Sounds like you need to speak to Carl Wilson about his license
management tool.
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
Misi
Thanks, I was just about to post and write that I was talking nonsense.
John
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
I recall reading something on bmc communities about SP2 being withdrawn. Is
this true? If so, why?
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are
Guillaume,
You make a very valid point. Marketing, and Matt L, believe BMC have a
competent SSO solution suitable for the enterprise. At this point in
time, they do not, and I suspect senior management have no idea that
AtriumSSO is an open source solution (OpenSSO) killed off by Oracle.
I was c
Mike
The JSS SSO Plugin supports CAC and some of BMC's largest clients are
using it. I don't believe BMC have any AtriumSSO users with CAC at this
point in time. We take support seriously and we can arrange a webex to
get it up and running within 24 hours, subject to agreement on a
convenient time
Shawn,
Capture a fiddler trace and send it to me. We've not seen this error
from anyone else, and there are tens of thousands of people using SSO
Plugin every day, but I'm very happy to investigate it.
If it happens and then the user can do no more, it sounds like their
session has died. If so, p
Hello,
The SOAP message is correct, you are looking at Unicode. I think they
are Polish characters. It says zęściowy brakostęp.
John
--
SSO Plugin: Bringing BMC products together
http://www.javasystemsolutions.com/jss/ssoplugin
__
I am reminded of this SO post:
http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags
(Scroll down to the first answer.)
I would point out that for serious XML work, XML Gateway is available at no
charge for a limited number of transactions per hour. H
I've never come across anyone who uses it, and I wouldn't recommend doing so if
you did find it for that reason.
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "Where t
David
Encrypting the password is a useful step, but not a very useful step as
essentially the password is still there and could be decrypted, and if one has
a copy of the Mid Tier jar files, it's probably achievable in about 2 minutes.
This would almost certainly fail a security audit.
The onl
omcat. If you use mod_jk (but don't), it will handle the LB between MT
instances for you. If you use mod_proxy or mod_cluster, it'll also handle the
LB (better options than mod_jk).
The only piece I can spot missing from your configuration is SSO Plugin. :-)
John
--
John Baker, W
Good day,
With WWRUG under way, we can only apologise for not being with you, however we
have prepared a virtual presentation for you to enjoy.
BMC Analytics (SAP Business Objects) runs standalone from BMC AR System and
maintains its own user repository, and the BMC Knowledge Base article KA291
he WSDL very simple, AR System will handle it. If
it's complicated, you need a different approach. Sadly. most WSDLs are
complicated.
The answer to this problem is to not use webservices and use XML over HTTP.
Which is all a webservice really is, minus the hassle.
John Baker
--
SSO Plu
SSO Plugin does this for you.
John
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
Are you logging in as user X and modifying user X's record?
John
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
Hello,
Forget the installer. Download Tomcat 6, download the Midtier war file, install
Tomcat, put war file in Tomcat/webapps, copy native libs to Windows/System32 if
it crashes as you try to login to the Midtier configuration page.
You don't need Apache HTTPd.
John
--
SSO Plugin: Bringing
Hello
You need to find the actual stack trace in the Tomcat stdout logs. That'll tell
you what the problem is.
John
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "W
Get a wireshark trace and see what's happening when AR System tries to
consume the URL.
You've not got a proxy set on the Java process by any chance?
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend ww
At JSS, we're firmly of the view that successful products need to be
easy to install and administer. We're wondering when BMC will catch up
with us, and others, who've identified this absolute requirement.
Let's be honest: Products that takes hours or days to install do not
install anyone with con
Hello,
There is, our XML Gateway product provides an XML based view of AR
System schema information through a smart web interface. It's easy to
install: Download, drop war file in Tomcat webapps, restart Tomcat, edit
xmlgateway.xml file to detail your AR System server, restart Tomcat,
done.
If yo
Yes, it is.
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
That makes more sense now I can see this header:
Tue Aug 09 09:52:16 EDT 2011:DEBUG:<< "Transfer-Encoding:
chunked[\r][\n]"
The number is part of the HTTP chunked feature, ie a length of string in
hex followed by data, followed by a length, followed by data but stop
when the length is 0.
___
It looks like someone left a little debugging in the WS code :-)
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
Then your problem is the image and/or IE, not Midtier. Perhaps the
images are corrupt in some way? A red cross is the IE way of saying, "I
can't display this image".
