IIS/Apache front end and
mod_jk, which almost everyone should not need to do so. And if you're
using IIS/Apache, mod_jk is not a modern choice of component - the C is
pretty ropey. mod_proxy_ajp or mod_proxy_http are neater solutions.
Pritch
But a Java based ARS does not fix the UI, which suffers from being constructed
by people using forms/workflow and not people who do nothing but produce
attractive, consistent, websites. There's a place for both sets but only one
set appear to be involved.
One of the ways in which Mid
Have you changed the Default-Web-Path in ar.cfg?
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Where the Answers Are, and have been for 20 years
LJ
If you are referring to Server-Connect-Name (in ar.cfg) then the BMC ARS 8.1
docs state it is required (unique and resolveable). Perhaps you mean something
else?
John
___
UNSUBSCRIBE or access ARSlist Archives at
Jim, Andrew,
Yes, Flash is pretty awful. I don't know why it isn't dead yet - I can
only assume it's easy to find cheap resource to build noddy
applications. I regularly get cross when various streaming services (and
BBC iPlayer) stop working when my Linux box decides to update Flash, and
maybe
Hello
I can state that JSS loses customers because they move from BMC to
elsewhere. When a customer doesn't renew support, I make a point of
asking them why and it's almost always because the BMC platform has been
canned. But SNOW isn't always the destination of choice. There have been
a few
I think it would be helpful to post the markup from the page containing the
blue frame. There are various answers depending on how mid tier rendered the
image/link.
For a start, if the image has the border, you probably want
style=border-style: none on the image tag.
Hello
If you get rid of IIS, you solve the problem and make your life easier.
It's unlikely IIS is doing anything useful for you. So kill it, enable
the Tomcat HTTP connector by uncommenting the Connector / (probably
set to port 8080) in the Tomcat conf/server.xml, restart Tomcat, connect
to
Hello
Configuring SSL with anything can be painful.
The problem with Tomcat, and it's actually a really poor piece of
design, is that there are two entirely separate ways to configure SSL.
If you've got the Tomcat native DLL installed (look for tomcat*.dll in
your Tomcat bin directory), it uses
The link (MS 2909921) is another set of IE security holes that have been
patched. That's security, not functionality. The following seems to be
the problem with browser compatibility, ie lots of different JS files
and not a single cross browser implementation:
find . -name ClientCore.js
Santosh
I think there's some confusion. Neither of your scenarios require an SSO
solution.
1. Blank password in User form
This is one part of the AR System configuration to send an
authentication event to an AREA plugin. Whether that's a link to an SSO
solution or an LDAP solution.
2.
Claire
What will upgrading Tomcat achieve when the error is broken Javascript
on the client side? Is there something in the documentation that
suggests it's anything other than BMC's problem?
John
___
UNSUBSCRIBE or
Shawn: The http 500 error is caused by the application crashing. Tomcat will
write the stack trace to localhost.log and typically to the screen too. If you
search your log files for exception, you probably have lots. Our lives,
debugging SSO issues, is often made tough through log files that
If this was feedback on the JSS SSO Plugin, I'd be embarrassed. It
sounds like BMC need to spend one year doing nothing but improving
stability. Like fixing the dozens if Javascript errors that will never
go away through flushing caches etc.
I recently diagnosed the most basic of design failures in Mid Tier 8.1.
ehcache, the open source caching tool used to underpin the cache
'framework' uses Java serialisation. If you change the JRE version, it
can't unserialise the cache. Instead of dealing with this neatly, Mid
Tier threw
One of the features we introduced in SSO Plugin 4 was heavy warnings on
the SSO Plugin status page if the user had not changed the default
'arsystem' Mid Tier configuration password. You can google and find a
number of Mid Tiers with it still running on the default password.
Also, we recently
Doug
And you don't force administrators to change the default Mid Tier
password, which is the most relevant starting point for abuse given
everything else is basically hidden from a web client.
And you haven't made the disable User radio do what it says on the
tin, ie disable a user, which will
Fred: Sadly, setting a predictable password isn't going to stop a slow
'drip drip' process enumerating passwords.
John: The core problem, as is the case with much of AR System, is an
unwillingness to tackle design changes in the correct place. You are
correct that security should happen in the
LJ
I think that disabled means disabled. It doesn't mean anything else. :)
You make a good point about the error message, but that's easy to solve
- re-use the existing user/password error. But actually, I think it's
fairly well accepted that it's safe to tell a user their account is
disabled
LJ
I guess my point is, it really should be a ten minute fix. If it's not,
there's a problem to address given the sensitivity of the code in
question (ie authentication).
