Hi, I have configured Remedy to use SSO using the instructions in AREA_SSO_ALL_v206MT_v209AREA zip file.
Environment ARS 7.6.04 Windows 2008 64 bit IIS 7.5 Tomcat 6 I’ve updated the server.xml file in the apache conf directory to include tomcatAuthentication="false" In IIS I have disabled Anonymous Authentication and enabled Windows Authentication. For users who are included in the AD they can successfully login with SSO. But users who only have a local Remedy account and don’t exist in AD will get an authentication error. Remedy attempts to automatically authenticate the users with their AD details, but as they don’t exist in Remedy using their AD details they get the authentication issue. I was expecting that if SSO failed the Remedy login page would be displayed. I’ve read that in IIS both Anonymous and Windows Authentication should be enabled, but if I enable Anonymous authentication the login page is always displayed to the users stopping SSO from working. The Mid Tier logs capture the following, so with Anonymous Authentication enabled the Remote User name is not returned. 13-Jun-2012 10:54:49 - FINE (com.remedy.log.SERVLET) : GoatServlet: url=http://serverxxx/arsys/home 13-Jun-2012 10:54:49 - FINE (com.remedy.log.SERVLET) : cookie=G="2c571170edfbf9c6:-2a327bea:1379d3ab208:-7fff"; JSESSIONID=1055C3140E821C1E676A8C933D7031FF; P=0; st=5400; lt=60; GKW= %7B14%3A%7Bn%3A%22LASTID%22%2Ct%3A6%2Cv%3Anull%7D%2C15%3A%7Bn%3A %22LASTCOUNT%22%2Ct%3A7%2Cv%3A0%7D%7D; P=1 13-Jun-2012 10:54:49 - FINE (com.remedy.log.SERVLET) : GoatServlet: No session or new session 13-Jun-2012 10:54:49 - FINE (com.remedy.log.SESSION) : Login: establishing Session 13-Jun-2012 10:54:49 - FINE (com.remedy.log.SESSION) : SSO ERROR: RemoteUser name is null or empty. Using default login page 13-Jun-2012 10:54:49 - FINE (com.remedy.log.SESSION) : Login: Custom authenticator failed. Trying default authenticator 13-Jun-2012 10:54:49 - FINE (com.remedy.log.SESSION) : DefaultAuthenticator: Credentials requested 13-Jun-2012 10:54:49 - FINE (com.remedy.log.SESSION) : DefaultAuthenticator.redirectToLogin: url=/arsys/home Is there a way to configure IIS to allow users in AD to authenticate using SSO and the Remedy login page to be displayed for users who don’t exist in AD? Thanks Phil _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