John
___
UNSUBSCRIBE or access ARSlist Archives at www
Frank,
A view field is nothing more than an IE component, so can you view these
images in IE?
John
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "Where the Answers A
Hello,
BMC Analytics, also known as SAP BOXI, has a perfectly good LDAP
integration which is similar to BMC's AREA LDAP. So there are no issues
integrating it with AD. It also has a reasonable SSO interface offering
more than AtriumSSO.
AtriumSSO has no support for IIS or Integrated Windows Auth
Michelle,
See my post yesterday:
http://www.javasystemsolutions.com/arslist/view/89040343
John
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
Hello,
The document contains some useful hints but the initial/max heap size
information on page 19 is incorrect. The initial heap size should not be the
same as the maximum heap size, and the initial should ideally be 90% of max.
I've written a post or two on this in the past.
John
--
Singl
Hello
Has anyone seen random ARERR623 from the preload threads? Failing to connect to
AR System even though the MidTier Service Password is correct?
John
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
at
John,
A wise man once said to me, concentrate on what you're good at and stick to it.
If MT 7604 really is missing basic printing functions, it does seem that there
hasn't been enough focus on the quality of the core product. I can't help
thinking AtriumSSO has consumed in excess ofa million do
Chris
Are you saying that the standard out of the box Midtier printing
facilities do not work in the US? Can that really be correct, given AR
System is developed in the US?
John
___
UNSUBSCRIBE or access ARSlist Archive
Chris,
I can confirm A4 is very popular in the UK :-) And A2 is huge... paper one only
finds in an industrial printing centre.
John
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwru
Hello,
Multiple IE windows sharing the same process will share the same session ID, so
are equivalent to one IE window.
Multiple IE windows that are different processes will have different session
IDs.
My advice is, it's a bit confusing to think about one person trying to be both
a guest or
Hello,
Try this:
if (session.getAttribute("com.remedy.arsys.stubs.sessionData")!=null ||
session.getAttribute("usercredentials")!=null) {
// User logged in
}
John
--
SSO Plugin: Bringing BMC products together
http://www.javasystemsolutions.com/jss/ssoplugin
___
Good day,
BMC Dashboards is a product that allows users to provide a graphical
representation of service management data. It runs standalone from BMC AR
System and maintains its own user repository. To allow a user access to
Dashboards, an administrator must set up an account in Dashboards and
Hello,
You're missing a jar called commons-lang in your classpath:
org/apache/commons/lang/builder/ToStringStyle
Find it and add to classpath.
John
--
Single Sign On: Bringing BMC products together
http://www.javasystemsolutions.com/jss/ssoplugin
_
I can't see the point of IIS in many configurations. Use Tomcat
standalone and SSO Plugin's Integrated Windows Authentication
functionality, not found in any other product :-)
___
UNSUBSCRIBE or access ARSlist Archives at
Hello,
Are you trying to install IIS and Tomcat? If so, we wrote a long list of
issues to BMC on this topic (the default install was broken) but never
got a response. I think the major problem was the 64bit mod_jk build
(1.2.31, or maybe it was 1.2.30) didn't work.
John
Hello,
Create a file on each Midtier with the hostname, or even better, alter
each login.jsp page to display the hostname. If you can press reload 20
times and only see the same login.jsp/hostname, sticky is fine. Your
file does look fine but mod_jk is picky and I haven't tested it. If
Midtier/AR
It does. Set the sticky flag on mod_jk if you're using it, and if you
are, I advise you don't and move to mod_ajp_proxy.
John Baker
--
Single Sign On for BMC ITSM
http://www.javasystemsolutions.com/jss
Axton,
"We use basic authentication as a fail back in the event SPNEGO fails."
So you're missing SSO for a number of browsers that decide to send an NTLM
token, or an NTLM token buried in an SPNEGO token. That's quite a large piece
of functionality for large BMC clients who may have 20,000+ des
Axton
To fully support SPNEGO, one requires both Kerberos+NTLMv2. To my knowledge,
there is no complete implementation outside of SSO Plugin, in and out of the
BMC market, let alone an implementation with AD failover support and all the
other features that serious clients demand from a product.
New web interface looks super. Well done.