John
___
UNSUBSCRIBE or access ARSlist Archives
Shall I be honest? :)
Fiddler logs are a complete waste of everyone's time. They tell you what
was sent to/from the browser, but the issue is client side - it's the
browser executing the Javascript code.
Theoretically, one could use some home-brew tool to pump Fiddler logs to
a browser and
Pascale
This error is a 'bug' (fault, failure, mistake, define as you wish) in
the Mid Tier javascript client code. The only useful way to debug this
is to attach a debugger to Mid Tier (ie Firebug, or the MS one in IE)
and find out exactly why it happened. I'd expect an engineer to join a
call
Sadly, neither fiddler or workflow logs are of any particular use. Due
to the nature of AR System workflow, there will always be a large amount
of untested combinations of workflow/browser.
The fact you've identified a broad level source of the problem and two
patch levels should make the
What are you trying to import? It sounds like you need to use openssl or
some other tool to convert the certificate into something keytool can
read - keytool is a nightmare. :)
___
UNSUBSCRIBE or access ARSlist
Hello
I assume you're talking about the 'disabled' field on the User (user
preferences?) form.
I don't believe the disabled radio (on the User form) has any effect.
It's one of those glaring design issues - if an administrator sets a
user to disabled, they have a genuine expectation that the
Call me old fashioned, but I'd recommend the authors of the Javascript
fix the bugs :)
John
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Where the Answers Are, and have been for 20 years
Hello,
If the subject didn't give it away, there is no useful content beyond an
informative video within this short advert.
Version 4 of the JSS SSO Plugin contains functionality to support
multiple SSO integrations (of any kind) with a single SSO Plugin
instance. There is no requirement for
Patrick
It's not so much java at fault but the ARAPI native libraries that are
still - for a reason that completely escapes me - floating around the
ARAPI. I thought it was supposed to be pure Java about 5 years ago, and
it mostly is.
John
Expanding on LJ's response, you may wish to consider SSL client
certificates, so users of the service can not connect unless they have a
client certificate. Whilst there's probably no way to get the username
from within the (very limited) AR System web service implementation, you
can at least
Axton
The problem with SAML is that it isn't quite a standard. I thought it
would be easy to pick up an open source SAML Service Provider library
and plug it into SSO Plugin. Three weeks later, we'd pretty much written
our own implementation because even the open source libraries were a
Hello
Take a look at this:
http://www.javasystemsolutions.com/jss/video/view/MidTier-JMX
John
--
SSO Plugin for BMC products
http://www.javasystemsolutions.com/jss/ssoplugin
___
UNSUBSCRIBE or access ARSlist Archives
Why are they using Flash cookies instead of HTML5 local storage? The use
of Flash in Mid Tier does little to improve performance, which is one of
the biggest complaints.
http://caniuse.com/namevalue-storage
John
--
JSS SSO Plugin for BMC products
LJ,
Perfectly valid but I don't think it's going to be the best way to
deploy Mid Tier. The biggest issue with Mid Tier, the issue that hasn't
been correctly addressed in the last 8 years, is the poor memory
consumption and cache performance. As such, multiple Mid Tiers means
multiple sets of
PermGen is for long term storage, ie class file definitions, and I
thought (but am not sure) that the memory would be shared between
different classloader and hence web applications. Therefore, the AR API
Field class is stored once and shared between multiple Mid Tier
instances. But maybe I'm
Hello,
Susan: The JSS SSO Plugin records user access including client type,
browser, remote IP, and length of session time.
More generally, every six months or so, I tend to add my two pence to
the current Mid Tier cache thread, which is that the current cache model
is not optimum. This is how I
Hello
This does sound like MIME types. I would suggest getting rid of IIS as
it adds very little in most deployments. Open the Tomcat server.xml file
(located in tomcat/conf) and ensure the Connector ...port=8080 .. /
is uncommented and try connecting directly to Tomcat (ie
Can't they call it RUG? There needs to be some kind of ARSlist poll on a
new name for RUG, with RUG one of the selections.
The name 'Remedy' will never go away, so it may as well stay :)
___
UNSUBSCRIBE or access
Is there an advantage to reading the ARSLIST as opposed to digester
sites like nabble?
A: response is faster, you can respond directly rather than wait for
the digest
Or, one can consider the various ARSlist RSS/Atom feeds from websites
including www.javasystemsolutions.com/arslist.
Hope
Hello
I would ask BMC for the non-minified core Javascript and step through
with a Javascript debugger. Once you have the line at fault, take some
screenshots and submit a support ticket.
