Tips for troubleshooting SSO related issue if SSL connection is working

  • KM02789607
  • 08-May-2017
  • 08-May-2017


Tips for troubleshooting SSO related issue if SSL connection is working


Single Sign On (SSO) has been implemented and when trying to access webtier you get the login screen asking to provide your user name and password. Expectation is to bypass the login screen


 Three possible root cause for this issue

1- isCustomAuthenticationUsed should be set to false in the web.xml file
2- tomcatAuthentication="false" should be set in the tomcat server.xml
3- Webserver such as apache not sending the remote user authentication information to the webserver

Root cause 1:
• Stop tomcat
• Locate the web.xml file from the <tomcat>\webapps\webtier\WEB-INF folder
• Set isCustomAuthenticationUsed  to false
• Save and restart tomcat

Root cause 2:
• Stop tomcat
• Locate the server.xml file from the <tomcat>\conf folder
• Do the following change:
• from
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
• to
<Connector port="8009" tomcatAuthentication="false" protocol="AJP/1.3" redirectPort="8443" />

Root cause 3:
• Stop tomcat
• Upload the attached diagnostic.jsp file into the tomcat webtier folder (<tomcat>\webapps\webtier)
• Delete tomcat cache (<tomcat>\webapps\work)

If you are using 950 or higher.
• locate the application-context.xml file from: <tomcat>\webapps\webtier\WEB-INF\classes
Search this entry <sec:filter-chain pattern="/goodbye.jsp" filters="none"/> and next line add this entry:
<sec:filter-chain pattern="/diagnostic.jsp" filters="none"/>
• Restart tomcat

If you are using SM94x
• locate the application-context.xml file from: <tomcat>\webapps\webtier\WEB-INF\classes
• search this entry: /goodbye.jsp=#NONE# and next line add this entry:
• Restart tomcat

• Access the webtier via the following URL: http://xxxx/webtier/diagnostic.jsp
Result: The diagnostic.jsp script will run a script which will help to confirm whatever or not the remote user authentication data is send to tomcat
If you get the message: "Not authenticated - webserver is not sending remote user info to the application server" then a review of all your apache configuration files is required