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
Chuck
if a.equals("") is one of my least favourite Java statements because it's
awfully inefficient. The VM has to create an object just for comparison, which
when in a repetitive loop, can be very slow.
if a.length()==0 is much nicer :)
John
Hello,
That is a rather odd problem. If you are fetching field 7, is it in the
Entry object? If so, I don't know why you see this error if you try
calling setEntry. Perhaps you should only get the fields you want to
fetch, ie.
List fields = new ArrayList();
if (ACTIVIDADES_1!=null)
fields.add(5
Randy
This usually needs enabling as per the instructions:
http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html#Configuring_Manager_Application_Access
John Baker
--
Single Sign On for BMC ITSM
http://www.javasystemsolutions.com
Gupta
This was discussed only a couple days ago:
http://www.javasystemsolutions.com/arslist/view/89039297
John
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "Where
Dear Listers,
Earlier this year, we provided a video on monitoring Midtier and AR
System using jconsole. The jconsole tool uses JMX and is primarily for
monitoring your Midtier, AR System Java plugin server, Dashboards, etc.
We've produced a new video that demonstrates how to profile memory usag
Dear Listers,
Some of you will know, JSS hosts an ARSlist archive on our website
(http://www.javasystemsolutions.com/arslist) and we've added a new
feature that may be of interest to you.
We've provided RSS support that not only provides a feed of the list,
but can be configured to feed via a sea
It is field 117. The authentication field.
John
--
Single Sign On for BMC ITSM
http://www.javasystemsolutions.com/jss/ssoplugin/bmcitsm
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.ww
Jason,
Unfortunately, it's not quite as simple as that. Kerberos /should/ work
for everybody on a Windows network, but in practise you require
Kerberos+NTLMv2.
What Axton is suggesting is challenging because there are multiple
interactions between browser and acceptor (ie whatever is running on
We offer a free read only service:
http://www.javasystemsolutions.com/arslist
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
Hello,
The error suggests you're using the wrong version of Java, ie the classes were
compiled for Java5+ and you're using java1.4.
John
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.
many RFEs are bugs that need resolving?
John Baker
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
with Doug M as part of a steering
committee. With vast experience of AR System (back to version 2?!), the
user has helped us improve BMC ITSM Incident integration.
We listen to users and our products continue to improve, and I don
If you look in the SSO Plugin installation guide:
http://www.javasystemsolutions.com/documentation/ssoplugin/jss-sso-installation-manual-3.3.pdf
You will find information on how to configure X509 client certificates. This is
similar to the SSL setup.
___
time to get some advice on how to improve Midtier installation/setup.
We've not heard anything.
Watch out for the 64bit build of mod_jk version 1.2.31. If I recall,
it's broken.
John Baker
--
Single Sign On for AR System
http://www.javasystemsolutions.com/jss
Axton
I believe the problem is the documentation strongly suggests it's possible, and
the reality is that Midtier probably doesn't.
The good news is that SSO Plugin 3.3.6 is distributable!
John
___
UNSUBSCRIBE or acce
LJ,
If you want to look into clustering, start in the Tomcat server.xml file:
John
--
Single Sign On for AR System
http://www.javasystemsolutions.com/jss/ssoplugin
___
UNSUBSCRIBE or access ARSl
LJ,
That does suggest it should work without the sticky bit, but the web.xml file
is missing the element and hence Midtier won't (or rather,
should not) distribute sessions.
John
--
Single Sign On for AR System
http://www.javasystemsolutions.com/jss/ssoplugin
__
Hello,
I'm referring to the load balancing document and I think there may be some
confusion.
The document states the sticky bit isn't required for the LB between MIdtier
and AR System server, but I can not see (and forgive me for not fully reading
the document in detail) any reference to the
I guess this may be a result of using 7604 against a 7.5 AR System server.
However, the error isn't handled well at all.
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList:
Hello,
I'm discovering odd failures that I can't explain. ie when I tried this:
http://host/arsys/forms/proddemo.demodomain.local/User/?qual=%27Login%20Name%27=%22Demo%22
(ie query the User form for Login Name = Demo)
I find this exception in my Tomcat logs:
java.lang.NullPointerException
Hello,
Can someone share with me what happens if they run this against a Midtier 7.6
running ITSM:
http://host/arsys/forms/servername/HPD:Help+Desk/Best+Practice+View/?qual=%27Incident%20ID*%2B%27=%22INC0001%22
replacing host with their MT hostname and servername with the AR System serv
Hello,
It is irrelevant whether the DB is virtual or physical. Modern virtual
environments are as good as a physical host and in many organisations,
applications will be deployed to virtual hosts whether you like it or
not. If a global investment bank can run trading systems on virtual
hardware, I
Hello,
Andrew: We're always happy to help BMC if they ask for our expert
advice. They haven't yet asked.