John
___
UNSUBSCRIBE or access
Carl
There's nothing wrong with the WL JMS driver. It works just fine and
I've used it many times before. I'm wondering if the error is due to JMS
versions (1.0.2 vs 1.1). Which version of the JMS spec does AO utilise?
John
Carl
Maybe I'm missing something but the error isn't being thrown by the WL
jars, it's being thrown by the VM which has been asked (by AO) to cast
one object as an interface that the object doesn't implement. The WL JMS
drivers are required to connect to WL.
John
This error:
JMSAdapter, JNDI API lookup failed: weblogic.jms.common.DestinationImpl
cannot be cast to javax.jms.Destination
Suggests the WL driver is written around JMS 1.0.2 and not JMS 1.1.
There were some subtle changes in the spec that made integrating with
JMS 1.1 easier, and Destination
Hello,
The following:
31 Jul 2013 15:06:02,965 ERROR JMSActorAdapter : Naming look up did not
return a static destination!!
does not appear to be an error from the core Java libraries. I'd suggest
you need to find the error from the Weblogic JMS driver, as this may
tell you what's wrong, as
Hello
If you're seeing this:
java.lang.NullPointerException
com.remedy.arsys.goat.field.FieldGraph.getFieldGraphKey(Unknown
Source)
Then I'm afraid it is a product defect. NPEs are runtime exceptions, ie
they happen and shouldn't. That's why Java devs put in an if statement.
Tomcat
I don't understand why the diagram has so many boxes. I suspect it
should work as follows:
Browser -- F5 -- Two Websphere hosts -- AR System
ie you don't need the Websphere HTTP server.
On 20/07/13 13:36, SUBSCRIBE arslist Anonymous wrote:
Hi John
That is what we are suspecting, that
Dee
Mid Tier does not support clustering, where clustering is defined as
replicate sessions. This is a real shame, as it means the load
balancer has to apply a sticky setting and if a Mid Tier fails, a
user's session ends.
I've not got quite got to the bottom of the reasons behind the lack
Hello,
Using HTTP headers isn't a great solution. If you're integrating with
SiteMinder, you need to process the SiteMinder cookie to check the user
is both authenticated, and authorised, to access the application (ie
ITSM) which OpenSSO (and hence AtriumSSO) does not do. OpenSSO (and
hence
Do you know what's causing the performance issue? IE8 is still very
common in corporate-land so MT should support it, properly...
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Where the Answers Are, and
This sounds like a great way to push your customers away from your
platform. I can understand not supporting IE6, but 8 is still in
widespread use by BMC corporate clients...
___
UNSUBSCRIBE or access ARSlist Archives
Solution: Don't open a dialog. You can't prevent people from closing
windows, and popups can and will be blocked by browsers.
I'm also of the view that people don't like popups - they like UIs to
glide seamlessly between each other - but of course this is an entirely
subjective viewpoint :)
Dan
That almost sounds like a sales pitch for WWRUG .. :) As it happens, one
of my colleagues (Danny) has booked some flights and is looking forward
to meeting our customers. Danny has been involved with AR System for a
decade or so (a relative newbie, I guess?) and has been involved in SSO
Sandra,
What you need to achieve is Integrated Windows Authentication. What BMC
are proposing is deploying part of the protocol, so you're bound to find
instances where it doesn't work. Microsoft have tried going Kerberos
only and couldn't make it work; there's some documentation on their
website
Lj
You raise good points. On postings to BMC DN I often mention the open source
solution, and suggest that if one does not want to pay for a solution, then the
open source solution plus some other external tool is a good step forward
versus wrestling with a rebranded OpenSSO.
One of the
Lj
Removing the input for authentication field is a great step forward for user
friendliness. We replace the BMC login page to provide a polished entry to Mid
Tier with options for LDAP, Windows credentials, and AR System login (because
it removes the AREA LDAP hassle).
But removing a field
Pritch
I read some article about a 14 year old McDonalds hamburger. Apparently,
they are so full of rubbish that they won't go mouldy! I've never had a
Twinkie: I guess they are as bad for the health?
Bah, I rather enjoy a double-cheese burger and fries when I'm cycling
home from the pub,
And when IIS is collecting credentials, often used to provide an SSO
solution, you can almost bet on the overall solution being insecure. We
strongly recommend people don't do this but a few of the BMC VARs know
no better, or do and choose to carry on regardless :)
John
Joe
There was almost always no value in an IIS front end to Tomcat, although
one could still be configured. I found people believed they weren't
running Tomcat and Mid Tier ran in IIS - which may have been possible
had mod_jserv been deployed and the year was 2003 - but was never the
case since
1 - 100 of 518 matches
Mail list logo