The "recommended" settings are too "round". Why 1024Mb and not 1112Mb?
The problem with this topic is that the "recommended" setting is going
to be different in almost every environment. ITSM
Hello,
Those initial and max memory settings are not sensible. See my post on this
matter:
http://www.javasystemsolutions.com/arslist/view/89025846
John
--
Single Sign On for AR System
http://www.javasystemsolutions.com
Doug,
I think administrators will see the benefits of overlays when AR System
supports multiple levels of overlays.
The design makes sense when multiple levels are available, because
theoretically workflow can be pushed from development, to UAT, to
production and if a rollback is required, it's
David,
The vast majority of BMC AR System users are working in corporate
environments where they wish to open a browser, navigate to the Midtier,
and silently login.
Some corporates will be using enterprise solutions such as Siteminder or
RSA Access Manager, and that's precisely the reason that
Dear Radhika,
You can configure multiple BMC AREA LDAP plugins and the only infrastructure
requirement is the AR System needs to bind to the Active Directory via LDAP, so
port 389. There is nothing complex in terms of trusts etc. and you must be
careful to guard against 'user credential' leak.
http://www.javasystemsolutions.com/jss/news/list/26#article-26
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
Jason,
-Xincgc (the "incremental garbage collector") is a little old.
Every Java developer tends to have a different opinion of how best to
optimise a VM, what garbage collector to use, etc. Here at JSS, we
develop with the "bulk standard" deployment, because that's what the
majority will use.
I
Jason,
I don't have DS in front of me and don't know why devstudio.ini exists.
I'll have a look sometime.
John
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "Where t
Further to that, my eclipse.ini (default, non modified) has these
settings:
-vmargs
-XX:MaxPermSize=256m
-Xms40m
-Xmx384m
John
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com A
Claire,
It's important to remember that Developer Studio isn't a BMC product,
it's Eclipse. It's a superb development studio and I use it daily for
Java development.
If you put "gc overhead limit exceeded eclipse" into Google, there's
lots of links. I'm not trying to suggest it was wrong to ask t
ven the great work put into
getting rid of the native libraries through building a pure Java API (in
version 7.5).
John Baker
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
Reference: 64bit JVMs.
Usually the WRONG option, unless you want your Midtier to run more slowly than
otherwise necessary.
--
Single Sign On for the AR System
http://www.javasystemsolutions.com/jss/ssoplugin
___
UNSUBS
I don't understand the problem. If Websphere is restarted properly, ie killed
and brought back up, why doesn't Midtier start like it normally does? When does
Midtier start? Are you saying that you need to start Websphere and then follow
some process to start Midtier?
--
Single Sign On for AR
How about:
'Status' < "Closed" AND NOT ('Assigned Person' == "Mark Brittain")
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
n't correct now we're trying to map
data (where NULL exists) to tables.
John Baker
--
Single Sign On for AR System
http://www.javasystemsolutions.com/jss/ssoplugin
___
UNSUBSCRIBE or access ARSlist Archives
It's a shame as it was a good solid release.
Good news, we still support SSO Plugin for AR System 6.3 and I believe
others have had success connecting Midtier 7.0 (for better performance)
to AR System 6.3, so there's still life in the system yet.
__
64bit JVMs: I thought it may be worth reminding users of my last post on the
subject, http://www.javasystemsolutions.com/arslist/view/89035393.
Tomcat/IIS: I agree with the points made regarding an IIS setup being not
useful for a single Midtier, however do remember that the "connector" (mod_jk)
Which version of IIS? We recently discovered multiple problems with the BMC
installer for IIS/Tomcat on IIS7.5.
You really don't want to use the 64bit JDK. See an earlier post I made on this
matter.
John Baker
--
Single Sign On for AR System
http://www.javasystemsolutions.com/jss/ssop
Hello,
I don't believe we need any more logging:
javax.mail.MessagingException: Could not connect to SMTP host:
terelay.tycoelectronics.net, port: 25;
nested exception is:
The answer is, there is no SMTP server on terelay.tycoelectronics.net
port 25. You could verify this by using PuTTY (or te
Ian,
When you say 'fixed', how was it fixed? The last time I looked, the
username/password were still being passed from WUT to MT in the clear -
albeit a slightly scrambled clear, but still clear.
John
--
Single sign On for AR System
http://www.javasystemsolutions.com/jss/ssoplugin
___
Hello,
It's a javscript error, ie a bug in the Midtier. You need to report the
full version and action being performed to BMC. The quickest route to
resolution is to see if it exists in both IE and Firefox, and if it does
exist in Firefox, report the line number of the Javascript that's
failing. I
Listers,
Feel free to delete if you don't like sales discussion as the answer to Joe's
question involves some sales blurb.
Joe,
I don't want to have a pricing debate on the list, because I don't want to
undermine the work of resellers who may charge a little more (or less!) than we
would, bec
Joe,
You make the point perfectly: it costs more consulting time than an SSO Plugin
license to attempt such a project, and this is exactly why JSS invented "user
aliasing". The product doesn't care if your SSO usernames do not match the AR
System User form because you can assign rules to match
Amy,
For a large implementation, I can't imagine modifying all the AR System
user form Login Names to be a very enjoyable or inexpensive task...
John
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend
Hello,
I think BMC ship some free code if you want to build a homebrew
solution, but if your Oracle IM login IDs don't match your AR system
User form then it's not going to work. Ask BMC support for some
documentation.
Benefits: it's free!
Downside: it may not work, poor support/management/etc.
John,
In the interests of fairness, there's a community edition of the XML Gateway
which does the same, but more :-)
http://www.javasystemsolutions.com/jss/video/view/BMCITSMIncidentsTasksWorklogs
Read all about it:
http://www.javasystemsolutions.com/documentation/xmlgateway/jss-xmlgateway-ins
Axton is correct, however you almost certainly don't want to really use
a 64bit VM, and if this isn't Midtier, you could probably use the native
Java API.
The Midtier, last time I checked, is 99.9% native library free.
Curiously, the only part of the native library it still uses is checking
the M
Vijai,
Would you mind answering the other questions I posted?
I have one more: In the model you describe, where no BMC AREA LDAP is enabled,
how would a webservice client consume from Midtier assuming you wished the
client to use a login based within the Active Directory?
John
__
Vijai,
Consider the following:
1. Ability to map user SSO user X to AR System user Y.
2. Mis-matched case between SSO user X and AR System x.
3. Localised AD integration using full IWA (Kerberos+NTLMv2).
4. Removal of the BMC AREA LDAP plugin to remove the security issues
when a multi service pro
e an incident in BMC
ITSM Incident.
Some of the best functionality comes from user feedback, and thank you
to those who have contributed to this thread.
John Baker
--
Single Sign On for the AR System
http://www.javasystemso
Jack: I probably meant the disabled field.
LJ: I don't think it's good design to add random fields and then make the
client check them. It's clearly insecure by encouraging administrators to set
'disabled' or 'user must change password' and find users don't have to do so.
The disabled option b
I believe this and the "User account locked" are only read by workflow.
One of our clients was quite unhappy when they discovered that locking
an account didn't lock the account, but this may have since been fixed
in 7.6.03?
If it's not fixed then we could implement this in SSO Plugin so locking
a
You need both IWA and Anonymous enabled if you want to properly configure SSO.
Without anonymous, the Midtier can't provide a range of services to clients
that can't perform IWA, ie some webservice clients, or a browser that can't
negotiate IWA, or the WUT trying to load a fla
I don't believe there's support for consuming/publishing RESTful
services from AR System, however our XML Gateway product can do it for
you. The community edition is free to use with a limited number of
transactions per hour.
You can find information here:
http://www.javasystemsolutions.com/jss/
Irina,
Have you reset the password on both the AR System Administration Console and
the Midtier? Did you restart AR System?
Remember, you get this exception if you don't login but I'd expect to see
ARERR623 in the logs when Tomcat starts if the Midtier password is wrong.
John
--
SIngle Sig
301 - 400 of 535 matches
Mail list logo